Page 1 Catalyst 3750 Metro Switch Software Configuration Guide Cisco IOS Release 12.1(14)AX January 2004 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7815870=...
Page 2 CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE,...
Page 3: Table Of Contents
Using the Command-Line Interface C H A P T E R Understanding Command Modes Understanding the Help System Understanding Abbreviated Commands Understanding no and default Forms of Commands Understanding CLI Error Messages Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 4 3-11 Booting Manually 3-12 Booting a Specific Software Image 3-12 Controlling Environment Variables 3-13 Scheduling a Reload of the Software Image 3-15 Configuring a Scheduled Reload 3-15 Displaying Scheduled Reload Information 3-16 Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 5 Displaying the NTP Configuration 5-11 Configuring Time and Date Manually 5-11 Setting the System Clock 5-11 Displaying the Time and Date Configuration 5-12 Configuring the Time Zone 5-12 Configuring Summer Time (Daylight Saving Time) 5-13 Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 6 Default Password and Privilege Level Configuration Setting or Changing a Static Enable Password Protecting Enable and Enable Secret Passwords with Encryption Disabling Password Recovery Setting a Telnet Password for a Terminal Line Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 7 Kerberos Operation 7-34 Authenticating to a Boundary Switch 7-34 Obtaining a TGT from a KDC 7-35 Authenticating to Network Services 7-35 Configuring Kerberos 7-35 Configuring the Switch for Local Authentication and Authorization 7-36 Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 8 Displaying 802.1x Statistics and Status 8-19 Configuring Interface Characteristics C H A P T E R Understanding Interface Types Port-Based VLANs Switch Ports Access Ports Trunk Ports Tunnel Ports Routed Ports Switch Virtual Interfaces Catalyst 3750 Metro Switch Software Configuration Guide viii 78-15870-01...
Page 9 VLAN Configuration in VLAN Database Configuration Mode 10-7 Saving VLAN Configuration 10-7 Default Ethernet VLAN Configuration 10-8 Creating or Modifying an Ethernet VLAN 10-9 Deleting a VLAN 10-11 Assigning Static-Access Ports to a VLAN 10-11 Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 10 Configuring Dynamic-Access Ports on VMPS Clients 10-31 Reconfirming VLAN Memberships 10-31 Changing the Reconfirmation Interval 10-32 Changing the Retry Count 10-32 Monitoring the VMPS 10-33 Troubleshooting Dynamic-Access Port VLAN Membership 10-33 VMPS Configuration Example 10-34 Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 11 Configuring Voice VLAN 12-3 Default Voice VLAN Configuration 12-3 Voice VLAN Configuration Guidelines 12-3 Configuring a Port Connected to a Cisco 7960 IP Phone 12-4 Configuring IP Phone Voice Traffic 12-4 Configuring the Priority of Incoming Data Frames 12-5 Displaying Voice VLAN...
Page 12 14-8 Spanning-Tree Address Management 14-8 Accelerated Aging to Retain Connectivity 14-8 Spanning-Tree Modes and Protocols 14-9 Supported Spanning-Tree Instances 14-10 Spanning-Tree Interoperability and Backward Compatibility 14-10 STP and IEEE 802.1Q Trunks 14-10 Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 13 Processing Inferior BPDU Information 15-10 Topology Changes 15-10 Configuring MSTP Features 15-11 Default MSTP Configuration 15-12 MSTP Configuration Guidelines 15-12 Specifying the MST Region Configuration and Enabling MSTP 15-13 Configuring the Root Switch 15-14 Catalyst 3750 Metro Switch Software Configuration Guide xiii 78-15870-01...
Page 14 Displaying the Spanning-Tree Status 16-16 Configuring IGMP Snooping and MVR 17-1 C H A P T E R Understanding IGMP Snooping 17-2 Joining a Multicast Group 17-2 Leaving a Multicast Group 17-4 Immediate-Leave Processing 17-5 Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 15 18-4 Default Protected Port Configuration 18-4 Protected Port Configuration Guidelines 18-5 Configuring a Protected Port 18-5 Configuring Port Blocking 18-5 Default Port Blocking Configuration 18-5 Blocking Flooded Traffic on an Interface 18-6 Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 16 Resetting an Interface Disabled by UDLD 20-6 Displaying UDLD Status 20-6 Configuring SPAN and RSPAN 21-1 C H A P T E R Understanding SPAN and RSPAN 21-1 Local SPAN 21-2 Remote SPAN 21-2 Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 17 Configuring System Message Logging 23-1 C H A P T E R Understanding System Message Logging 23-1 Configuring System Message Logging 23-2 System Log Message Format 23-2 Default System Message Logging Configuration 23-3 Catalyst 3750 Metro Switch Software Configuration Guide xvii 78-15870-01...
Page 18 Configuring Network Security with ACLs 25-1 C H A P T E R Understanding ACLs 25-1 Supported ACLs 25-2 Router ACLs 25-3 Port ACLs 25-3 VLAN Maps 25-4 Handling Fragmented and Unfragmented Traffic 25-5 Catalyst 3750 Metro Switch Software Configuration Guide xviii 78-15870-01...
Page 19 Examples of Router ACLs and VLAN Maps Applied to VLANs 25-35 ACLs and Switched Packets 25-35 ACLs and Bridged Packets 25-36 ACLs and Routed Packets 25-36 ACLs and Multicast Packets 25-37 Displaying ACL Configuration 25-38 Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 20 Configuring Ingress Classification by Using Port Trust States 26-42 Configuring the Trust State on Ports Within the QoS Domain 26-42 Configuring the CoS Value for an Interface 26-45 Configuring a Trusted Boundary to Ensure Port Security 26-46 Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 21 Configuring Class-Based Packet Marking in an Egress Traffic Policy 26-84 Configuring CBWFQ and Tail Drop 26-86 Configuring CBWFQ and DSCP-Based WRED 26-89 Configuring CBWFQ and IP Precedence-Based WRED 26-93 Enabling LLQ 26-97 Configuring Shaping 26-99 Displaying Hierarchical QoS Information 26-101 Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 22 Assigning IP Addresses to Network Interfaces 28-5 Use of Subnet Zero 28-6 Classless Routing 28-6 Configuring Address Resolution Methods 28-7 Define a Static ARP Cache 28-8 Set ARP Encapsulation 28-9 Enable Proxy ARP 28-10 Catalyst 3750 Metro Switch Software Configuration Guide xxii 78-15870-01...
Page 23 Configuring a Loopback Interface 28-35 Monitoring OSPF 28-36 Configuring EIGRP 28-37 Default EIGRP Configuration 28-38 Configuring Basic EIGRP Parameters 28-39 Configuring EIGRP Interfaces 28-40 Configuring EIGRP Route Authentication 28-41 Monitoring and Maintaining EIGRP 28-42 Catalyst 3750 Metro Switch Software Configuration Guide xxiii 78-15870-01...
Page 24 Multi-VRF CE Configuration Example 28-82 Displaying Multi-VRF CE Status 28-86 Configuring Protocol-Independent Features 28-86 Configuring Cisco Express Forwarding 28-86 Configuring the Number of Equal-Cost Routing Paths 28-87 Configuring Static Unicast Routes 28-88 Catalyst 3750 Metro Switch Software Configuration Guide xxiv 78-15870-01...
Page 25 30-9 Configuring PE-to-PE Routing Sessions 30-9 Configuring BGP PE-to-CE Routing Sessions 30-10 Configuring RIP PE-to-CE Routing Sessions 30-10 Configuring Static Route PE-to-CE Routing Sessions 30-11 Packet Flow in an MPLS VPN 30-11 Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 26 Configuring IP Multicast Routing 31-8 Default Multicast Routing Configuration 31-8 Multicast Routing Configuration Guidelines 31-8 PIMv1 and PIMv2 Interoperability 31-9 Auto-RP and BSR Configuration Guidelines 31-9 Configuring Basic Multicast Routing 31-10 Catalyst 3750 Metro Switch Software Configuration Guide xxvi 78-15870-01...
Page 27 Rejecting a DVMRP Nonpruning Neighbor 31-43 Controlling Route Exchanges 31-45 Limiting the Number of DVMRP Routes Advertised 31-45 Changing the DVMRP Route Threshold 31-45 Configuring a DVMRP Summary Address 31-46 Disabling DVMRP Autosummarization 31-48 Catalyst 3750 Metro Switch Software Configuration Guide xxvii 78-15870-01...
Page 28 33-1 C H A P T E R Understanding Fallback Bridging 33-1 Configuring Fallback Bridging 33-2 Default Fallback Bridging Configuration 33-3 Fallback Bridging Configuration Guidelines 33-3 Creating a Bridge Group 33-3 Catalyst 3750 Metro Switch Software Configuration Guide xxviii 78-15870-01...
Page 29 Using the show platform forward Command 34-14 Using the crashinfo File 34-17 Supported MIBs A P P E N D I X MIB List Using FTP to Access the MIB Files Catalyst 3750 Metro Switch Software Configuration Guide xxix 78-15870-01...
Page 30 Contents Working with the Cisco IOS File System, Configuration Files, and Software Images A P P E N D I X Working with the Flash File System Displaying Available File Systems Setting the Default File System Displaying Information about Files on a File System...
Page 31 Unsupported Global Configuration Commands Interfaces Unsupported Privileged EXEC Commands Unsupported Global Configuration Commands Unsupported Interface Configuration Commands IP Multicast Routing Unsupported Privileged EXEC Commands Unsupported Global Configuration Commands Unsupported Interface Configuration Commands Catalyst 3750 Metro Switch Software Configuration Guide xxxi 78-15870-01...
Page 32 Unsupported Privileged EXEC Commands C-10 VLAN C-10 Unsupported vlan-config Commands C-10 Unsupported Privileged EXEC Commands C-11 Unsupported User EXEC Commands C-11 C-11 Unsupported Privileged EXEC Commands C-11 N D E X Catalyst 3750 Metro Switch Software Configuration Guide xxxii 78-15870-01...
Page 33 This guide does not describe system messages you might encounter or how to install your switch. For more information, refer to the Catalyst 3750 Metro Switch System Message Guide for this release and to the Catalyst 3750 Metro Switch Hardware Installation Guide.
Page 34 Timesaver Means the following will help you solve a problem. The tips information might not be troubleshooting or even an action, but could be useful information. Catalyst 3750 Metro Switch Software Configuration Guide xxxiv 78-15870-01...
Page 35: Related Publications
For upgrade information, refer to the "Downloading Software" section in the release notes. • You can order printed copies of documents with a DOC-xxxxxx= number from the Cisco.com sites and from the telephone numbers listed in the “Ordering Documentation” section on page xxxvi.
Page 36: Ordering Documentation
The Cisco TAC website is located at this URL: http://www.cisco.com/tac Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a login ID or password, register at this URL: http://tools.cisco.com/RPF/register/register.do...
Page 37: Obtaining Additional Publications And Information
TAC Case Open Tool automatically recommends resources for an immediate solution. If your issue is not resolved using the recommended resources, your case will be assigned to a Cisco TAC engineer. The online TAC Case Open Tool is located at this URL: http://www.cisco.com/tac/caseopen For P1 or P2 cases (P1 and P2 cases are those in which your production network is down or severely degraded) or if you do not have Internet access, contact Cisco TAC by telephone.
Page 38 Obtaining Additional Publications and Information • Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced user will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press online at this URL: http://www.ciscopress.com...
Page 39: Features
Note versions of the switch software image. You must obtain authorization to use this feature and to download the cryptographic version of the software from Cisco.com. For more information, refer to the release notes for this release. Catalyst 3750 Metro switches have these features: Performance Features, page 1-2 •...
Page 40: Chapter 1 Overview
• IE2100—Cisco Intelligence Engine 2100 Series Configuration Registrar is a network management device that works with embedded Cisco Networking Services (CNS) Agents in the switch software. You can automate initial configurations and configuration updates by generating switch-specific configuration changes, sending them to the switch, executing the configuration change, and logging the results.
Page 41 Network Time Protocol (NTP) for providing a consistent timestamp to all switches from an external source • Cisco IOS File System (IFS) for providing a single interface to all file systems that the switch uses In-band management access for up to 16 simultaneous Telnet connections for multiple CLI-based •...
Page 42 • flooded traffic to links destined for stations receiving the traffic Voice VLAN for creating subnets for voice traffic from Cisco IP Phones • VLAN 1 minimization for reducing the risk of spanning-tree loops or storms by allowing VLAN 1 •...
Page 43 Kerberos security system to authenticate requests for network resources by using a trusted third • party (requires the cryptographic [that is, supports encryption] version of the switch software image) Password recovery disable capability to protect access to switches at customer sites • Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 44 Trusted port states (CoS, DSCP, and IP precedence) within a QoS domain and with a port – bordering another QoS domain – Trusted boundary for detecting the presence of a Cisco IP phone, trusting the CoS value received, and ensuring port security Policing and out-of-profile marking –...
Page 45 Includes support for PIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), and PIM sparse-dense mode. • Multicast Source Discovery Protocol (MSDP) for connecting multiple PIM-SM domains Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 46: Default Settings After Initial Switch Configuration
Feature Default Setting More information in... Switch IP address, subnet mask, and 0.0.0.0 Chapter 3, “Assigning the Switch IP default gateway Address and Default Gateway” Domain name None DHCP DHCP client enabled Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 47 Disabled Chapter 15, “Configuring MSTP” Optional spanning-tree features Disabled Chapter 16, “Configuring Optional Spanning-Tree Features” IGMP snooping IGMP snooping Enabled Chapter 17, “Configuring IGMP Snooping and MVR” IGMP filters None applied Disabled Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 48 Chapter 29, “Configuring HSRP” IP multicast routing Disabled on all interfaces Chapter 31, “Configuring IP Multicast Routing” MSDP Disabled Chapter 32, “Configuring MSDP” Fallback bridging Not configured Chapter 33, “Configuring Fallback Bridging” Catalyst 3750 Metro Switch Software Configuration Guide 1-10 78-15870-01...
Page 49: Network Configuration Examples
The Catalyst 2950 LRE switches can then connect to another residential switch, such as a Catalyst 3750 Metro switch. For more information about the Catalyst LRE switches and LRE information, refer to the Catalyst 2950 LRE documentation set.
Page 50 Chapter 1 Overview Network Configuration Examples Figure 1-1 Catalyst 3750 Metro Switches in a Multidwelling Configuration Cisco routers Service Provider Catalyst 6500 switches Catalyst 3750 Metro switches Residential location Residential gateways (hubs) Set-top box Set-top box Set-top box Set-top box...
Page 51: Ethernet Broadband Aggregation Network
IP telephones, televisions, or PCs. Catalyst 3750 Metro switch hierarchical QoS features allow service providers to support differentiated services with different levels of services for multiple customers. The configuration is applicable using DSL, sending packets through a digital subscriber line access multiplexer (DSLAM) and DSL modem to the residence, or using fiber-optic lines through a media converter to the residence.
Page 52: Layer 2 Vpn Application
The Catalyst 3750 Metro switches are used as the provider edge (PE) switches at the both edges of the provider network connected to customer premises equipment (CPE) switches. The PE switches tag packets entering the service-provider network with the customer VLAN ID.
Page 53: Layer 3 Vpn Application
MPLS VPN configuration. The CE devices (which can be Catalyst 3750 Metro switches or other Layer 3 switches) use a routing protocol, such as RIP, EBGP, OSPF, IS-IS, or static routing, to forward packets from customer VPNs to the Catalyst 3750 Metro PE devices at the edge of the MPLS network.
Page 54: Where To Go Next
Where to Go Next Before configuring the switch, review these sections for startup information: Chapter 2, “Using the Command-Line Interface” • Chapter 3, “Assigning the Switch IP Address and Default Gateway” • Catalyst 3750 Metro Switch Software Configuration Guide 1-16 78-15870-01...
Page 55: Understanding Command Modes
C H A P T E R Using the Command-Line Interface This chapter describes the Cisco IOS command-line interface (CLI) and how to use it to configure your Catalyst 3750 Metro switch. It contains these sections: Understanding Command Modes, page 2-1 •...
Page 56: C H A P T E R 2 Using The Command-Line Interface
To exit to privileged Use this mode to configure Switch(vlan)# EXEC mode, enter EXEC mode, enter VLAN parameters for the vlan database exit. VLANs 1 to 1005 in the command. VLAN database. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 57: Understanding The Help System
For example: Switch# di? disable disconnect abbreviated-command-entry<Tab> Complete a partial command name. For example: Switch# sh conf<tab> Switch# show configuration List all commands available for a particular command mode. For example: Switch> ? Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 58: Understanding Abbreviated Commands
However, some commands are enabled by default and have variables set to certain default values. In these cases, the default command enables the command and sets variables to their default values. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 59: Using Command History
Beginning in privileged EXEC mode, enter this command to change the number of command lines that the switch records during the current terminal session: Switch# terminal history [size number-of-lines] The range is from 0 to 256. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 60: Recalling Commands
This section describes the editing features that can help you manipulate the command line. It contains these sections: Enabling and Disabling Editing Features, page 2-7 (optional) • Editing Commands through Keystrokes, page 2-7 (optional) • Editing Command Lines that Wrap, page 2-8 (optional) • Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 61: Enabling And Disabling Editing Features
Delete entries if you make a mistake Press the Delete or Erase the character to the left of the cursor. or change your mind. Backspace key. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 62: Editing Command Lines That Wrap
To scroll back to the beginning of the command entry, press Ctrl-B or the left arrow key repeatedly. You can also press Ctrl-A to immediately move to the beginning of the line. Note The arrow keys function only on ANSI-compatible terminals such as VT100s. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 63: Searching And Filtering Output Of Show And More Commands
GigabitEthernet1/0/1 is up, line protocol is down GigabitEthernet1/0/2 is up, line protocol is up Accessing the CLI You can access the CLI through a console connection, through Telnet, or by using the browser. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 64: Accessing The Cli Through A Console Connection Or Through Telnet
To access the CLI from a web browser, follow these steps: In the URL field, enter the IP address of the switch. Step 1 When the Cisco Systems Access page appears, click Telnet to start a Telnet session. Step 2 Enter the switch password.
Page 65: Chapter 3 Assigning The Switch Ip Address And Default Gateway
This chapter describes how to create the initial switch configuration (for example, assigning the switch IP address and default gateway information) for the Catalyst 3750 Metro switch by using a variety of automatic and manual methods. It also describes how to modify the switch startup configuration.
Page 66: Assigning Switch Information
IP address and reads the configuration file. Use the manual method of configuration if you are an experienced user familiar with the switch configuration steps; otherwise, use the setup program described earlier. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 67: Default Switch Information
LANs. A router does not forward broadcast packets, but it forwards packets based on the destination IP address in the received packet. DHCP-based autoconfiguration replaces the BOOTP client functionality on your switch. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 68: Dhcp Client Request Process
Configuring DHCP-Based Autoconfiguration These sections describe how to configure DHCP-based autoconfiguration: • Configuring the DHCP Server, page 3-5 • Configuring the TFTP Server, page 3-5 Configuring the DNS, page 3-6 • Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 69: Configuring The Dhcp Server
Example Configuration, page 3-8 If your DHCP server is a Cisco device, or if you are configuring the switch as a DHCP server, refer to the “IP Addressing and Services” section in the Cisco IOS IP and IP Routing Configuration Guide for Cisco IOS Release 12.1 for additional information about configuring DHCP.
Page 70: Configuring The Dns
TFTP packets. You must configure this relay device to forward received broadcast packets on an interface to the destination host. If the relay device is a Cisco router or Layer 3 switch, enable IP routing (ip routing global configuration command), and configure helper addresses by using the ip helper-address interface configuration command.
Page 71: Obtaining Configuration Files
DHCP reply. If the host name is not specified in the DHCP reply, the switch uses the default Switch as its host name. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 72: Example Configuration
10.0.0.2 TFTP server name maritsu or 10.0.0.3 maritsu or 10.0.0.3 maritsu or 10.0.0.3 maritsu or 10.0.0.3 Boot filename switcha-confg switchb-confg switchc-confg switchd-confg (configuration file) (optional) Host name (optional) switcha switchb switchc switchd Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 73: Manually Assigning Ip Information
The range is 1 to 4094; do not enter leading zeros. Step 3 ip address ip-address subnet-mask Enter the IP address and subnet mask. Step 4 exit Return to global configuration mode. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 74: Checking And Saving The Running Configuration
For more information about alternative locations to copy the configuration file, see Appendix B, “Working with the Cisco IOS File System, Configuration Files, and Software Images.” Modifying the Startup Configuration This section describes how to modify the switch startup configuration. It contains this configuration information: •...
Page 75: Default Boot Configuration
CONFIG_FILE environment variable. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no boot config-file global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 3-11 78-15870-01...
Page 76: Booting Manually
For filesystem:, use flash: for the system board flash device. • For file-url, specify the path (directory) and the name of the bootable image. Filenames and directory names are case sensitive. Catalyst 3750 Metro Switch Software Configuration Guide 3-12 78-15870-01...
Page 77: Controlling Environment Variables
Under normal circumstances, it is not necessary to alter the setting of the environment variables. Note For complete syntax and usage information for the boot loader commands and environment variables, refer to the command reference for this release. Catalyst 3750 Metro Switch Software Configuration Guide 3-13 78-15870-01...
Page 78 Specifies the filename that IOS uses to read and write a nonvolatile copy of the system write a nonvolatile copy of the system configuration. configuration. This command changes the CONFIG_FILE environment variable. Catalyst 3750 Metro Switch Software Configuration Guide 3-14 78-15870-01...
Page 79: Scheduling A Reload Of The Software Image
This example shows how to reload the software on the switch on the current day at 7:30 p.m: Switch# reload at 19:30 Reload scheduled for 19:30:00 UTC Wed Jun 5 2003 (in 2 hours and 25 minutes) Proceed with reload? [confirm] Catalyst 3750 Metro Switch Software Configuration Guide 3-15 78-15870-01...
Page 80: Displaying Scheduled Reload Information
EXEC command. It displays reload information including the time the reload is scheduled to occur and the reason for the reload (if it was specified when the reload was scheduled). Catalyst 3750 Metro Switch Software Configuration Guide 3-16 78-15870-01...
Page 81: Chapter 4 Configuring Ie2100 Cns Agents
Services (CNS) embedded agents on your Catalyst 3750 Metro switch. Note For complete syntax and usage information for the commands used in this section, refer to the Cisco Intelligence Engine 2100 Series Configuration Registrar Manual, and select Cisco IOS Software Release 12.2 >...
Page 82: Cns Configuration Service
The configuration agent can either apply configurations immediately or delay the application until receipt of a synchronization event from the configuration server. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 83: Cns Event Service
ID or group ID, and event. Cisco IOS devices recognize only event subject-names that match those configured in Cisco IOS software; for example, cisco.cns.config.load. You can use the namespace mapping service to designate events by using any desired naming convention.
Page 84: Deviceid
Configuration Registrar. The origin of the deviceID is defined by the Cisco IOS host name of the switch. However, the deviceID variable and its usage reside within the event gateway, which is adjacent to the switch.
Page 85: Understanding Cns Embedded Agents
DHCP-based autoconfiguration. Figure 4-2 Initial Configuration Overview TFTP server IE2100 Configuration Registrar DHCP server DHCP relay agent Distribution layer default gateway Access layer switches Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 86: Incremental (Partial) Configuration
NVRAM for use at the next reboot. Configuring CNS Embedded Agents The CNS agents embedded in the switch Cisco IOS software allow the switch to be connected and automatically configured as described in the “Enabling Automated CNS Configuration” section on page 4-6.
Page 87 Note For more information about running the setup program and creating templates on the Configuration Registrar, refer to the Cisco Intelligence Engine 2100 Series Configuration Registrar Manual. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 88: Enabling The Cns Event Agent
This example shows how to enable the CNS event agent, set the IP address gateway to 10.180.1.27, set 120 seconds as the keepalive interval, and set 10 as the retry count. Switch(config)# cns event 10.180.1.27 keepalive 120 10 Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 89: Enabling The Cns Configuration Agent
Return to global configuration mode. Step 5 hostname name Enter the host name for the switch. Step 6 ip route network-number Establish a static route to the Configuration Registrar whose IP address is network-number. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 90 Step 9 Return to privileged EXEC mode. Step 10 show cns config connections Verify information about the configuration agent. Step 11 show running-config Verify your entries. Catalyst 3750 Metro Switch Software Configuration Guide 4-10 78-15870-01...
Page 91: Enabling A Partial Configuration
To disable the CNS configuration agent, use the no cns config partial {ip-address | hostname} global configuration command. To cancel a partial configuration, use the cns config cancel privileged EXEC command. Catalyst 3750 Metro Switch Software Configuration Guide 4-11 78-15870-01...
Page 92: Displaying Cns Configuration
Display the status of the CNS event agent connections. show cns event stats Display statistics about the CNS event agent. show cns event subject Display a list of event agent subjects that are subscribed to by applications. Catalyst 3750 Metro Switch Software Configuration Guide 4-12 78-15870-01...
Page 93: Managing The System Time And Date
Network Time Protocol (NTP), or manual configuration methods. Note For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1. This section contains this configuration information: •...
Page 94: Understanding The System Clock
The time kept on a device is a critical resource; you should use the security features of NTP to avoid the accidental or malicious setting of an incorrect time. Two mechanisms are available: an access list-based restriction scheme and an encrypted authentication mechanism. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 95 Managing the System Time and Date Cisco’s implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that the time service for your network be derived from the public NTP servers available on the IP Internet.
Page 96: Configuring Ntp
No access control is specified. NTP packet source IP address The source address is determined by the outgoing interface. NTP is enabled on all interfaces by default. All interfaces receive NTP packets. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 97: Configuring Ntp Authentication
This example shows how to configure the switch to synchronize only to devices providing authentication key 42 in the device’s NTP packets: Switch(config)# ntp authenticate Switch(config)# ntp authentication-key 42 md5 aNiceKey Switch(config)# ntp trusted-key 42 Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 98: Configuring Ntp Associations
This example shows how to configure the switch to synchronize its system clock with the clock of the peer at IP address 172.16.22.44 using NTP version 2: Switch(config)# ntp server 172.16.22.44 version 2 Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 99: Configuring Ntp Broadcast Service
To disable the interface from sending NTP broadcast packets, use the no ntp broadcast interface configuration command. This example shows how to configure a port to send NTP version 2 packets: Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# ntp broadcast version 2 Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 100: Configuring Ntp Access Restrictions
You can control NTP access on two levels as described in these sections: • Creating an Access Group and Assigning a Basic IP Access List, page 5-9 Disabling NTP Services on a Specific Interface, page 5-10 • Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 101 If the source IP address matches the access lists for more than one access type, the first type is granted. If no access groups are specified, all access types are granted to all devices. If any access groups are specified, only the specified access types are granted. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 102: Configuring The Source Ip Address For Ntp Packets
By default, the source address is determined by the outgoing interface. Step 3 Return to privileged EXEC mode. Step 4 show running-config Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 3750 Metro Switch Software Configuration Guide 5-10 78-15870-01...
Page 103: Displaying The Ntp Configuration
[detail] • show ntp status For detailed information about the fields in these displays, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1. Configuring Time and Date Manually If no other source of time is available, you can manually configure the time and date after the system is restarted.
Page 104: Displaying The Time And Date Configuration
Atlantic Canada (AST) is UTC-3.5, where the 3 means 3 hours and .5 means 50 percent. In this case, the necessary command is clock timezone AST -3 30. To set the time to UTC, use the no clock timezone global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 5-12 78-15870-01...
Page 105: Configuring Summer Time (Daylight Saving Time)
This example shows how to specify that summer time starts on the first Sunday in April at 02:00 and ends on the last Sunday in October at 02:00: Switch(config)# clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00 Catalyst 3750 Metro Switch Software Configuration Guide 5-13 78-15870-01...
Page 106 This example shows how to set summer time to start on October 12, 2003, at 02:00, and end on April 26, 2004, at 02:00: Switch(config)# clock summer-time pdt date 12 October 2003 2:00 26 April 2004 2:00 Catalyst 3750 Metro Switch Software Configuration Guide 5-14 78-15870-01...
Page 107: Configuring A System Name And Prompt
Note For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Configuration Fundamentals Command Reference and the Cisco IOS IP and IP Routing Command Reference for Release 12.1.
Page 108: Configuring A System Prompt
Systems is a commercial organization that IP identifies by a com domain name, so its domain name is cisco.com. A specific device in this domain, for example, the FTP system is identified as ftp.cisco.com. To keep track of domain names, IP has defined the concept of a domain name server, which holds a cache (or database) of names mapped to IP addresses.
Page 109: Default Dns Configuration
Internet naming scheme (DNS). Step 5 Return to privileged EXEC mode. Step 6 show running-config Verify your entries. Step 7 copy running-config (Optional) Save your entries in the configuration file. startup-config Catalyst 3750 Metro Switch Software Configuration Guide 5-17 78-15870-01...
Page 110: Displaying The Dns Configuration
If there is a period (.) in the hostname, the Cisco IOS software looks up the IP address without appending any default domain name to the hostname.
Page 111: Configuring A Message-Of-The-Day Login Banner
Unix> telnet 172.2.5.4 Trying 172.2.5.4... Connected to 172.2.5.4. Escape character is '^]'. This is a secure site. Only authorized users are allowed. For access, contact technical support. User Access Verification Password: Catalyst 3750 Metro Switch Software Configuration Guide 5-19 78-15870-01...
Page 112: Configuring A Login Banner
(static or dynamic). For complete syntax and usage information for the commands used in this section, refer to the command Note reference for this release. Catalyst 3750 Metro Switch Software Configuration Guide 5-20 78-15870-01...
Page 113: Building The Address Table
Each VLAN maintains its own logical address table. A known address in one VLAN is unknown in another until it is learned or statically associated with a port in the other VLAN. Default MAC Address Table Configuration Table 5-3 shows the default MAC address table configuration. Catalyst 3750 Metro Switch Software Configuration Guide 5-21 78-15870-01...
Page 114: Default Mac Address Table Configuration
VLAN (clear mac address-table dynamic vlan vlan-id). To verify that dynamic entries have been removed, use the show mac address-table dynamic privileged EXEC command. Catalyst 3750 Metro Switch Software Configuration Guide 5-22 78-15870-01...
Page 115: Configuring Mac Address Notification Traps
1 second. (Optional) For history-size value, specify the • maximum number of entries in the MAC notification history table. The range is 0 to 500; the default is 1. Catalyst 3750 Metro Switch Software Configuration Guide 5-23 78-15870-01...
Page 116: Adding And Removing Static Address Entries
A packet with a static address that arrives on a VLAN where it has not been statically entered is flooded to all ports and not learned. Catalyst 3750 Metro Switch Software Configuration Guide 5-24 78-15870-01...
Page 117: Displaying Address Table Entries
Displays the MAC address table information for the specified interface. show mac address-table multicast Displays the Layer 2 multicast entries for all VLANs or the specified VLAN. show mac address-table notification Displays the MAC notification parameters and history table. Catalyst 3750 Metro Switch Software Configuration Guide 5-25 78-15870-01...
Page 118: Managing The Arp Table
(represented by the arpa keyword) is enabled on the IP interface. ARP entries added manually to the table do not age and must be manually removed. For more information, refer to the Cisco IOS Release 12.1 documentation on Cisco.com. Catalyst 3750 Metro Switch Software Configuration Guide...
Page 119: Chapter 6 Configuring Sdm Templates
VLANs—The VLAN template disables routing and supports the maximum number of unicast MAC • addresses. It would typically be selected for a Layer 2 switch. Default—The default template gives balance to all functions. • Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 120: Configuring The Switch Sdm Template
Default SDM Template, page 6-2 • • SDM Template Configuration Guidelines, page 6-3 • Setting the SDM Template, page 6-3 Default SDM Template The default template for is the “default desktop” template. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 121: Sdm Template Configuration Guidelines
Switch# show sdm prefer The current template is "desktop routing" template. The selected template optimizes the resources in the switch to support this level of features for 8 routed interfaces and 1024 VLANs. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 122: Displaying The Sdm Templates
+ multicast routes: number of unicast routes: number of directly connected hosts: number of indirect routes: number of policy based routing aces: number of qos aces: number of security aces: Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 123: Preventing Unauthorized Access To Your Switch
C H A P T E R Configuring Switch-Based Authentication This chapter describes how to configure switch-based authentication on the Catalyst 3750 Metro switch. It consists of these sections: Preventing Unauthorized Access to Your Switch, page 7-1 • • Protecting Access to Privileged EXEC Commands, page 7-2 •...
Page 124: Protecting Access To Privileged Exec Commands
Note For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Security Command Reference for Release 12.1. This section describes how to control access to the configuration file and privileged EXEC commands.
Page 125: Setting Or Changing A Static Enable Password
We recommend that you use the enable secret command because it uses an improved encryption algorithm. If you configure the enable secret command, it takes precedence over the enable password command; the two commands cannot be in effect simultaneously. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 126 The string cannot start with a number, is case sensitive, and allows spaces but ignores leading spaces. By default, no password is defined. (Optional) For encryption-type, only type 5, a Cisco • proprietary encryption algorithm, is available. If you specify an encryption type, you must provide an encrypted password—an encrypted password that you...
Page 127: Disabling Password Recovery
Disable password recovery. This setting is saved in an area of the flash memory that is accessible by the boot loader and the Cisco IOS image, but it is not part of the file system and is not accessible by any user.
Page 128: Setting A Telnet Password For A Terminal Line
If you have defined privilege levels, you can also assign a specific privilege level (with associated rights and privileges) to each username and password pair. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 129 To disable username authentication for a specific user, use the no username name global configuration command. To disable password checking and allow connections without a password, use the no login line configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 130: Configuring Multiple Privilege Levels
The first command displays the password and access level configuration. The second command displays the privilege level configuration. show privilege Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 131: Changing The Default Privilege Level For Lines
You might specify a high level or privilege level for your console line to restrict line usage. To return to the default line privilege level, use the no privilege level line configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 132: Logging Into And Exiting A Privilege Level
TACACS+ is facilitated through authentication, authorization, accounting (AAA) and can be enabled only through AAA commands. Note For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Security Command Reference for Release 12.1. This section contains this configuration information: •...
Page 133 The TACACS+ protocol provides authentication between the switch and the TACACS+ daemon, and it ensures confidentiality because all protocol exchanges between the switch and the TACACS+ daemon are encrypted. You need a system running the TACACS+ daemon software to use TACACS+ on your switch. Catalyst 3750 Metro Switch Software Configuration Guide 7-11 78-15870-01...
Page 134: Tacacs+ Operation
This section contains this configuration information: • Default TACACS+ Configuration, page 7-13 Identifying the TACACS+ Server Host and Setting the Authentication Key, page 7-13 • Configuring TACACS+ Login Authentication, page 7-14 • Catalyst 3750 Metro Switch Software Configuration Guide 7-12 78-15870-01...
Page 135: Default Tacacs+ Configuration
(Optional) Associate a particular TACACS+ server with the defined server group. Repeat this step for each TACACS+ server in the AAA server group. Each server in the group must be previously defined in Step 2. Catalyst 3750 Metro Switch Software Configuration Guide 7-13 78-15870-01...
Page 136: Configuring Tacacs+ Login Authentication
Beginning in privileged EXEC mode, follow these steps to configure login authentication: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Catalyst 3750 Metro Switch Software Configuration Guide 7-14 78-15870-01...
Page 137 {default | list-name} method1 [method2...] global configuration command. To either disable TACACS+ authentication for logins or to return to the default value, use the no login authentication {default | list-name} line configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 7-15 78-15870-01...
Page 138: Configuring Tacacs+ Authorization For Privileged Exec Access And Network Services
TACACS+ security server in the form of accounting records. Each accounting record contains accounting attribute-value (AV) pairs and is stored on the security server. This data can then be analyzed for network management, client billing, or auditing. Catalyst 3750 Metro Switch Software Configuration Guide 7-16 78-15870-01...
Page 139: Displaying The Tacacs+ Configuration
RADIUS is facilitated through AAA and can be enabled only through AAA commands. For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Note Security Command Reference for Release 12.1.
Page 140: Understanding Radius
Switch-to-switch or router-to-router situations. RADIUS does not provide two-way authentication. • RADIUS can be used to authenticate from one device to a non-Cisco device if the non-Cisco device requires authentication. Networks using a variety of services. RADIUS generally binds a user to one service model.
Page 141: Radius Operation
RADIUS authorization, if it is enabled. The additional data included with the ACCEPT or REJECT packets includes these items: Telnet, SSH, rlogin, or privileged EXEC services • • Connection parameters, including the host or client IP address, access list, and user timeouts Catalyst 3750 Metro Switch Software Configuration Guide 7-19 78-15870-01...
Page 142: Configuring Radius
Identifying the RADIUS Server Host Switch-to-RADIUS-server communication involves several components: • Host name or IP address Authentication destination port • Accounting destination port • Key string • • Timeout period Retransmission value • Catalyst 3750 Metro Switch Software Configuration Guide 7-20 78-15870-01...
Page 143 For more information, see the “Defining AAA Server Groups” section on page 7-25. Beginning in privileged EXEC mode, follow these steps to configure per-server RADIUS server communication. This procedure is required. Catalyst 3750 Metro Switch Software Configuration Guide 7-21 78-15870-01...
Page 144 Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To remove the specified RADIUS server, use the no radius-server host hostname | ip-address global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 7-22 78-15870-01...
Page 145: Configuring Radius Login Authentication
Beginning in privileged EXEC mode, follow these steps to configure login authentication. This procedure is required. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Catalyst 3750 Metro Switch Software Configuration Guide 7-23 78-15870-01...
Page 146 Step 4 line [console | tty | vty] line-number Enter line configuration mode, and configure the lines to which you want [ending-line-number] to apply the authentication list. Catalyst 3750 Metro Switch Software Configuration Guide 7-24 78-15870-01...
Page 147: Defining Aaa Server Groups
Beginning in privileged EXEC mode, follow these steps to define the AAA server group and associate a particular RADIUS server with it: Catalyst 3750 Metro Switch Software Configuration Guide 7-25 78-15870-01...
Page 148 Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Step 9 Enable RADIUS login authentication. See the “Configuring RADIUS Login Authentication” section on page 7-23. Catalyst 3750 Metro Switch Software Configuration Guide 7-26 78-15870-01...
Page 149: Configuring Radius Authorization For User Privileged Access And Network Services
The exec keyword might return user profile information (such as autocommand information). Step 4 Return to privileged EXEC mode. Step 5 show running-config Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 3750 Metro Switch Software Configuration Guide 7-27 78-15870-01...
Page 150: Starting Radius Accounting
(AV) pairs and is stored on the security server. This data can then be analyzed for network management, client billing, or auditing. Beginning in privileged EXEC mode, follow these steps to enable RADIUS accounting for each Cisco IOS privilege level and for network services:...
Page 151: Configuring The Switch To Use Vendor-Specific Radius Attributes
1, which is named cisco-avpair. The value is a string with this format: protocol : attribute sep value * Protocol is a value of the Cisco protocol attribute for a particular type of authorization. Attribute and value are an appropriate attribute-value (AV) pair defined in the Cisco TACACS+ specification, and sep is = for mandatory attributes and is * for optional attributes.
Page 152: Configuring The Switch For Vendor-Proprietary Radius Server Communication
(Optional) Save your entries in the configuration file. For a complete list of RADIUS attributes or more information about vendor-specific attribute 26, refer to the “RADIUS Attributes” appendix in the Cisco IOS Security Configuration Guide for Release 12.1. Configuring the Switch for Vendor-Proprietary RADIUS Server Communication...
Page 153: Displaying The Radius Configuration
You must obtain authorization to use this feature and to download the cryptographic software files from Cisco.com. For more information, refer to the release notes for this release.
Page 154: Understanding Kerberos
In the Kerberos configuration examples and in the Cisco IOS Security Command Reference, Note Release 12.1, the trusted third party can be a Catalyst 3750 Metro switch that supports Kerberos, that is configured as a network security server, and that can authenticate users by using the Kerberos Protocol.
Page 155 Service credential A credential for a network service. When issued from the KDC, this credential is encrypted with the password shared by the network service and the KDC. The password is also shared with the user TGT. Catalyst 3750 Metro Switch Software Configuration Guide 7-33 78-15870-01...
Page 156: Kerberos Operation
Kerberos realm represented by the KDC. Kerberos Operation A Kerberos server can be a Catalyst 3750 Metro switch that is configured as a network security server and that can authenticate remote users by using the Kerberos Protocol. Although you can customize Kerberos in a number of ways, remote users attempting to access network services must pass through three layers of security before they can access network services.
Page 157: Obtaining A Tgt From A Kdc
• The Kerberos realm name must be in all uppercase characters. A Kerberos server can be a Catalyst 3750 Metro switch that is configured as a network security server Note and that can authenticate users by using the Kerberos Protocol.
Page 158: Configuring The Switch For Local Authentication And Authorization
(Optional) Save your entries in the configuration file. To disable AAA, use the no aaa new-model global configuration command. To disable authorization, use the no aaa authorization {network | exec} method1 global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 7-36 78-15870-01...
Page 159: Configuring The Switch For Secure Shell
“Configuring the Switch for Local Authentication and Authorization” section on page 7-36.) For more information about SSH, refer to the “Configuring Secure Shell” section in the Cisco IOS Security Configuration Guide for Release 12.1. Configuring SSH Before configuring SSH, download the cryptographic version of the switch software image from Cisco.com.
Page 160 Chapter 7 Configuring Switch-Based Authentication Configuring the Switch for Secure Shell Catalyst 3750 Metro Switch Software Configuration Guide 7-38 78-15870-01...
Page 161 Configuring 802.1x Port-Based Authentication This chapter describes how to configure IEEE 802.1x port-based authentication on the Catalyst 3750 Metro switch. As LANs extend to hotels, airports, and corporate lobbies, creating insecure environments, 802.1x prevents unauthorized devices (clients) from gaining access to the network.
Page 162: Understanding 802.1X Port-Based Authentication
Authentication Protocol (EAP) extensions is the only supported authentication server. It is available in Cisco Secure Access Control Server version 3.0 or later. RADIUS operates in a client/server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients.
Page 163: Authentication Initiation And Message Exchange
EAP frame, which is then encapsulated for Ethernet and sent to the client. The devices that can act as intermediaries include the Catalyst 3750, Catalyst 3550, Catalyst 2970, Catalyst 2955, Catalyst 2950, Catalyst 2940 switches, or a wireless access point. These devices must be running software that supports the RADIUS client and 802.1x.
Page 164: Ports In Authorized And Unauthorized States
The switch requests the identity of the client and begins relaying authentication messages between the client and the authentication server. Each client attempting to access the network is uniquely identified by the switch by using the client MAC address. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 165: Supported Topologies
Figure 8-3 Wireless LAN Example Authentication server Access point (RADIUS) Wireless clients Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 166: Using 802.1X With Port Security
PVID to carry the data traffic to and from the workstation connected to the switch through the IP • phone. The PVID is the native VLAN of the port. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 167: Using 802.1X With Vlan Assignment
A voice VLAN port becomes active when there is link, and the device MAC address appears after the first CDP message from the IP phone. Cisco IP phones do not relay CDP messages from other devices. As a result, if several IP phones are connected in series, the switch recognizes only the one directly connected to it.
Page 168: Using 802.1X With Guest Vlan
ACL. If you apply input port ACL to a port that belongs to a VLAN, the port ACL takes precedence over an input router ACL applied to the VLAN interface. Incoming packets received on the Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 169: Configuring 802.1X Authentication
If the RADIUS server does not allow the .in or .out syntax, the access list is applied to the outbound ACL by default. Because of limited support of Cisco IOS access lists on the switch, the Filter-Id attribute is supported only for IP ACLs numbered 1 to 199 and 1300 to 2699 (IP standard and IP extended ACLs).
Page 170: Default 802.1X Configuration
30 seconds (when relaying a response from the client to the authentication server, the amount of time the switch waits for a reply before resending the response to the server. This setting is not configurable.) Catalyst 3750 Metro Switch Software Configuration Guide 8-10 78-15870-01...
Page 171: 802.1X Configuration Guidelines
To allow per-user ACLs or VLAN assignment, you must enable AAA authorization to configure the switch for all network-related service requests. Beginning in privileged EXEC mode, follow these steps to configure 802.1x port-based authentication. This procedure is required. Catalyst 3750 Metro Switch Software Configuration Guide 8-11 78-15870-01...
Page 172 This example shows how to enable AAA and 802.1x on a port: Switch# configure terminal Switch(config)# aaa new-model Switch(config)# aaa authentication dot1x default group radius Switch(config)# dot1x system-auth-control Switch(config)# interface fastethernet1/0/1 Switch(config)# switchport mode access Switch(config-if)# dot1x port-control auto Switch(config-if)# end Catalyst 3750 Metro Switch Software Configuration Guide 8-12 78-15870-01...
Page 173: Configuring The Switch-To-Radius-Server Communication
For more information, see the “Configuring Settings for All RADIUS Servers” section on page 7-28. Catalyst 3750 Metro Switch Software Configuration Guide 8-13 78-15870-01...
Page 174: Configuring Periodic Re-Authentication
“Configuring Periodic Re-Authentication” section on page 8-14. This example shows how to manually re-authenticate the client connected to a port: Switch# dot1x re-authenticate interface fastethernet1/0/1 Catalyst 3750 Metro Switch Software Configuration Guide 8-14 78-15870-01...
Page 175: Changing The Quiet Period
Set the number of seconds that the switch waits for a response to an EAP-request/identity frame from the client before resending the request. The range is 1 to 65535 seconds; the default is 30. Catalyst 3750 Metro Switch Software Configuration Guide 8-15 78-15870-01...
Page 176: Setting The Switch-To-Client Frame-Retransmission Number
To return to the default retransmission number, use the no dot1x max-req interface configuration command. This example shows how to set 5 as the number of times that the switch sends an EAP-request/identity request before restarting the authentication process: Switch(config-if)# dot1x max-req 5 Catalyst 3750 Metro Switch Software Configuration Guide 8-16 78-15870-01...
Page 177: Configuring The Host Mode
To disable multiple hosts on the port, use the no dot1x host-mode multi-host interface configuration command. This example shows how to enable 802.1x on a port and to allow multiple hosts: Switch(config)# interface fastethernet1/0/1 Switch(config-if)# dot1x port-control auto Switch(config-if)# dot1x host-mode multi-host Catalyst 3750 Metro Switch Software Configuration Guide 8-17 78-15870-01...
Page 178: Configuring A Guest Vlan
Reset the configurable 802.1x parameters to the default values. Step 4 Return to privileged EXEC mode. Step 5 show dot1x interface interface-id Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 3750 Metro Switch Software Configuration Guide 8-18 78-15870-01...
Page 179: Displaying 802.1X Statistics And Status
EXEC command. To display the 802.1x administrative and operational status for a specific port, use the show dot1x interface interface-id privileged EXEC command. For detailed information about the fields in these displays, refer to the command reference for this release. Catalyst 3750 Metro Switch Software Configuration Guide 8-19 78-15870-01...
Page 180 Chapter 8 Configuring 802.1x Port-Based Authentication Displaying 802.1x Statistics and Status Catalyst 3750 Metro Switch Software Configuration Guide 8-20 78-15870-01...
Page 181 C H A P T E R Configuring Interface Characteristics This chapter defines the types of interfaces on the Catalyst 3750 Metro switch and describes how to configure them. The chapter has these sections: • Understanding Interface Types, page 9-1 Using Interface Configuration Mode, page 9-6 •...
Page 182: Understanding Interface Types
VLAN assigned to the port. If an access port receives a tagged packet (Inter-Switch Link [ISL] or 802.1Q tagged), the packet is dropped, and the source address is not learned. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 183: Trunk Ports
6000 series switch; the Catalyst 3750 Metro switch cannot be a VMPS server. You can also configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and another VLAN for data traffic from a device attached to the phone. For more information about voice VLAN ports, see Chapter 12, “Configuring Voice VLAN.”...
Page 184: Routed Ports
SVIs support routing protocols and bridging configurations. For more information about configuring IP routing, see Chapter 28, “Configuring IP Unicast Routing,” Chapter 31, “Configuring IP Multicast Routing,” Chapter 33, “Configuring Fallback Bridging.” Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 185: Etherchannel Port Groups
Most protocols operate over either single ports or aggregated switch ports and do not recognize the physical ports within the port group. Exceptions are the DTP, the Cisco Discovery Protocol (CDP), and the Port Aggregation Protocol (PAgP), which operate only on physical ports.
Page 186: Using Interface Configuration Mode
Type—Fast Ethernet (fastethernet or fa) for 10/100 Mbps Ethernet or Gigabit Ethernet • (gigabitethernet or gi) for small form-factor pluggable (SFP) Gigabit Ethernet interfaces. Switch number—For the Catalyst 3750 Metro switch, this number is always 1. • Catalyst 3750 Metro Switch Software Configuration Guide...
Page 187: Procedures For Configuring Interfaces
Enter the show interfaces privileged EXEC command to see a list of all interfaces on or configured for the switch. A report is provided for each interface that the device supports or for the specified interface. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 188: Configuring A Range Of Interfaces
You must add a space between the first interface number and the hyphen when using the interface range command. For example, the command interface range fastethernet 1/0/1 - 5 is a valid range; the command interface range fastethernet 1/0/1-5 is not a valid range. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 189: Configuring And Using Interface Range Macros
Select the interface range to be configured using the values saved in the interface-range macro called macro_name. You can now use the normal configuration commands to apply the configuration to all interfaces in the defined macro. Step 4 Return to privileged EXEC mode. Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 190 Switch(config)# define interface-range macro1 fastethernet1/0/1 - 2, fastethernet1/0/5 - 7 Switch(config)# end This example shows how to enter interface range configuration mode for the interface-range macro enet_list: Switch# configure terminal Switch(config)# interface range macro enet_list Switch(config-if-range)# Catalyst 3750 Metro Switch Software Configuration Guide 9-10 78-15870-01...
Page 191: Default Ethernet Interface Configuration
Native VLAN (for 802.1Q trunks) VLAN 1 (Layer 2 interfaces only). VLAN trunking Switchport mode dynamic auto (supports DTP) (Layer 2 interfaces only). Port enable state All ports are enabled. Port description None defined. Speed Autonegotiate. Duplex mode Autonegotiate. Catalyst 3750 Metro Switch Software Configuration Guide 9-11 78-15870-01...
Page 192: Configuring Interface Speed And Duplex Mode
10/100 interface on another switch. These sections describe how to configure the interface speed and duplex mode: Configuration Guidelines, page 9-13 • • Setting the Interface Speed and Duplex Parameters, page 9-13 Catalyst 3750 Metro Switch Software Configuration Guide 9-12 78-15870-01...
Page 193: Configuration Guidelines
Beginning in privileged EXEC mode, follow these steps to set the speed and duplex mode for a physical interface: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Enter interface configuration mode and the physical interface identification. Catalyst 3750 Metro Switch Software Configuration Guide 9-13 78-15870-01...
Page 194 This example shows how to set the speed to 10 Mbps and the duplex mode to half on an port: Switch# configure terminal Switch(config)# interface fasttethernet1/0/3 Switch(config-if)# speed 10 Switch(config-if)# duplex half Catalyst 3750 Metro Switch Software Configuration Guide 9-14 78-15870-01...
Page 195: Configuring Ieee 802.3Z Flow Control
Upon receipt of a pause frame, the sending device stops sending any data packets, which prevents any loss of data packets during the congestion period. Catalyst 3750 Metro switch ports are capable of receiving, but not sending, pause frames. Note You use the flowcontrol interface configuration command to set the interface’s ability to receive pause...
Page 196: Configuring Auto-Mdix On A Port
Step 7 show controllers ethernet-controller Verify the operational state of the Auto-MDIX feature on the interface. interface-id phy Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 3750 Metro Switch Software Configuration Guide 9-16 78-15870-01...
Page 197: Adding A Description For An Interface
Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# description Connects to Marketing Switch(config-if)# end Switch# show interfaces gigabitethernet1/0/2 description Interface Status Protocol Description Gi1/0/2 admin down down Connects to Marketing Catalyst 3750 Metro Switch Software Configuration Guide 9-17 78-15870-01...
Page 198: Configuring Layer 3 Interfaces
Layer 3 mode. Entering a no switchport command disables and then re-enables the interface, which might generate messages on the device to which the interface is connected. Catalyst 3750 Metro Switch Software Configuration Guide 9-18 78-15870-01...
Page 199: Configuring The System Mtu
Note If Gigabit Ethernet interfaces are configured to accept frames greater than the 10/100 interfaces, jumbo frames ingressing on a Gigabit Ethernet interface and egressing on a 10/100 interface are dropped. Catalyst 3750 Metro Switch Software Configuration Guide 9-19 78-15870-01...
Page 200: Monitoring And Maintaining The Interfaces
(You can display the full list of show commands by using the show ? command at the privileged EXEC prompt.) These commands are fully described in the Cisco IOS Interface Command Reference for Release 12.1. Catalyst 3750 Metro Switch Software Configuration Guide...
Page 201: Clearing And Resetting Interfaces And Counters
The clear counters privileged EXEC command does not clear counters retrieved by using Simple Note Network Management Protocol (SNMP), but only those seen with the show interface privileged EXEC command. Catalyst 3750 Metro Switch Software Configuration Guide 9-21 78-15870-01...
Page 202: Shutting Down And Restarting The Interface
Use the no shutdown interface configuration command to restart the interface. To verify that an interface is disabled, enter the show interfaces privileged EXEC command. A disabled interface is shown as administratively down in the show interface command display. Catalyst 3750 Metro Switch Software Configuration Guide 9-22 78-15870-01...
Page 203: Chapter 10 Configuring Vlans
This chapter describes how to configure normal-range VLANs (VLAN IDs 1 to 1005) and extended-range VLANs (VLAN IDs 1006 to 4094) on the Catalyst 3750 Metro switch. It includes information about VLAN membership modes, VLAN configuration modes, VLAN trunks, and dynamic VLAN assignment from a VLAN Membership Policy Server (VMPS).
Page 204 VLAN template, which configures system resources to support the maximum number of unicast MAC addresses. For more information on the SDM templates, see Chapter 6, “Configuring SDM Templates,” or refer to the sdm prefer command in the command reference for this release. Catalyst 3750 Metro Switch Software Configuration Guide 10-2 78-15870-01...
Page 205: Supported Vlans
VTP exchanges list. For information about configuring trunk ports, see the VLAN configuration messages with other “Configuring an Ethernet Interface as a Trunk Port” switches over trunk links. section on page 10-20. Catalyst 3750 Metro Switch Software Configuration Guide 10-3 78-15870-01...
Page 206: Configuring Normal-Range Vlans
Dynamic-Access Ports on VMPS Clients” section on page 10-31. Voice VLAN A voice VLAN port is an access port attached to a Cisco VTP is not required; it has no affect on IP Phone, configured to use one VLAN for voice traffic voice VLAN.
Page 207 Default Ethernet VLAN Configuration, page 10-8 • Creating or Modifying an Ethernet VLAN, page 10-9 • Deleting a VLAN, page 10-11 • • Assigning Static-Access Ports to a VLAN, page 10-11 Catalyst 3750 Metro Switch Software Configuration Guide 10-5 78-15870-01...
Page 208: Token Ring Vlans
IEEE 802.1s Multiple STP (MSTP) on your switch to map multiple VLANs to a single STP instance. For more information about MSTP, see Chapter 15, “Configuring MSTP.” Catalyst 3750 Metro Switch Software Configuration Guide 10-6 78-15870-01...
Page 209: Vlan Configuration Mode Options
You can use the show running-config privileged EXEC command to display the switch running configuration file. To display the VLAN configuration, enter the show vlan privileged EXEC command. Catalyst 3750 Metro Switch Software Configuration Guide 10-7 78-15870-01...
Page 210: Default Ethernet Vlan Configuration
802.10 SAID 100001 (100000 plus the 1–4294967294 VLAN ID) MTU size 1500 1500–18190 Translational bridge 1 0–1005 Translational bridge 2 0–1005 VLAN state active active, suspend Remote SPAN disabled enabled, disabled Catalyst 3750 Metro Switch Software Configuration Guide 10-8 78-15870-01...
Page 211: Creating Or Modifying An Ethernet Vlan
This example shows how to use config-vlan mode to create Ethernet VLAN 20, name it test20, and add it to the VLAN database: Switch# configure terminal Switch(config)# vlan 20 Switch(config-vlan)# name test20 Switch(config-vlan)# end Catalyst 3750 Metro Switch Software Configuration Guide 10-9 78-15870-01...
Page 212 This example shows how to use VLAN configuration mode to create Ethernet VLAN 20, name it test20, and add it to the VLAN database: Switch# vlan database Switch(vlan)# vlan 20 name test20 Switch(vlan)# exit APPLY completed. Exiting..Catalyst 3750 Metro Switch Software Configuration Guide 10-10 78-15870-01...
Page 213: Deleting A Vlan
Beginning in privileged EXEC mode, follow these steps to assign a port to a VLAN in the VLAN database: Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface interface-id Enter the interface to be added to the VLAN. Catalyst 3750 Metro Switch Software Configuration Guide 10-11 78-15870-01...
Page 214: Configuring Extended-Range Vlans
Default VLAN Configuration, page 10-13 Extended-Range VLAN Configuration Guidelines, page 10-13 • Creating an Extended-Range VLAN, page 10-14 • Creating an Extended-Range VLAN with an Internal VLAN ID, page 10-15 • Catalyst 3750 Metro Switch Software Configuration Guide 10-12 78-15870-01...
Page 215: Default Vlan Configuration
SVIs, and other configured features affects the use of the switch hardware. If you try to create an extended-range VLAN and there are not enough hardware resources available, an error message is generated, and the extended-range VLAN is rejected. Catalyst 3750 Metro Switch Software Configuration Guide 10-13 78-15870-01...
Page 216: Creating An Extended-Range Vlan
To delete an extended-range VLAN, use the no vlan vlan-id global configuration command. The procedure for assigning static-access ports to an extended-range VLAN is the same as for normal-range VLANs. See the “Assigning Static-Access Ports to a VLAN” section on page 10-11. Catalyst 3750 Metro Switch Software Configuration Guide 10-14 78-15870-01...
Page 217: Creating An Extended-Range Vlan With An Internal Vlan Id
VLAN configuration in the switch startup configuration file. Otherwise, if the switch resets, it will default to VTP server mode, and the extended-range VLAN IDs will not be saved. Catalyst 3750 Metro Switch Software Configuration Guide 10-15 78-15870-01...
Page 218: Displaying Vlans
Two trunking encapsulations are available on all Ethernet interfaces: Inter-Switch Link (ISL)—ISL is Cisco-proprietary trunking encapsulation. • 802.1Q—802.1Q is industry-standard trunking encapsulation. • Figure 10-2 shows a network of switches that are connected by ISL trunks. Catalyst 3750 Metro Switch Software Configuration Guide 10-16 78-15870-01...
Page 219 The DTP supports autonegotiation of both ISL and 802.1Q trunks. Note Tunnel ports do not support DTP. See Chapter 13, “Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling,” for more information on tunnel ports. Catalyst 3750 Metro Switch Software Configuration Guide 10-17 78-15870-01...
Page 220: Encapsulation Types
Layer 3 interfaces. The switch does support Layer 2 trunks and Layer 3 VLAN interfaces, which provide equivalent capabilities. The trunking mode, the trunk encapsulation type, and the hardware capabilities of the two connected interfaces determine whether a link becomes an ISL or 802.1Q trunk. Catalyst 3750 Metro Switch Software Configuration Guide 10-18 78-15870-01...
Page 221: 802.1Q Configuration Considerations
VLAN allowed on the trunks. Non-Cisco devices might support one spanning-tree instance for all VLANs. When you connect a Cisco switch to a non-Cisco device through an 802.1Q trunk, the Cisco switch combines the spanning-tree instance of the VLAN of the trunk with the spanning-tree instance of the non-Cisco 802.1Q switch.
Page 222: Configuring An Ethernet Interface As A Trunk Port
802.1x on a dynamic port, an error message appears, and 802.1x is not enabled. If you try to change the mode of an 802.1x-enabled port to dynamic, the port mode is not changed. Catalyst 3750 Metro Switch Software Configuration Guide 10-20...
Page 223: Configuring A Trunk Port
802.1Q trunking. Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# switchport mode dynamic desirable Switch(config-if)# switchport trunk encapsulation dot1q Switch(config-if)# end Catalyst 3750 Metro Switch Software Configuration Guide 10-21 78-15870-01...
Page 224: Defining The Allowed Vlans On A Trunk
Note VLAN 1 is the default VLAN on all trunk ports in all Cisco switches, and it has previously been a requirement that VLAN 1 always be enabled on every trunk link. You can use the VLAN 1 minimization feature to disable VLAN 1 on any individual VLAN trunk link so that no user traffic (including spanning tree advertisements) is sent or received on VLAN 1.
Page 225: Changing The Pruning-Eligible List
(Optional) Save your entries in the configuration file. To return to the default pruning-eligible list of all VLANs, use the no switchport trunk pruning vlan interface configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 10-23 78-15870-01...
Page 226: Configuring The Native Vlan For Untagged Traffic
STP port priorities, both load-sharing links must be connected to the same switch. For load sharing using STP path costs, each load-sharing link can be connected to the same switch or to two different switches. For more information about STP, see Chapter 14, “Configuring STP.” Catalyst 3750 Metro Switch Software Configuration Guide 10-24 78-15870-01...
Page 227: Load Sharing Using Stp Port Priorities
In the display, check the VTP Operating Mode and the VTP Domain Name fields. Step 6 show vlan Verify that the VLANs exist in the database on Switch A. Step 7 configure terminal Enter global configuration mode. Catalyst 3750 Metro Switch Software Configuration Guide 10-25 78-15870-01...
Page 228: Load Sharing Using Stp Path Cost
VLANs 8 through 10 are assigned a path cost of 30 on Trunk port 2. • VLANs 2 through 4 retain the default 100BASE-T path cost on Trunk port 2 of 19. Catalyst 3750 Metro Switch Software Configuration Guide 10-26 78-15870-01...
Page 229 Verify your entries. In the display, verify that the path costs are set correctly for both trunk interfaces. Step 17 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 3750 Metro Switch Software Configuration Guide 10-27 78-15870-01...
Page 230: Configuring Vmps
VMPS when it identifies a new host address. If the switch receives a port-shutdown response from the VMPS, it disables the port. The port must be manually re-enabled by using the CLI or SNMP. Catalyst 3750 Metro Switch Software Configuration Guide 10-28...
Page 231: Dynamic-Access Port Vlan Membership
(VQP) port, an error message appears, and 802.1x is not enabled. If you try to change an 802.1x-enabled port to dynamic VLAN assignment, an error message appears, and the VLAN configuration is not changed. Catalyst 3750 Metro Switch Software Configuration Guide 10-29 78-15870-01...
Page 232: Configuring The Vmps Client
You must have IP connectivity to the VMPS for dynamic-access ports to work. You can test for IP Note connectivity by pinging the IP address of the VMPS and verifying that you get a response. Catalyst 3750 Metro Switch Software Configuration Guide 10-30 78-15870-01...
Page 233: Configuring Dynamic-Access Ports On Vmps Clients
VMPS: Command Purpose Step 1 vmps reconfirm Reconfirm dynamic-access port VLAN membership. Step 2 show vmps Verify the dynamic VLAN reconfirmation status. Catalyst 3750 Metro Switch Software Configuration Guide 10-31 78-15870-01...
Page 234: Changing The Reconfirmation Interval
Verify your entry in the Server Retry Count field of the display. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no vmps retry global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 10-32 78-15870-01...
Page 235: Monitoring The Vmps
More than 20 active hosts reside on a dynamic-access port. • To re-enable a disabled dynamic-access port, enter the shutdown interface configuration command followed by the no shutdown interface configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 10-33 78-15870-01...
Page 236: Vmps Configuration Example
Switch E 172.20.26.155 Switch F 172.20.26.156 Switch G 172.20.26.157 Switch H Client switch I Dynamic-access port 172.20.26.158 station 2 Trunk port 172.20.26.159 Catalyst 6500 series Secondary VMPS Switch J Server 3 Catalyst 3750 Metro Switch Software Configuration Guide 10-34 78-15870-01...
Page 237: Chapter 11 Configuring Vtp
Configuring VTP This chapter describes how to use the VLAN Trunking Protocol (VTP) and the VLAN database for managing VLANs with the Catalyst 3750 Metro switch. Note For complete syntax and usage information for the commands used in this chapter, refer to the command reference for this release.
Page 238: The Vtp Domain
For domain name and password configuration guidelines, see the “VTP Configuration Guidelines” section on page 11-8. Catalyst 3750 Metro Switch Software Configuration Guide 11-2 78-15870-01...
Page 239: Vtp Modes
VTP domain name • VTP configuration revision number • • Update identity and update timestamp • MD5 digest VLAN configuration, including maximum transmission unit (MTU) size for each VLAN. • Frame format Catalyst 3750 Metro Switch Software Configuration Guide 11-3 78-15870-01...
Page 240: Vtp Version 2
Switch D are assigned to the Red VLAN. If a broadcast is sent from the host connected to Switch A, Switch A floods the broadcast and every switch in the network receives it, even though Switches C, E, and F have no ports in the Red VLAN. Catalyst 3750 Metro Switch Software Configuration Guide 11-4 78-15870-01...
Page 241 VTP pruning does not prune traffic from VLANs that are pruning-ineligible. VLAN 1 and VLANs 1002 to 1005 are always pruning-ineligible; traffic from these VLANs cannot be pruned. Extended-range VLANs (VLAN IDs higher than 1005) are also pruning-ineligible. Catalyst 3750 Metro Switch Software Configuration Guide 11-5 78-15870-01...
Page 242: Default Vtp Configuration
VTP configuration. Table 11-2 Default VTP Configuration Feature Default Setting VTP domain name Null. VTP mode Server. VTP version Version 1 (version 2 is disabled). VTP password None. VTP pruning Disabled. Catalyst 3750 Metro Switch Software Configuration Guide 11-6 78-15870-01...
Page 243: Vtp Configuration Options
If VTP mode is transparent, the domain name and the mode (transparent) are saved in the switch running configuration, and you can save this information in the switch startup configuration file by entering the copy running-config startup-config privileged EXEC command. Catalyst 3750 Metro Switch Software Configuration Guide 11-7 78-15870-01...
Page 244: Vtp Configuration Guidelines
When you enable version 2 on a switch, all of the version-2-capable switches in the domain enable version 2. If there is a version 1-only switch, it does not exchange VTP information with switches with version 2 enabled. Catalyst 3750 Metro Switch Software Configuration Guide 11-8 78-15870-01...
Page 245: Configuration Requirements
When you configure a domain name, it cannot be removed; you can only reassign a switch to a different domain. To return the switch to a no-password state, use the no vtp password global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 11-9 78-15870-01...
Page 246 This example shows how to use VLAN database configuration mode to configure the switch as a VTP server with the domain name eng_group and the password mypassword: Switch# vlan database Switch(vlan)# vtp server Switch(vlan)# vtp domain eng_group Switch(vlan)# vtp password mypassword Switch(vlan)# exit APPLY completed. Exiting..Switch# Catalyst 3750 Metro Switch Software Configuration Guide 11-10 78-15870-01...
Page 247: Configuring A Vtp Client
VLAN database configuration command to return the switch to a no-password state. When you configure a domain name, it cannot be removed; you can only reassign a switch to a different domain. Catalyst 3750 Metro Switch Software Configuration Guide 11-11...
Page 248: Disabling Vtp (Vtp Transparent Mode)
VLAN database configuration command to return the switch to VTP server mode. If extended-range VLANs are configured on the switch, you cannot change VTP mode to server. You receive an error message, and the configuration is not allowed. Catalyst 3750 Metro Switch Software Configuration Guide 11-12 78-15870-01...
Page 249: Enabling Vtp Version 2
You can also enable VTP version 2 by using the vlan database privileged EXEC command to enter Note VLAN database configuration mode and entering the vtp v2-mode VLAN database configuration command. To disable VTP version 2, use the no vtp v2-mode VLAN database configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 11-13 78-15870-01...
Page 250: Enabling Vtp Pruning
Only VLANs included in the pruning-eligible list can be pruned. By default, VLANs 2 through 1001 are pruning eligible on trunk ports. Reserved VLANs and extended-range VLANs cannot be pruned. To change the pruning-eligible VLANs, see the “Changing the Pruning-Eligible List” section on page 10-23. Catalyst 3750 Metro Switch Software Configuration Guide 11-14 78-15870-01...
Page 251: Adding A Vtp Client Switch To A Vtp Domain
You can use the vtp mode transparent global configuration command or the vtp transparent VLAN database configuration command to disable VTP on the switch, and then change its VLAN information without affecting the other switches in the VTP domain. Catalyst 3750 Metro Switch Software Configuration Guide 11-15 78-15870-01...
Page 252: Monitoring Vtp
EXEC commands for monitoring VTP activity. Table 11-3 VTP Monitoring Commands Command Purpose show vtp status Display the VTP switch configuration information. show vtp counters Display counters about VTP messages that have been sent and received. Catalyst 3750 Metro Switch Software Configuration Guide 11-16 78-15870-01...
Page 253: Chapter 12 Configuring Voice Vlan
The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. When the switch is connected to a Cisco 7960 IP Phone, the IP Phone sends voice traffic with Layer 3 IP precedence and Layer 2 class of service (CoS) values, which are both set to 5 by default. Because the sound quality of an IP phone call can deteriorate if the data is unevenly sent, the switch supports quality of service (QoS) based on IEEE 802.1p CoS.
Page 254: Cisco Ip Phone Voice Traffic
Cisco IP Phone Voice Traffic You can configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and another VLAN for data traffic from a device attached to the phone. You can configure access ports on...
Page 255: Configuring Voice Vlan
• voice VLAN, the Port Fast feature is not automatically disabled. If the Cisco IP Phone and a device attached to the Cisco IP Phone are in the same VLAN, they must • be in the same IP subnet. These conditions indicate that they are in the same VLAN: They both use 802.1p or untagged frames.
Page 256: Configuring A Port Connected To A Cisco 7960 Ip Phone
Configuring a Port Connected to a Cisco 7960 IP Phone Because a Cisco 7960 IP Phone also supports a connection to a PC or other device, a port connecting the switch to a Cisco IP Phone can carry mixed traffic. You can configure a port to determine how the IP phone carries voice traffic and data traffic.
Page 257: Configuring The Priority Of Incoming Data Frames
Configuring the Priority of Incoming Data Frames You can connect a PC or other data device to a Cisco IP Phone port. To process tagged data traffic (in 802.1Q or 802.1P frames), you can configure the switch to send CDP packets to instruct the IP phone how to send data packets from the device attached to the access port on the Cisco IP Phone.
Page 258: Displaying Voice Vlan
To return the port to its default setting, use the no switchport priority extend interface configuration command. Displaying Voice VLAN To display voice VLAN configuration for an interface, use the show interfaces interface-id switchport privileged EXEC command. Catalyst 3750 Metro Switch Software Configuration Guide 12-6 78-15870-01...
Page 259 VLAN and Layer 2 protocol configurations of each customer without impacting the traffic of other customers. The Catalyst 3750 Metro switch supports 802.1Q tunneling and Layer 2 protocol tunneling, as well as VLAN mapping (VLAN-ID translation).
Page 260: Understanding 802.1Q Tunneling
The original 802.1Q tag from the customer is preserved in the encapsulated packet. Therefore, packets entering the service-provider infrastructure are double-tagged, with the outer tag containing the customer’s access VLAN ID, and the inner VLAN ID being the VLAN of the incoming traffic. Catalyst 3750 Metro Switch Software Configuration Guide 13-2 78-15870-01...
Page 261 802.1Q trunk port. The priority field on the metro tag is set to the interface class of service (CoS) priority configured on the tunnel port (the default is zero if none is configured). Catalyst 3750 Metro Switch Software Configuration Guide 13-3...
Page 262: Configuring 802.1Q Tunneling
The packet carries only the VLAN 30 tag through the service-provider network to the trunk port of the egress edge switch (Switch C) and is misdirected through the egress switch tunnel port to Customer Y. Catalyst 3750 Metro Switch Software Configuration Guide 13-4 78-15870-01...
Page 263: System Mtu
Q = 802.1Q trunk ports System MTU The default system MTU for traffic on the Catalyst 3750 Metro switch is 1500 bytes. You can configure Fast Ethernet ports to support frames larger than 1500 bytes by using the system mtu global configuration command.
Page 264: 802.1Q Tunneling And Other Features
Loopback detection is supported on 802.1Q tunnel ports. • When a port is configured as an 802.1Q tunnel port, spanning-tree bridge protocol data unit (BPDU) filtering is automatically enabled on the interface. Cisco Discovery Protocol (CDP) is automatically disabled on the interface. Configuring an 802.1Q Tunneling Port Beginning in privileged EXEC mode, follow these steps to configure a port as an 802.1Q tunnel port:...
Page 265: Configuring Vlan Mapping
The service-provider VLANs are not seen by the switch, so all configuration and statistics are done with the customer side-VLANs. Note Do not configure VLAN mapping on an interface configured for MPLS or EoMPLS. Catalyst 3750 Metro Switch Software Configuration Guide 13-7 78-15870-01...
Page 266: Default Vlan Mapping Configuration
Metro switch B Metro switch B Customer switches Customer Catalyst switch 6500 Customer A Access, ISL, Access, ISL, VLANs 1-5 or 802.1Q trunk or 802.1Q trunk Host VLAN mapping at enhanced services ports Catalyst 3750 Metro Switch Software Configuration Guide 13-8 78-15870-01...
Page 267: Mapping Customer 802.1Q Traffic With Vlan Ids
802.1Q tagged traffic: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Enter interface configuration mode and the ES interface connected to the service-provider network. Catalyst 3750 Metro Switch Software Configuration Guide 13-9 78-15870-01...
Page 268: Understanding Layer 2 Protocol Tunneling
VLAN should build a proper spanning tree that includes the local site and all remote sites across the service-provider infrastructure. Cisco Discovery Protocol (CDP) must discover neighboring Cisco devices from local and remote sites. VLAN Trunking Protocol (VTP) must provide consistent VLAN configuration throughout all sites in the customer network.
Page 269 Switch B Switch D Trunk Trunk ports ports VLAN 40 VLAN 40 Trunk Customer Y Site 1 Asymmetric link Customer Y Site 2 VLANs 1 to 200 VLANs 1 to 200 Catalyst 3750 Metro Switch Software Configuration Guide 13-11 78-15870-01...
Page 270: Configuring Layer 2 Protocol Tunneling
PDU-destination MAC address with a well-known Cisco proprietary multicast address (01-00-0c-cd-cd-d0). If 802.1Q tunneling is enabled, packets are also double-tagged; the outer tag is the customer metro tag and the inner tag is the customer VLAN tag.
Page 271: Default Layer 2 Protocol Tunneling Configuration
PDUs without any processing or modification. • EtherChannel port groups are compatible with tunnel ports as long as the 802.1Q configuration is consistent within an EtherChannel port group. Catalyst 3750 Metro Switch Software Configuration Guide 13-13 78-15870-01...
Page 272: Configuring Layer 2 Tunneling
1 to 4096. The default is to have no threshold configured. Note If you also set a drop threshold on this interface, the shutdown-threshold value must be greater than or equal to the drop-threshold value. Catalyst 3750 Metro Switch Software Configuration Guide 13-14 78-15870-01...
Page 273 COS for Encapsulated Packets: 7 Port Protocol Shutdown Drop Encapsulation Decapsulation Drop Threshold Threshold Counter Counter Counter ------- -------- --------- --------- ------------- ------------- ------------- Gi1/0/2 cdp 1500 1000 1500 1000 1500 1000 Catalyst 3750 Metro Switch Software Configuration Guide 13-15 78-15870-01...
Page 274: Monitoring And Maintaining Tunneling And Mapping Status
Display VLAN mapping information (contents of the VLAN mapping table) for the ES ports. For detailed information about these displays, refer to the command reference for this release. Catalyst 3750 Metro Switch Software Configuration Guide 13-16 78-15870-01...
Page 275: Understanding Spanning-Tree Features
Catalyst 3750 Metro switch. The switch uses the per-VLAN spanning-tree plus (PVST+) protocol based on the IEEE 802.1D standard and Cisco proprietary extensions, or it can use the rapid per-VLAN spanning-tree plus (rapid-PVST+) protocol based on the IEEE 802.1w standard.
Page 276: Configuring Stp
The spanning-tree port priority value represents the location of a port in the network topology and how well it is located to pass traffic. The path cost value represents the media speed. Catalyst 3750 Metro Switch Software Configuration Guide 14-2 78-15870-01...
Page 277: Spanning-Tree Topology And Bpdus
LAN is called the designated port. All paths that are not needed to reach the root switch from anywhere in the switched network are placed in the spanning-tree blocking mode. Catalyst 3750 Metro Switch Software Configuration Guide 14-3 78-15870-01...
Page 278: Bridge Id, Switch Priority, And Extended System Id
Forwarding—The interface forwards frames. • Disabled—The interface is not participating in spanning tree because of a shutdown port, no link on • the port, or no spanning-tree instance running on the port. Catalyst 3750 Metro Switch Software Configuration Guide 14-4 78-15870-01...
Page 279: Blocking State
BPDU is sent to each switch interface. A switch initially functions as the root until it exchanges BPDUs with other switches. This exchange establishes which switch in the network is the root or root switch. If Catalyst 3750 Metro Switch Software Configuration Guide 14-5...
Page 280: Listening State
An interface in the forwarding state performs these functions: Receives and forwards frames received on the interface • Forwards frames switched from another interface • • Learns addresses • Receives BPDUs Catalyst 3750 Metro Switch Software Configuration Guide 14-6 78-15870-01...
Page 281: Disabled State
Ethernet link. By changing the spanning-tree port priority on the Gigabit Ethernet port to a higher priority (lower numerical value) than the root port, the Gigabit Ethernet port becomes the new root port. Catalyst 3750 Metro Switch Software Configuration Guide 14-7...
Page 282: Spanning Tree And Redundant Connectivity
The accelerated aging is the same as the forward-delay parameter value (spanning-tree vlan vlan-id forward-time seconds global configuration command) when the spanning tree reconfigures. Catalyst 3750 Metro Switch Software Configuration Guide 14-8 78-15870-01...
Page 283: Spanning-Tree Modes And Protocols
Spanning-Tree Modes and Protocols The switch supports these spanning-tree modes and protocols: PVST+—This spanning-tree mode is based on the IEEE 802.1D standard and Cisco proprietary • extensions. It is the default spanning-tree mode used on all Ethernet, Fast Ethernet, and Gigabit Ethernet port-based VLANs.
Page 284: Supported Spanning-Tree Instances
VLAN allowed on the trunks. When you connect a Cisco switch to a non-Cisco device through an 802.1Q trunk, the Cisco switch uses PVST+ to provide spanning-tree interoperability. If rapid PVST+ is enabled, the switch uses it instead of PVST+.
Page 285: Vlan-Bridge Spanning Tree
Configuring Spanning-Tree Features VLAN-Bridge Spanning Tree Cisco VLAN-bridge spanning tree is used with the fallback bridging feature (bridge groups), which forwards non-IP protocols such as DECnet between two or more VLAN bridge domains or routed ports. The VLAN-bridge spanning tree allows the bridge groups to form a spanning tree on top of the individual VLAN spanning trees to prevent loops from forming if there are multiple connections among VLANs.
Page 286: Spanning-Tree Configuration Guidelines
You can prevent this possibility by setting up allowed lists on the trunk ports of switches that have used up their allocation of spanning-tree instances. Setting up allowed lists is not necessary in many cases and can make it more labor-intensive to add another VLAN to the network. Catalyst 3750 Metro Switch Software Configuration Guide 14-12 78-15870-01...
Page 287: Changing The Spanning-Tree Mode
802.1D switch, restart the protocol migration process on the entire switch. This step is optional if the designated switch detects that this switch is running rapid PVST+. Catalyst 3750 Metro Switch Software Configuration Guide 14-13 78-15870-01...
Page 288: Disabling Spanning Tree
VLAN. Because of the extended system ID support, the switch sets its own priority for the specified VLAN to 24576 if this value will cause this switch to become the root for the specified VLAN. Catalyst 3750 Metro Switch Software Configuration Guide 14-14 78-15870-01...
Page 289 (Optional) For hello-time seconds, specify the interval in • seconds between the generation of configuration messages by the root switch. The range is 1 to 10; the default is 2. Step 3 Return to privileged EXEC mode. Catalyst 3750 Metro Switch Software Configuration Guide 14-15 78-15870-01...
Page 290: Configuring A Secondary Root Switch
Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id root global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 14-16 78-15870-01...
Page 291: Configuring Port Priority
The show spanning-tree interface interface-id privileged EXEC command displays information only if the port is in a link-up operative state. Otherwise, you can use the show running-config interface privileged EXEC command to confirm the configuration. Catalyst 3750 Metro Switch Software Configuration Guide 14-17 78-15870-01...
Page 292: Configuring Path Cost
Return to privileged EXEC mode. Step 6 show spanning-tree interface interface-id Verify your entries. show spanning-tree vlan vlan-id Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 3750 Metro Switch Software Configuration Guide 14-18 78-15870-01...
Page 293: Configuring The Switch Priority Of A Vlan
“Configuring Trunk Ports for Load Sharing” section on page 10-24. Configuring the Switch Priority of a VLAN You can configure the switch priority and make it more likely that Catalyst 3750 Metro switch will be chosen as the root switch. Note Exercise care when using this command.
Page 294: Configuring Spanning-Tree Timers
Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id hello-time global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 14-20 78-15870-01...
Page 295: Configuring The Forwarding-Delay Time For A Vlan
Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id max-age global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 14-21 78-15870-01...
Page 296: Displaying The Spanning-Tree Status
You can clear spanning-tree counters by using the clear spanning-tree [interface interface-id] privileged EXEC command. For information about other keywords for the show spanning-tree privileged EXEC command, refer to the command reference for this release. Catalyst 3750 Metro Switch Software Configuration Guide 14-22 78-15870-01...
Page 297: Chapter 15 Configuring Mstp
C H A P T E R Configuring MSTP This chapter describes how to configure the Cisco implementation of the IEEE 802.1s Multiple STP (MSTP) on the Catalyst 3750 Metro switch. The MSTP enables multiple VLANs to be mapped to the same spanning-tree instance, thereby reducing the number of spanning-tree instances needed to support a large number of VLANs.
Page 298: Understanding Mstp
RSTP bridge protocol data units (BPDUs). There is no limit to the number of MST regions in a network, but each region can support up to 16 spanning-tree instances. You can assign a VLAN to only one spanning-tree instance at a time. Catalyst 3750 Metro Switch Software Configuration Guide 15-2 78-15870-01...
Page 299: Ist, Cist, And Cst
For correct operation, all switches in the MST region must agree on the same IST master. Therefore, any two switches in the region synchronize their port roles for an MST instance only if they converge to a common IST master. Catalyst 3750 Metro Switch Software Configuration Guide 15-3 78-15870-01...
Page 300: Operations Between Mst Regions
VLAN cost, port VLAN priority) can be configured on both the CST instance and the MST instance. MSTP switches use version 3 RSTP BPDUs or 802.1D STP BPDUs to communicate with legacy 802.1D switches. MSTP switches use MSTP BPDUs to communicate with MSTP switches. Catalyst 3750 Metro Switch Software Configuration Guide 15-4 78-15870-01...
Page 301: Hop Count
BPDU, an MSTP BPDU (version 3) associated with a different region, or an RSTP BPDU (version 2). Catalyst 3750 Metro Switch Software Configuration Guide 15-5...
Page 302: Understanding Rstp
A port with the root or a designated port role is included in the active topology. A port with the alternate or backup port role is excluded from the active topology. Catalyst 3750 Metro Switch Software Configuration Guide 15-6 78-15870-01...
Page 303: Rapid Convergence
Disabled Disabled Discarding To be consistent with Cisco STP implementations, this guide documents the port state as blocking instead of discarding. Designated ports start in the listening state. Rapid Convergence The RSTP provides for rapid recovery of connectivity following the failure of a switch, a switch port, or a LAN.
Page 304: Synchronization Of Port Roles
When the switches connected by a point-to-point link are in agreement about their port roles, the RSTP immediately transitions the port states to forwarding. The sequence of events is shown in Figure 15-3. Catalyst 3750 Metro Switch Software Configuration Guide 15-8 78-15870-01...
Page 305: Bridge Protocol Data Unit Format And Processing
LAN. The port role in the proposal message is always set to the designated port. The sending switch sets the agreement flag in the RSTP BPDU to accept the previous proposal. The port role in the agreement message is always set to the root port. Catalyst 3750 Metro Switch Software Configuration Guide 15-9 78-15870-01...
Page 306: Processing Superior Bpdu Information
802.1D switch and a configuration BPDU with the TCA bit set is received, the TC-while timer is reset. This behavior is only required to support 802.1D switches. The RSTP BPDUs never have the TCA bit set. Catalyst 3750 Metro Switch Software Configuration Guide 15-10 78-15870-01...
Page 307: Configuring Mstp Features
Configuring the Maximum-Aging Time, page 15-21 (optional) • Configuring the Maximum-Hop Count, page 15-21 (optional) • Specifying the Link Type to Ensure Rapid Transitions, page 15-22 (optional) • Restarting the Protocol Migration Process, page 15-22 (optional) Catalyst 3750 Metro Switch Software Configuration Guide 15-11 78-15870-01...
Page 308: Default Mstp Configuration
MST region by using the command-line interface (CLI) or through the SNMP support. • For load balancing across redundant paths in the network to work, all VLAN-to-instance mapping assignments must match; otherwise, all traffic flows on a single link. Catalyst 3750 Metro Switch Software Configuration Guide 15-12 78-15870-01...
Page 309: Specifying The Mst Region Configuration And Enabling Mstp
Specify the configuration revision number. The range is 0 to 65535. Step 6 show pending Verify your configuration by displaying the pending configuration. Step 7 exit Apply all changes, and return to global configuration mode. Catalyst 3750 Metro Switch Software Configuration Guide 15-13 78-15870-01...
Page 310: Configuring The Root Switch
ID support, the switch sets its own priority for the specified instance to 24576 if this value will cause this switch to become the root for the specified spanning-tree instance. Catalyst 3750 Metro Switch Software Configuration Guide 15-14...
Page 311 2 seconds. Step 3 Return to privileged EXEC mode. Step 4 show spanning-tree mst instance-id Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 3750 Metro Switch Software Configuration Guide 15-15 78-15870-01...
Page 312: Configuring A Secondary Root Switch
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst instance-id root global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 15-16 78-15870-01...
Page 313: Configuring Port Priority
Otherwise, you can use the show running-config interface privileged EXEC command to confirm the configuration. To return the interface to its default setting, use the no spanning-tree mst instance-id port-priority interface configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 15-17 78-15870-01...
Page 314: Configuring Path Cost
Otherwise, you can use the show running-config privileged EXEC command to confirm the configuration. To return the interface to its default setting, use the no spanning-tree mst instance-id cost interface configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 15-18 78-15870-01...
Page 315: Configuring The Switch Priority
Beginning in privileged EXEC mode, follow these steps to configure the hello time for all MST instances. This procedure is optional. Catalyst 3750 Metro Switch Software Configuration Guide 15-19 78-15870-01...
Page 316: Configuring The Forwarding-Delay Time
Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst forward-time global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 15-20 78-15870-01...
Page 317: Configuring The Maximum-Aging Time
Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst max-hops global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 15-21 78-15870-01...
Page 318: Specifying The Link Type To Ensure Rapid Transitions
To restart the protocol migration process (force the renegotiation with neighboring switches) on the switch, use the clear spanning-tree detected-protocols privileged EXEC command. To restart the protocol migration process on a specific port, use the clear spanning-tree detected-protocols interface interface-id privileged EXEC command. Catalyst 3750 Metro Switch Software Configuration Guide 15-22 78-15870-01...
Page 319: Displaying The Mst Configuration And Status
Displays MST information for the specified interface. For information about other keywords for the show spanning-tree privileged EXEC command, refer to the command reference for this release. Catalyst 3750 Metro Switch Software Configuration Guide 15-23 78-15870-01...
Page 320 Chapter 15 Configuring MSTP Displaying the MST Configuration and Status Catalyst 3750 Metro Switch Software Configuration Guide 15-24 78-15870-01...
Page 321: Understanding Optional Spanning-Tree Features
C H A P T E R Configuring Optional Spanning-Tree Features This chapter describes how to configure optional spanning-tree features on the Catalyst 3750 Metro switch. You can configure all of these features when your switch is running the per-VLAN spanning-tree plus (PVST+).
Page 322: Understanding Optional Spanning-Tree Features
If your switch is running PVST+, rapid PVST+, or MSTP, you can enable this feature by using the spanning-tree portfast interface configuration or the spanning-tree portfast default global configuration command. Figure 16-1 Port Fast-Enabled Interfaces Server Port Fast-enabled port Port Fast-enabled ports Workstations Workstations Catalyst 3750 Metro Switch Software Configuration Guide 16-2 78-15870-01...
Page 323: Understanding Bpdu Guard
Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in Caution spanning-tree loops. If your switch is running PVST+, rapid PVST+, or MSTP, you can enable the BPDU filtering feature for the entire switch or for an interface. Catalyst 3750 Metro Switch Software Configuration Guide 16-3 78-15870-01...
Page 324: Understanding Uplinkfast
Specifically, an uplink group consists of the root port (which is forwarding) and a set of blocked ports, except for self-looping ports. The uplink group provides an alternate path in case the currently forwarding link fails. Catalyst 3750 Metro Switch Software Configuration Guide 16-4 78-15870-01...
Page 325: Understanding Backbonefast
BPDUs from its designated switch. An inferior BPDU identifies a switch that declares itself as both the root bridge and Catalyst 3750 Metro Switch Software Configuration Guide 16-5...
Page 326 Switch B to Switch A. This switchover takes approximately 30 seconds, twice the Forward Delay time if the default Forward Delay time of 15 seconds is set. Figure 16-6 shows how BackboneFast reconfigures the topology to account for the failure of link L1. Catalyst 3750 Metro Switch Software Configuration Guide 16-6 78-15870-01...
Page 327: Understanding Root Guard
(blocked) state to prevent the customer’s switch from becoming the root switch or being in the path to the root. Catalyst 3750 Metro Switch Software Configuration Guide 16-7 78-15870-01...
Page 328: Understanding Loop Guard
When the switch is operating in PVST+ or rapid-PVST+ mode, loop guard prevents alternate and root ports from becoming designated ports, and spanning tree does not send BPDUs on root or alternate ports. Catalyst 3750 Metro Switch Software Configuration Guide 16-8...
Page 329: Default Optional Spanning-Tree Configuration
Root guard Disabled on all interfaces. Loop guard Disabled on all interfaces. Optional Spanning-Tree Configuration Guidelines The UplinkFast and BackboneFast features are not supported with the rapid PVST+ or the MSTP. Catalyst 3750 Metro Switch Software Configuration Guide 16-9 78-15870-01...
Page 330: Enabling Port Fast
You can use the spanning-tree portfast default global configuration command to globally enable the Port Fast feature on all nontrunking ports. To disable the Port Fast feature, use the spanning-tree portfast disable interface configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 16-10 78-15870-01...
Page 331: Enabling Bpdu Guard
To disable BPDU guard, use the no spanning-tree portfast bpduguard default global configuration command. You can override the setting of the no spanning-tree portfast bpduguard default global configuration command by using the spanning-tree bpduguard enable interface configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 16-11 78-15870-01...
Page 332: Enabling Bpdu Filtering
To disable BPDU filtering, use the no spanning-tree portfast bpdufilter default global configuration command. You can override the setting of the no spanning-tree portfast bpdufilter default global configuration command by using the spanning-tree bpdufilter enable interface configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 16-12 78-15870-01...
Page 333: Enabling Uplinkfast For Use With Redundant Links
To return the update packet rate to the default setting, use the no spanning-tree uplinkfast max-update-rate global configuration command. To disable UplinkFast, use the no spanning-tree uplinkfast command. Catalyst 3750 Metro Switch Software Configuration Guide 16-13 78-15870-01...
Page 334: Enabling Backbonefast
Specify an interface to configure, and enter interface configuration mode. Step 3 spanning-tree guard root Enable root guard on the interface. By default, root guard is disabled on all interfaces. Catalyst 3750 Metro Switch Software Configuration Guide 16-14 78-15870-01...
Page 335: Enabling Loop Guard
To globally disable loop guard, use the no spanning-tree loopguard default global configuration command. You can override the setting of the no spanning-tree loopguard default global configuration command by using the spanning-tree guard loop interface configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 16-15 78-15870-01...
Page 336: Displaying The Spanning-Tree Status
You can clear spanning-tree counters by using the clear spanning-tree [interface interface-id] privileged EXEC command. For information about other keywords for the show spanning-tree privileged EXEC command, refer to the command reference for this release. Catalyst 3750 Metro Switch Software Configuration Guide 16-16 78-15870-01...
Page 337 This chapter describes how to configure Internet Group Management Protocol (IGMP) snooping on the Catalyst 3750 Metro switch, including an application of local IGMP snooping, Multicast VLAN Registration (MVR). It also includes procedures for controlling multicast group membership by using IGMP filtering.
Page 338: Understanding Igmp Snooping
For more information on IP multicast and IGMP, refer to RFC 1112 and RFC 2236. Note The multicast router (which could be a Catalyst 3750 Metro switch) sends out periodic general queries to all VLANs. All hosts interested in this multicast traffic send join requests and are added to the forwarding table entry.
Page 339 17-2. Note that because the forwarding table directs IGMP messages to only the CPU, the message is not flooded to other ports on the switch. Any known multicast traffic is forwarded to the group and not to the CPU. Catalyst 3750 Metro Switch Software Configuration Guide 17-3 78-15870-01...
Page 340: Leaving A Multicast Group
If the router receives no reports from a VLAN, it removes the group for the VLAN from its IGMP cache. Catalyst 3750 Metro Switch Software Configuration Guide 17-4...
Page 341: Immediate-Leave Processing
Table 17-3 Default IGMP Snooping Configuration Feature Default Setting IGMP snooping Enabled globally and per VLAN Multicast routers None configured Multicast router learning (snooping) method PIM-DVMRP IGMP snooping Immediate Leave Disabled Static groups None configured Catalyst 3750 Metro Switch Software Configuration Guide 17-5 78-15870-01...
Page 342: Enabling Or Disabling Igmp Snooping
Snooping on IGMP queries, Protocol Independent Multicast (PIM) packets, and Distance Vector Multicast Routing Protocol (DVMRP) packets • Listening to Cisco Group Management Protocol (CGMP) packets from other routers • Statically connecting to a multicast router port with the ip igmp snooping mrouter global...
Page 343 IGMP snooping is running in IGMP_ONLY mode on this Vlan To return to the default learning method, use the no ip igmp snooping vlan vlan-id mrouter learn cgmp global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 17-7 78-15870-01...
Page 344: Configuring A Multicast Router Port
This example shows how to enable a static connection to a multicast router and verify the configuration: Switch# configure terminal Switch(config)# ip igmp snooping vlan 200 mrouter interface gigabitethernet1/0/2 Switch(config)# end Switch# show ip igmp snooping mrouter vlan 200 Vlan ports -----+---------------------------------------- Gi1/0/2(static)nnnn Catalyst 3750 Metro Switch Software Configuration Guide 17-8 78-15870-01...
Page 345: Configuring A Host Statically To Join A Group
Switch# configure terminal Switch(config)# ip igmp snooping vlan 1 static 224.1.2.3 interface gigabitethernet1/0/1 Switch(config)# end Switch# show ip igmp snooping multicast Vlan Group Address Type Ports ---- ------------- ---- ----- 224.1.2.3 USER Gi1/0/1 Catalyst 3750 Metro Switch Software Configuration Guide 17-9 78-15870-01...
Page 346: Enabling Igmp Immediate-Leave Processing
VLAN interfaces. You can also display MAC address multicast entries for a VLAN configured for IGMP snooping. To display IGMP snooping information, use one or more of the privileged EXEC commands in Table 17-4. Catalyst 3750 Metro Switch Software Configuration Guide 17-10 78-15870-01...
Page 347 These are dynamically learned interfaces. (Optional) Enter vlan vlan-id to display information for a single VLAN. For more information about the keywords and options in these commands, refer to the command reference for this release. Catalyst 3750 Metro Switch Software Configuration Guide 17-11 78-15870-01...
Page 348: Understanding Multicast Vlan Registration
Only Layer 2 ports take part in MVR. You must configure ports as MVR receiver ports. Only one MVR multicast VLAN per switch is supported. Catalyst 3750 Metro Switch Software Configuration Guide 17-12 78-15870-01...
Page 349: Using Mvr In A Multicast Television Application
RP1 RP2 RP3 RP4 RP5 RP6 RP7 Customer premises IGMP join Set-top box Set-top box data RP = Receiver Port Note: All source ports belong to SP = Source Port the multicast VLAN. Catalyst 3750 Metro Switch Software Configuration Guide 17-13 78-15870-01...
Page 350: Configuring Mvr
MVR configuration. Table 17-5 Default MVR Configuration Feature Default Setting Disabled globally and per interface Multicast addresses None configured Query response time 0.5 second Multicast VLAN VLAN 1 Mode Compatible Catalyst 3750 Metro Switch Software Configuration Guide 17-14 78-15870-01...
Page 351: Mvr Configuration Guidelines And Limitations
Beginning in privileged EXEC mode, follow these steps to configure MVR parameters: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 Enable MVR on the switch. Catalyst 3750 Metro Switch Software Configuration Guide 17-15 78-15870-01...
Page 352 Switch(config)# mvr querytime 10 Switch(config)# mvr vlan 22 Switch(config)# mvr mode dynamic Switch(config)# end You can use the show mvr members privileged EXEC command to verify the MVR multicast group addresses on the switch. Catalyst 3750 Metro Switch Software Configuration Guide 17-16 78-15870-01...
Page 353: Configuring Mvr Interfaces
(Optional) Save your entries in the configuration file. To return the interface to its default settings, use the no mvr [type | immediate | vlan vlan-id | group] interface configuration commands. Catalyst 3750 Metro Switch Software Configuration Guide 17-17 78-15870-01...
Page 354: Displaying Mvr Information
VLAN ID range is 1 to 4094; do not enter leading zeros. show mvr members [ip-address] Displays all receiver and source ports that are members of any IP multicast group or the specified IP multicast group IP address. Catalyst 3750 Metro Switch Software Configuration Guide 17-18 78-15870-01...
Page 355: Configuring Igmp Filtering
Specifies that matching addresses are permitted. • • range: Specifies a range of IP addresses for the profile. You can enter a single IP address or a range with a start and an end address. Catalyst 3750 Metro Switch Software Configuration Guide 17-19 78-15870-01...
Page 356: Applying Igmp Profiles
IGMP profiles to routed ports or SVIs. You cannot apply profiles to ports that belong to an EtherChannel port group. You can apply a profile to multiple interfaces, but each interface can only have one profile applied to it. Catalyst 3750 Metro Switch Software Configuration Guide 17-20 78-15870-01...
Page 357: Setting The Maximum Number Of Igmp Groups
The range is from 0 to 4294967294. The default is to have no maximum set. Step 4 Return to privileged EXEC mode. Step 5 show running-config interface Verify the configuration. interface-id Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 3750 Metro Switch Software Configuration Guide 17-21 78-15870-01...
Page 358: Displaying Igmp Filtering Configuration
Displays the configuration of the specified interface or all interfaces on the switch, interface-id] including (if configured) the maximum number of IGMP groups to which an interface can belong and the IGMP profile applied to the interface. Catalyst 3750 Metro Switch Software Configuration Guide 17-22 78-15870-01...
Page 359: Configuring Storm Control
C H A P T E R Configuring Port-Based Traffic Control This chapter describes how to configure port-based traffic control features on the Catalyst 3750 Metro switch. Note For complete syntax and usage information for the commands used in this chapter, refer to the command reference for this release.
Page 360: Configuring Storm Control
When the storm control threshold for multicast traffic is reached, all multicast traffic except control traffic, such as bridge protocol data unit (BDPU) and Cisco Discovery Protocol (CDP) frames, are blocked. However, the switch does not differentiate between routing updates, such as OSPF, and regular multicast data traffic, so both types of traffic are blocked.
Page 361: Default Storm Control Configuration
100 percent means that no limit is placed on broadcast traffic. A value of 0.0 means that all unicast traffic on that port is blocked. Step 6 Return to privileged EXEC mode. Catalyst 3750 Metro Switch Software Configuration Guide 18-3 78-15870-01...
Page 362: Configuring Protected Ports
Layer 3 device. Forwarding behavior between a protected port and a nonprotected port proceeds as usual. • Default Protected Port Configuration The default is to have no protected ports defined. Catalyst 3750 Metro Switch Software Configuration Guide 18-4 78-15870-01...
Page 363: Protected Port Configuration Guidelines
(protected or nonprotected) from flooding unknown unicast or multicast packets to other ports. Default Port Blocking Configuration The default is to not block flooding of unknown multicast and unicast traffic out of a port, but to flood these packets to all ports. Catalyst 3750 Metro Switch Software Configuration Guide 18-5 78-15870-01...
Page 364: Blocking Flooded Traffic On An Interface
MAC addresses, a security violation occurs. Also, if a station with a secure MAC address configured or learned on one secure port attempts to access another secure port, a violation is flagged. Catalyst 3750 Metro Switch Software Configuration Guide 18-6...
Page 365: Understanding Port Security
If you do not save the sticky secure addresses, they are lost. If sticky learning is disabled, the sticky secure MAC addresses are converted to dynamic secure addresses and are removed from the running configuration. Catalyst 3750 Metro Switch Software Configuration Guide 18-7 78-15870-01...
Page 366: Security Violations
1. Packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses. 2. The switch returns an error message if you manually configure an address that would cause a security violation. Catalyst 3750 Metro Switch Software Configuration Guide 18-8...
Page 367: Default Port Security Configuration
VLAN. When the port is connected to a Cisco IP phone, the IP phone requires up to two MAC addresses. The IP phone address is learned on the voice VLAN and might also be learned on the access VLAN.
Page 368: Enabling And Configuring Port Security
VLANs • separated by a hyphen, or a series of VLANs separated by commas. For non-specified VLANs, the per-VLAN maximum value is used. Catalyst 3750 Metro Switch Software Configuration Guide 18-10 78-15870-01...
Page 369 If you do not enable sticky learning before this command is entered, Note an error message appears, and you cannot enter a sticky secure MAC address. Step 10 Return to privileged EXEC mode. Catalyst 3750 Metro Switch Software Configuration Guide 18-11 78-15870-01...
Page 370 This example shows how to configure a static secure MAC address on VLAN 3 on an interface: Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security mac-address 0000.02000.0004 vlan 3 Catalyst 3750 Metro Switch Software Configuration Guide 18-12 78-15870-01...
Page 371: Enabling And Configuring Port Security Aging
To disable port security aging for all secure addresses on a port, use the no switchport port-security aging time interface configuration command. To disable aging for only statically configured secure addresses, use the no switchport port-security aging static interface configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 18-13 78-15870-01...
Page 372: Displaying Port-Based Traffic Control Settings
[interface interface-id] address Displays all secure MAC addresses configured on all switch interfaces or on a specified interface with aging information for each address. show port-security interface interface-id vlan Displays the number of secure MAC addresses configured per VLAN on the specified interface. Catalyst 3750 Metro Switch Software Configuration Guide 18-14 78-15870-01...
Page 373: Chapter 19 Configuring Cdp
• Understanding CDP CDP is a device discovery protocol that runs over Layer 2 (the data link layer) on all Cisco-manufactured devices (routers, bridges, access servers, and switches) and allows network management applications to discover Cisco devices that are neighbors of already known devices. With CDP, network management applications can learn the device type and the Simple Network Management Protocol (SNMP) agent address of neighboring devices running lower-layer, transparent protocols.
Page 374: Configuring Cdp
The range is 10 to 255 seconds; the default is 180 seconds. Step 4 cdp advertise-v2 (Optional) Configure CDP to send version-2 advertisements. This is the default state. Step 5 Return to privileged EXEC mode. Catalyst 3750 Metro Switch Software Configuration Guide 19-2 78-15870-01...
Page 375: Disabling And Enabling Cdp
Enable CDP after disabling it. Step 3 Return to privileged EXEC mode. This example shows how to enable CDP if it has been disabled. Switch# configure terminal Switch(config)# cdp run Switch(config)# end Catalyst 3750 Metro Switch Software Configuration Guide 19-3 78-15870-01...
Page 376: Disabling And Enabling Cdp On An Interface
(Optional) Save your entries in the configuration file. This example shows how to enable CDP on a port when it has been disabled. Switch# configure terminal Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# cdp enable Switch(config-if)# end Catalyst 3750 Metro Switch Software Configuration Guide 19-4 78-15870-01...
Page 377: Monitoring And Maintaining Cdp
This is an example of the output from the show cdp privileged EXEC commands: Switch# show cdp Global CDP information: Sending CDP packets every 50 seconds Sending a holdtime value of 120 seconds Sending CDPv2 advertisements is enabled Catalyst 3750 Metro Switch Software Configuration Guide 19-5 78-15870-01...
Page 378 Chapter 19 Configuring CDP Monitoring and Maintaining CDP Catalyst 3750 Metro Switch Software Configuration Guide 19-6 78-15870-01...
Page 379: Chapter 20 Configuring Udld
When you enable both autonegotiation and UDLD, the Layer 1 and Layer 2 detections work together to prevent physical and logical unidirectional connections and the malfunctioning of other protocols. Catalyst 3750 Metro Switch Software Configuration Guide 20-1 78-15870-01...
Page 380: Methods To Detect Unidirectional Links
UDLD sends at least one message to inform the neighbors to flush the part of their caches affected by the status change. The message is intended to keep the caches synchronized. Catalyst 3750 Metro Switch Software Configuration Guide 20-2 78-15870-01...
Page 381 If UDLD is in normal mode, the logical link is considered undetermined, and UDLD does not disable the interface. Switch B Catalyst 3750 Metro Switch Software Configuration Guide 20-3 78-15870-01...
Page 382: Configuring Udld
A UDLD-capable interface also cannot detect a unidirectional link if it is connected to a UDLD-incapable interface of another switch. • When configuring the mode (normal or aggressive), make sure that the same mode is configured on both sides of the link. Catalyst 3750 Metro Switch Software Configuration Guide 20-4 78-15870-01...
Page 383: Enabling Udld Globally
UDLD on an interface: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the interface to be enabled for UDLD, and enter interface configuration mode. Catalyst 3750 Metro Switch Software Configuration Guide 20-5 78-15870-01...
Page 384: Resetting An Interface Disabled By Udld
To display the UDLD status for the specified interface or for all interfaces, use the show udld [interface-id] privileged EXEC command. For detailed information about the fields in the display, refer to the command reference for this release. Catalyst 3750 Metro Switch Software Configuration Guide 20-6 78-15870-01...
Page 385: Chapter 21 Configuring Span And Rspan
You can use the SPAN or RSPAN destination port to inject traffic from a network security device. For example, if you connect a Cisco Intrusion Detection System (IDS) sensor appliance to a destination port, the IDS device can send TCP reset packets to close down the TCP session of a suspected attacker.
Page 386: Local Span
RSPAN VLAN to a destination session monitoring the RSPAN VLAN. Each RSPAN source switch must have either ports or VLANs as RSPAN sources. The destination is always a physical port. Catalyst 3750 Metro Switch Software Configuration Guide 21-2 78-15870-01...
Page 387: Span And Rspan Concepts And Terminology
To configure an RSPAN source session on a device, you associate a set of source ports or source VLANs with an RSPAN VLAN. The output of this session is the stream of SPAN Catalyst 3750 Metro Switch Software Configuration Guide 21-3...
Page 388: Monitored Traffic
A copy of each packet received by the source is sent to the destination port for that SPAN session. Packets that are modified because of routing or quality of service (QoS)—for example, modified Differentiated Services Code Point (DSCP)—are copied before modification. Catalyst 3750 Metro Switch Software Configuration Guide 21-4 78-15870-01...
Page 389: Source Ports
The default configuration for local SPAN session ports is to send all packets untagged. SPAN also does not normally monitor bridge protocol data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol (PAgP).
Page 390: Source Vlans
SPAN traffic coming from other port types is not affected by VLAN filtering; that is, all VLANs are allowed on other ports. • VLAN filtering affects only traffic forwarded to the destination SPAN port and does not affect the switching of normal traffic. Catalyst 3750 Metro Switch Software Configuration Guide 21-6 78-15870-01...
Page 391: Destination Port
802.1Q, or ISL tagged packets. • For RSPAN, the original VLAN ID is lost because it is overwritten by the RSPAN VLAN identification. Therefore, all packets appear on the destination port as untagged. Catalyst 3750 Metro Switch Software Configuration Guide 21-7 78-15870-01...
Page 392: Rspan Vlan
On a source port, SPAN does not affect the STP status. STP can be active on trunk ports carrying an RSPAN VLAN. Cisco Discovery Protocol (CDP)—A SPAN destination port does not participate in CDP while the •...
Page 393: Configuring Span And Rspan
Encapsulation type (destination port) Native form (untagged packets). Ingress forwarding (destination port) Disabled VLAN filtering On a trunk interface used as a source port, all VLANs are monitored. RSPAN VLANs None configured. Catalyst 3750 Metro Switch Software Configuration Guide 21-9 78-15870-01...
Page 394: Configuring Local Span
VLANs specified with this keyword is monitored. By default, all VLANs are monitored on a trunk port. • You cannot mix source VLANs and filter VLANs within a single SPAN session. Catalyst 3750 Metro Switch Software Configuration Guide 21-10 78-15870-01...
Page 395 This is the default. • rx—Monitor received traffic. • tx—Monitor sent traffic. Note You can use the monitor session session_number source command multiple times to configure multiple source ports. Catalyst 3750 Metro Switch Software Configuration Guide 21-11 78-15870-01...
Page 396 This example shows how to disable monitoring received traffic on a port that was configured for bidirectional monitoring: Switch(config)# no monitor session 1 source interface gigabitethernet1/0/1 rx Traffic received on port 1 is not monitored, but traffic sent from this port continues to be monitored. Catalyst 3750 Metro Switch Software Configuration Guide 21-12 78-15870-01...
Page 397 Beginning in privileged EXEC mode, follow these steps to create a SPAN session, to specify the source ports or VLANs and the destination ports, and to enable ingress traffic on the destination port for a network security device (such as a Cisco IDS Sensor Appliance). Refer to the “Creating a Local SPAN Session”...
Page 398 802.1Q encapsulation and VLAN 6 as the default ingress VLAN. Switch(config)# no monitor session 2 Switch(config)# monitor session 2 source gigabitethernet1/0/1 rx Switch(config)# monitor session 2 destination interface gigabitethernet1/0/2 encapsulation replicate ingress dot1q vlan 6 Switch(config)# end Catalyst 3750 Metro Switch Software Configuration Guide 21-14 78-15870-01...
Page 399: Specifying Vlans To Filter
Step 8 copy running-config startup-config (Optional) Save the configuration in the configuration file. To monitor all VLANs on the trunk port, use the no monitor session session_number filter global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 21-15 78-15870-01...
Page 400: Configuring Rspan
You can configure any VLAN as an RSPAN VLAN as long as these conditions are met: • The same RSPAN VLAN is used for an RSPAN session in all the switches. – All participating switches support RSPAN. – Catalyst 3750 Metro Switch Software Configuration Guide 21-16 78-15870-01...
Page 401 To remove the remote SPAN characteristic from a VLAN and convert it back to a normal VLAN, use the no remote-span VLAN configuration command. This example shows how to create RSPAN VLAN 901. Switch(config)# vlan 901 Switch(config-vlan)# remote span Switch(config-vlan)# end Catalyst 3750 Metro Switch Software Configuration Guide 21-17 78-15870-01...
Page 402: Creating An Rspan Source Session
Verify the configuration. show running-config Step 7 copy running-config startup-config (Optional) Save the configuration in the configuration file. To delete a SPAN session, use the no monitor session session_number global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 21-18 78-15870-01...
Page 403: Creating An Rspan Destination Session
Specify the RSPAN session and the source RSPAN VLAN. remote vlan vlan-id For session_number, the range is from 1 to 66. For vlan-id, specify the source RSPAN VLAN to monitor. Catalyst 3750 Metro Switch Software Configuration Guide 21-19 78-15870-01...
Page 404: Creating An Rspan Destination Session And Configuring Ingress Traffic
Beginning in privileged EXEC mode, follow these steps to create an RSPAN destination session, to specify the source RSPAN VLAN and the destination port, and to enable ingress traffic on the destination port for a network security device (such as a Cisco IDS Sensor Appliance). Refer to the “Creating an RSPAN Destination Session”...
Page 405 VLAN 6 as the default ingress VLAN. Switch(config)# monitor session 2 source remote vlan 901 Switch(config)# monitor session 2 destination interface gigabitethernet1/0/2 ingress vlan 6 Switch(config)# end Catalyst 3750 Metro Switch Software Configuration Guide 21-21 78-15870-01...
Page 406: Specifying Vlans To Filter
Switch(config)# no monitor session 2 Switch(config)# monitor session 2 source interface gigabitethernet1/0/2 rx Switch(config)# monitor session 2 filter vlan 1 - 5 , 9 Switch(config)# monitor session 2 destination remote vlan 902 Switch(config)# end Catalyst 3750 Metro Switch Software Configuration Guide 21-22 78-15870-01...
Page 407: Displaying Span And Rspan Status
To display the current SPAN or RSPAN configuration, use the show monitor user EXEC command. You can also use the show running-config privileged EXEC command to display configured SPAN or RSPAN sessions. Catalyst 3750 Metro Switch Software Configuration Guide 21-23 78-15870-01...
Page 408 Chapter 21 Configuring SPAN and RSPAN Displaying SPAN and RSPAN Status Catalyst 3750 Metro Switch Software Configuration Guide 21-24 78-15870-01...
Page 409: Chapter 22 Configuring Rmon
RMON-compliant console systems and network probes. RMON provides you with comprehensive network-fault diagnosis, planning, and performance-tuning information. For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS Note Configuration Fundamentals Command Reference for Release 12.1.
Page 410: Configuring Rmon
• Configuring RMON Alarms and Events, page 22-3 (required) • Collecting Group History Statistics on an Interface, page 22-5 (optional) • Collecting Group Ethernet Statistics on an Interface, page 22-6 (optional) Catalyst 3750 Metro Switch Software Configuration Guide 22-2 78-15870-01...
Page 411: Default Rmon Configuration
2147483647. • (Optional) For event-number, specify the event number to trigger when the rising or falling threshold exceeds its limit. (Optional) For owner string, specify the owner • of the alarm. Catalyst 3750 Metro Switch Software Configuration Guide 22-3 78-15870-01...
Page 412 This example also generates an SNMP trap when the event is triggered. Switch(config)# rmon event 1 log trap eventtrap description "High ifOutErrors" owner jjones Catalyst 3750 Metro Switch Software Configuration Guide 22-4 78-15870-01...
Page 413: Collecting Group History Statistics On An Interface
Display the contents of the switch history table. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. To disable history collection, use the no rmon collection history index interface configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 22-5 78-15870-01...
Page 414: Collecting Group Ethernet Statistics On An Interface
Displays the RMON history table. show rmon statistics Displays the RMON statistics table. For information about the fields in these displays, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1. Catalyst 3750 Metro Switch Software Configuration Guide...
Page 415: Chapter 23 Configuring System Message Logging
Configuring System Message Logging This chapter describes how to configure system message logging on the Catalyst 3750 Metro switch. For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS Note Configuration Fundamentals Command Reference for Release 12.1.
Page 416: Configuring System Message Logging
Table 23-4 on page 23-12. severity Single-digit code from 0 to 7 that is the severity of the message. For a description of the severity levels, see Table 23-3 on page 23-9. Catalyst 3750 Metro Switch Software Configuration Guide 23-2 78-15870-01...
Page 417: Default System Message Logging Configuration
Logging server Disabled. Syslog server IP address None configured. Server facility Local7 (see Table 23-4 on page 23-12). Server severity Informational (and numerically lower levels; see Table 23-3 on page 23-9). Catalyst 3750 Metro Switch Software Configuration Guide 23-3 78-15870-01...
Page 418: Disabling Message Logging
Use the show memory privileged EXEC command to view the free processor memory on the switch. However, this value is the maximum available, and the buffer size should not be set to this amount. Catalyst 3750 Metro Switch Software Configuration Guide 23-4 78-15870-01...
Page 419: Synchronizing Log Messages
Unsolicited messages and debug command output appears on the console after the prompt for user input Catalyst 3750 Metro Switch Software Configuration Guide 23-5 78-15870-01...
Page 420 (Optional) Save your entries in the configuration file. To disable synchronization of unsolicited messages and debug output, use the no logging synchronous [level severity-level | all] [limit number-of-buffers] line configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 23-6 78-15870-01...
Page 421: Enabling And Disabling Timestamps On Log Messages
Enable sequence numbers. Step 3 Return to privileged EXEC mode. Step 4 show running-config Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 3750 Metro Switch Software Configuration Guide 23-7 78-15870-01...
Page 422: Defining The Message Severity Level
To disable logging to syslog servers, use the no logging trap global configuration command. Table 23-3 describes the level keywords. It also lists the corresponding UNIX syslog definitions from the most severe level to the least severe level. Catalyst 3750 Metro Switch Software Configuration Guide 23-8 78-15870-01...
Page 423: Limiting Syslog Messages Sent To The History Table And To Snmp
Change the default level of syslog messages stored in the history file and sent to the SNMP server. Table 23-3 on page 23-9 for a list of level keywords. By default, warnings, errors, critical, alerts, and emergencies messages are sent. Catalyst 3750 Metro Switch Software Configuration Guide 23-9 78-15870-01...
Page 424: Configuring Unix Syslog Servers
If this is the case with your system, use the UNIX man syslogd command to decide what options must be added to or removed from the syslog command line to enable logging of remote syslog messages. Catalyst 3750 Metro Switch Software Configuration Guide 23-10 78-15870-01...
Page 425: Configuring The Unix System Logging Facility
IP address. To disable logging to syslog servers, enter the no logging trap global configuration command. Table 23-4 lists the UNIX system facilities supported by the software. For more information about these facilities, consult the operator’s manual for your UNIX operating system. Catalyst 3750 Metro Switch Software Configuration Guide 23-11 78-15870-01...
Page 426: Displaying The Logging Configuration
Displaying the Logging Configuration To display the logging configuration and the contents of the log buffer, use the show logging privileged EXEC command. For information about the fields in this display, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1.
Page 427: Chapter 24 Configuring Snmp
Note For complete syntax and usage information for the commands used in this chapter, refer to the switch command reference for this release and to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1. This chapter consists of these sections: Understanding SNMP, page 24-1 •...
Page 428: Snmp Versions
A combination of the security level and the security model determine which security mechanism is used when handling an SNMP packet. Available security models are SNMPv1, SNMPv2C, and SNMPv3. Catalyst 3750 Metro Switch Software Configuration Guide 24-2 78-15870-01...
Page 429: Snmp Manager Functions
1. With this operation, an SNMP manager does not need to know the exact variable name. A sequential search is performed to find the needed variable from within a table. 2. The get-bulk command only works with SNMPv2 or later. Catalyst 3750 Metro Switch Software Configuration Guide 24-3 78-15870-01...
Page 430: Snmp Agent Functions
(up or down), MAC address tracking, and so forth. The SNMP agent also responds to MIB-related queries sent by the SNMP manager in get-request, get-next-request, and set-request format. Figure 24-1 SNMP Network Get-request, Get-next-request, Network device Get-bulk, Set-request Get-response, traps SNMP Agent SNMP Manager Catalyst 3750 Metro Switch Software Configuration Guide 24-4 78-15870-01...
Page 431: Snmp Notifications
• Configuring SNMP Notifications, page 24-10 • • Setting the Agent Contact and Location Information, page 24-13 • Limiting TFTP Servers Used Through SNMP, page 24-13 • SNMP Examples, page 24-14 Catalyst 3750 Metro Switch Software Configuration Guide 24-5 78-15870-01...
Page 432: Default Snmp Configuration
Modifying the group's notify view affects all users associated with that group. Refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1 for information about when you should configure notify views.
Page 433: Disabling The Snmp Agent
MIB objects. By default, the community string permits read-only access to all objects. (Optional) For access-list-number, enter an IP standard access • list numbered from 1 to 99 and 1300 to 1999. Catalyst 3750 Metro Switch Software Configuration Guide 24-7 78-15870-01...
Page 434: Configuring Snmp Groups And Users
You can specify an identification name (engine ID) for the local or remote SNMP server engine on the switch. You can configure an SNMP server group that maps SNMP users to SNMP views, and you can add new users to the SNMP group. Catalyst 3750 Metro Switch Software Configuration Guide 24-8 78-15870-01...
Page 435 (Optional) Enter access access-list with a string (not to exceed 64 • characters) that is the name of the access list. Catalyst 3750 Metro Switch Software Configuration Guide 24-9 78-15870-01...
Page 436: Configuring Snmp Notifications
(notification types). You can enable any or all of these traps and configure a trap manager to receive them. Note Although visible in the command-line interface (CLI) online help, the fru-ctrl keyword is not supported. Catalyst 3750 Metro Switch Software Configuration Guide 24-10 78-15870-01...
Page 437 Though visible in the command-line help string, the fru-ctrl and flash insertion and removal keywords are not supported. You can use the snmp-server host global configuration command to a specific host to receive the notification types listed in Table 24-4. Catalyst 3750 Metro Switch Software Configuration Guide 24-11 78-15870-01...
Page 438 Step 8 snmp-server trap-timeout seconds (Optional) Define how often to resend trap messages. The range is 1 to 1000; the default is 30 seconds. Step 9 Return to privileged EXEC mode. Catalyst 3750 Metro Switch Software Configuration Guide 24-12 78-15870-01...
Page 439: Setting The Agent Contact And Location Information
Limit TFTP servers used for configuration file copies through access-list-number SNMP to the servers in the access list. For access-list-number, enter an IP standard access list numbered from 1 to 99 and 1300 to 1999. Catalyst 3750 Metro Switch Software Configuration Guide 24-13 78-15870-01...
Page 440: Snmp Examples
This example shows how to allow read-only access for all objects to members of access list 4 that use the comaccess community string. No other SNMP managers have access to any objects. SNMP Authentication Failure traps are sent by SNMPv2C to the host cisco.com using the community string public.
Page 441: Displaying Snmp Status
Switch(config)# snmp-server enable traps entity Switch(config)# snmp-server host cisco.com restricted entity This example shows how to enable the switch to send all traps to the host myhost.cisco.com using the community string public: Switch(config)# snmp-server enable traps Switch(config)# snmp-server host myhost.cisco.com public...
Page 442 Chapter 24 Configuring SNMP Displaying SNMP Status Catalyst 3750 Metro Switch Software Configuration Guide 24-16 78-15870-01...
Page 443: Chapter 25 Configuring Network Security With Acls
For complete syntax and usage information for the commands used in this chapter, refer to the command reference for this release and the “Configuring IP Services” section of the Cisco IOS IP and IP Routing Configuration Guide and the Cisco IOS IP and IP Routing Command Reference for IOS Release 12.1.
Page 444: Supported Acls
ACL is applied are only filtered by the port ACL. Outgoing routed IP packets are filtered by both the VLAN map and the router ACL. Other packets are filtered only by the VLAN map. Catalyst 3750 Metro Switch Software Configuration Guide 25-2 78-15870-01...
Page 445: Router Acls
Port ACLs are ACLs that are applied to Layer 2 interfaces on a switch. Port ACLs are supported only on physical interfaces and not on EtherChannel interfaces. Port ACLs are applied only on interfaces for inbound traffic. Catalyst 3750 Metro Switch Software Configuration Guide 25-3 78-15870-01...
Page 446: Vlan Maps
VLAN 10 from being forwarded. You can apply only one VLAN map to a VLAN.w Figure 25-2 Using VLAN Maps to Control Traffic Host A Host B (VLAN 10) (VLAN 10) = VLAN map denying specific type of traffic from Host A = Packet Catalyst 3750 Metro Switch Software Configuration Guide 25-4 78-15870-01...
Page 447: Handling Fragmented And Unfragmented Traffic
ACE because that ACE does not check any Layer 4 information and because Layer 3 information in all fragments shows that they are being sent to host 10.1.1.3, and the earlier permit ACEs were checking different hosts. Catalyst 3750 Metro Switch Software Configuration Guide 25-5 78-15870-01...
Page 448: Configuring Ip Acls
Configuring IP ACLs Configuring IP ACLs Configuring IP ACLs on the switch is the same as configuring IP ACLs on other Cisco switches and routers. The process is briefly described here. For more detailed information on configuring ACLs, refer to the “Configuring IP Services” chapter in the Cisco IP and IP Routing Configuration Guide for IOS Release 12.1.
Page 449: Access List Numbers
IP ACL can be 100 to 199. The advantage of using named ACLs instead of numbered lists is that you can delete individual entries from a named list. Catalyst 3750 Metro Switch Software Configuration Guide 25-7 78-15870-01...
Page 450: Creating A Numbered Standard Acl
Switch (config)# access-list 2 deny host 171.69.198.102 Switch (config)# access-list 2 permit any Switch(config)# end Switch# show access-lists Standard IP access list 2 deny 171.69.198.102 permit any Catalyst 3750 Metro Switch Software Configuration Guide 25-8 78-15870-01...
Page 451: Creating A Numbered Extended Acl
Note ICMP echo-reply cannot be filtered. All other ICMP codes or types can be filtered. For more details on the specific keywords relative to each protocol, refer to Cisco IP and IP Routing Command Reference for IOS Release 12.1. Note The switch does not support dynamic or reflexive access lists.
Page 452 25-15. dscp—Enter to match packets with the DSCP value specified by a number • from 0 to 63, or use the question mark (?) to see a list of available values. Catalyst 3750 Metro Switch Software Configuration Guide 25-10 78-15870-01...
Page 453 TCP port. To see TCP port names, use the ? or refer to “Configuring IP Services” section of Cisco IOS IP and IP Routing Command Reference for IOS Release 12.1. Use only TCP port numbers or names when filtering TCP.
Page 454 ICMP message type and code name. To see a list of ICMP message type names and ICMP message type and code names, use the ? or refer to the “Configuring IP Services” section of Cisco IOS IP and IP Routing Command Reference for IOS Release 12.1.
Page 455: Creating Named Standard And Extended Acls
Show the access list configuration. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To remove a named standard ACL, use the no ip access-list standard name global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 25-13 78-15870-01...
Page 456 After creating a named ACL, you can apply it to interfaces (see the “Applying an IP ACL to an Interface” section on page 25-18) or VLANs (see the “Configuring VLAN Maps” section on page 25-27). Catalyst 3750 Metro Switch Software Configuration Guide 25-14 78-15870-01...
Page 457: Using Time Ranges With Acls
Verify the time-range configuration. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Repeat the steps if you have multiple items that you want in effect at different times. Catalyst 3750 Metro Switch Software Configuration Guide 25-15 78-15870-01...
Page 458 (inactive) deny tcp any any time-range thanksgiving_2003 (inactive) deny tcp any any time-range christmas_2003 (inactive) Extended IP access list may_access permit tcp any any time-range workhours (inactive) Catalyst 3750 Metro Switch Software Configuration Guide 25-16 78-15870-01...
Page 459: Including Comments In Acls
The range is from 0 to 16. Step 3 access-class access-list-number Restrict incoming and outgoing connections between a particular virtual {in | out} terminal line (into a device) and the addresses in an access list. Catalyst 3750 Metro Switch Software Configuration Guide 25-17 78-15870-01...
Page 460: Applying An Ip Acl To An Interface
(Optional) Save your entries in the configuration file. To remove the specified access group, use the no ip access-group {access-list-number | name} {in | out} interface configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 25-18 78-15870-01...
Page 461: Hardware And Software Treatment Of Ip Acls
Use the show access-lists hardware counters privileged EXEC command to obtain some basic hardware ACL statistics for switched and routed packets. Catalyst 3750 Metro Switch Software Configuration Guide 25-19 78-15870-01...
Page 462: Ip Acl Configuration Examples
This section provides examples of configuring and applying IP ACLs. For detailed information about compiling ACLs, refer to the Security Configuration Guide and the “IP Services” chapter of the Cisco IOS IP and IP Routing Configuration Guide for IOS Release 12.1.
Page 463: Numbered Acls
Internet. However, you do not want IP hosts to be able to form TCP connections to hosts on your network, except to the mail (SMTP) port of a dedicated mail host. Catalyst 3750 Metro Switch Software Configuration Guide 25-21 78-15870-01...
Page 464: Named Acls
ACL applied to incoming traffic. Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# no switchport Switch(config-if)# ip address 2.0.5.1 255.255.255.0 Switch(config-if)# ip access-group Internet_filter out Switch(config-if)# ip access-group marketing_group in Catalyst 3750 Metro Switch Software Configuration Guide 25-22 78-15870-01...
Page 465: Time Range Applied To An Ip Acl
In this example of a named ACL, the Jones subnet is not allowed to use outbound Telnet: Switch(config)# ip access-list extended telnetting Switch(config-ext-nacl)# remark Do not allow Jones subnet to telnet out Switch(config-ext-nacl)# deny tcp 171.69.0.0 0.0.255.255 any eq telnet Catalyst 3750 Metro Switch Software Configuration Guide 25-23 78-15870-01...
Page 466: Acl Logging
ACL and the access entry that has been matched. This is an example of an output message when the log-input keyword is entered: 00:04:21:%SEC-6-IPACCESSLOGDP:list inputlog permitted icmp 10.1.1.10 (Vlan1 0001.42ef.a400) -> 10.1.1.61 (0/0), 1 packet Catalyst 3750 Metro Switch Software Configuration Guide 25-24 78-15870-01...
Page 467: Creating Named Mac Extended Acls
| msdos | mumps | netbios | vines-echo |vines-ip | xns-idp—A non-IP protocol. • cos cos—An IEEE 802.1p cost of service number from 0 to 7 used to set priority. Step 4 Return to privileged EXEC mode. Catalyst 3750 Metro Switch Software Configuration Guide 25-25 78-15870-01...
Page 468: Applying A Mac Acl To A Layer 2 Interface
[interface interface-id] Display the MAC access list applied to the interface or all Layer 2 interfaces. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 3750 Metro Switch Software Configuration Guide 25-26 78-15870-01...
Page 469: Configuring Vlan Maps
Step 4 Use the vlan filter global configuration command to apply a VLAN map to one or more VLANs. Catalyst 3750 Metro Switch Software Configuration Guide 25-27 78-15870-01...
Page 470: Vlan Map Configuration Guidelines
10. When modifying or deleting maps, you can enter the number of the map entry that you want to modify or delete. Entering this command changes to access-map configuration mode. Catalyst 3750 Metro Switch Software Configuration Guide 25-28 78-15870-01...
Page 471: Examples Of Acls And Vlan Maps
ACLs (that is, packets that are not TCP packets or UDP packets) would get dropped. Switch(config)# ip access-list extended ip2 Switch(config-ext-nacl)# permit udp any any Switch(config-ext-nacl)# exit Switch(config)# vlan access-map map_1 20 Switch(config-access-map)# match ip address ip2 Switch(config-access-map)# action forward Catalyst 3750 Metro Switch Software Configuration Guide 25-29 78-15870-01...
Page 472 Switch(config-ext-macl)# permit any any vines-ip Switch(config-ext-nacl)# exit Switch(config)# vlan access-map drop-mac-default 10 Switch(config-access-map)# match mac address good-hosts Switch(config-access-map)# action forward Switch(config-access-map)# exit Switch(config)# vlan access-map drop-mac-default 20 Switch(config-access-map)# match mac address good-protocols Switch(config-access-map)# action forward Catalyst 3750 Metro Switch Software Configuration Guide 25-30 78-15870-01...
Page 473: Applying A Vlan Map To A Vlan
Using VLAN Maps in Your Network This section describes some typical uses for VLAN maps and includes these topics: Wiring Closet Configuration, page 25-32 • Denying Access to a Server on Another VLAN, page 25-33 • Catalyst 3750 Metro Switch Software Configuration Guide 25-31 78-15870-01...
Page 474: Wiring Closet Configuration
Switch(config-ext-nacl)# permit ip any any Switch(config-ext-nacl)# exit Switch(config)# vlan access-map map2 20 Switch(config-access-map)# match ip address match_all Switch(config-access-map)# action forward Then, apply VLAN access map map2 to VLAN 1. Switch(config)# vlan filter map2 vlan 1 Catalyst 3750 Metro Switch Software Configuration Guide 25-32 78-15870-01...
Page 475: Denying Access To A Server On Another Vlan
Switch(config-access-map)# match ip address SERVER1_ACL Switch(config-access-map)# action drop Switch(config)# vlan access-map SERVER1_MAP 20 Switch(config-access-map)# action forward Switch(config-access-map)# exit Apply the VLAN map to VLAN 10. Step 3 Switch(config)# vlan filter SERVER1_MAP vlan-list 10. Catalyst 3750 Metro Switch Software Configuration Guide 25-33 78-15870-01...
Page 476: Using Vlan Maps With Router Acls
• To define multiple actions in an ACL (permit, deny), group each action type together to reduce the number of entries. Catalyst 3750 Metro Switch Software Configuration Guide 25-34 78-15870-01...
Page 477: Examples Of Router Acls And Vlan Maps Applied To Vlans
Figure 25-6 Applying ACLs on Switched Packets Input Output VLAN 10 router router VLAN 20 Frame Host A (VLAN 10) Routing function or fallback bridge Host C (VLAN 10) VLAN 10 VLAN 20 Packet Catalyst 3750 Metro Switch Software Configuration Guide 25-35 78-15870-01...
Page 478: Acls And Bridged Packets
Figure 25-8 Applying ACLs on Routed Packets Input Output VLAN 10 router router VLAN 20 Frame Host A Host B (VLAN 10) (VLAN 20) Routing function VLAN 10 VLAN 20 Packet Catalyst 3750 Metro Switch Software Configuration Guide 25-36 78-15870-01...
Page 479: Acls And Multicast Packets
Figure 25-9 Applying ACLs on Multicast Packets Input Output VLAN 10 router router VLAN 20 Frame Host A Host B (VLAN 10) (VLAN 20) Routing function Host C (VLAN 10) VLAN 10 VLAN 20 Packet Catalyst 3750 Metro Switch Software Configuration Guide 25-37 78-15870-01...
Page 480: Displaying Acl Configuration
Show information about all VLAN access-maps or the specified access map. show vlan filter [access-map name | vlan vlan-id] Show information about all VLAN filters or about a specified VLAN or VLAN access map. Catalyst 3750 Metro Switch Software Configuration Guide 25-38 78-15870-01...
Page 481: Chapter 26 Configuring Qos
It sends the packets without any assurance of reliability, delay bounds, or throughput. You can use auto-QoS to identify ports connected to Cisco IP phones and ports that receive trusted voice over IP (VoIP) traffic. You can use standard QoS to classify, police, mark, queue, and schedule inbound traffic on any port as well as queue and schedule outbound traffic.
Page 482: Understanding Qos
Layer 3 IP packets can carry either an IP precedence value or a DSCP value. QoS supports the use of either value because DSCP values are backward-compatible with IP precedence values. IP precedence values range from 0 to 7. DSCP values range from 0 to 63. Catalyst 3750 Metro Switch Software Configuration Guide 26-2 78-15870-01...
Page 483 Implementing QoS in your network can be a simple or complex task and depends on the QoS features offered by your internetworking devices, the traffic types and patterns in your network, and the granularity of control that you need over inbound and outbound traffic. Catalyst 3750 Metro Switch Software Configuration Guide 26-3 78-15870-01...
Page 484: Basic Qos Model
The policer limits the bandwidth consumed by a flow of traffic. The result is passed to the marker. For more information, see the “Ingress Policing and Marking” section on page 26-9. Catalyst 3750 Metro Switch Software Configuration Guide 26-4 78-15870-01...
Page 485 Scheduling services the queues through average-rate shaping. For more information, see the “Queueing and Scheduling of Hierarchical Queues” section on page 26-26. Catalyst 3750 Metro Switch Software Configuration Guide 26-5 78-15870-01...
Page 486: Ingress Classification
For information on the maps described in this section, see the “Mapping Tables” section on page 26-11. For configuration information on port trust states, see the “Configuring Ingress Classification by Using Port Trust States” section on page 26-42. Catalyst 3750 Metro Switch Software Configuration Guide 26-6 78-15870-01...
Page 487 CoS-to-DSCP map. Assign the DSCP or CoS as specified Assign the default Generate the DSCP by using by ACL action to generate the QoS label. DSCP (0). the CoS-to-DSCP map. Done Done Catalyst 3750 Metro Switch Software Configuration Guide 26-7 78-15870-01...
Page 488: Ingress Classification Based On Qos Acls
CoS, DSCP, or IP precedence values in the traffic class; setting a specific DSCP or IP precedence value in the traffic class; or specifying the traffic bandwidth limitations and the action to take when the traffic is out of profile. Catalyst 3750 Metro Switch Software Configuration Guide 26-8 78-15870-01...
Page 489: Ingress Policing And Marking
In this way, the aggregate policer is shared by multiple classes of traffic within a policy map. Catalyst 3750 Metro Switch Software Configuration Guide 26-9 78-15870-01...
Page 490 For configuration information, see the “Classifying, Policing, and Marking Ingress Traffic by Using Policy Maps” section on page 26-54 “Classifying, Policing, and Marking Ingress Traffic by Using Aggregate Policers” section on page 26-57. Catalyst 3750 Metro Switch Software Configuration Guide 26-10 78-15870-01...
Page 491: Mapping Tables
This configurable map is called the policed-DSCP map. You configure this map by using the mls qos map policed-dscp global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 26-11 78-15870-01...
Page 492: Queueing And Scheduling Overview
Classify, a standard port Traffic police, and mark Traffic sent to Classify, CBWFQ, Physical- an ES port Class-level VLAN-level police, LLQ, CBWFQ interface- queues queues and mark or both level queue Catalyst 3750 Metro Switch Software Configuration Guide 26-12 78-15870-01...
Page 493: Weighted Tail Drop
Suppose the queue is already filled with 600 frames, and a new frame arrives. It contains CoS values 4 and 5 and is subjected to the 60-percent threshold. If this frame is added to the queue, the threshold will be exceeded, so the switch drops it. Catalyst 3750 Metro Switch Software Configuration Guide 26-13 78-15870-01...
Page 494: Srr Shaping And Sharing
“Allocating Bandwidth Between the Ingress Queues” section on page 26-67, the “Configuring SRR Shaped Weights on an Egress Queue-Set” section on page 26-72, and “Configuring SRR Shared Weights on an Egress Queue-Set” section on page 26-73. Catalyst 3750 Metro Switch Software Configuration Guide 26-14 78-15870-01...
Page 495: Queueing And Scheduling Of Ingress Queues
The expedite queue has guaranteed bandwidth. 1. The switch uses two nonconfigurable queues for traffic that is essential for proper network operation. Catalyst 3750 Metro Switch Software Configuration Guide 26-15 78-15870-01...
Page 496 DSCP or CoS values into certain queues, by allocating a large queue size or by servicing the queue more frequently, and by adjusting queue thresholds so that packets with lower priorities are dropped. For configuration information, see the “Configuring Ingress Queue Characteristics” section on page 26-64. Catalyst 3750 Metro Switch Software Configuration Guide 26-16 78-15870-01...
Page 497: Queueing And Scheduling Of Egress Queue-Sets
SRR weights. Rewrite DSCP, CoS, or both values, as appropriate. Send the packet out the standard port, to the input of the hierarchical egress queueing and scheduling, or both. Done Catalyst 3750 Metro Switch Software Configuration Guide 26-17 78-15870-01...
Page 498 50 buffers to the common pool. You also can enable a queue in the full condition to obtain more buffers than are reserved for it by setting a maximum threshold. The switch can allocate the needed buffers from the common pool if the common pool is not empty. Catalyst 3750 Metro Switch Software Configuration Guide 26-18 78-15870-01...
Page 499: Understanding Hierarchical Qos
WRED, a congestion-avoidance technique, or to influence whether the packet is queued. You also can implement scheduling policies (CBWFQ, LLQ, and shaping) to influence how quickly a packet is sent out the port. Catalyst 3750 Metro Switch Software Configuration Guide 26-19 78-15870-01...
Page 500: Hierarchical Levels
Switch(config-pmap)# class c1 Switch(config-pmap-c)# police cir 500000 bc 10000 pir 1000000 be 10000 conform-action transmit exceed-action set-prec-transmit 2 violate-action drop Switch(config-pmap-c)# exit Switch(config-pmap)# exit Switch(config)# interface gigabitethernet1/1/1 Switch(config-if)# service-policy output policy1 Catalyst 3750 Metro Switch Software Configuration Guide 26-20 78-15870-01...
Page 501 Switch(config)# class-map match-all vlan203 Switch(config-cmap)# match vlan 203 Switch(config-cmap)# exit Switch(config)# policy-map vlan-policy Switch(config-pmap)# class vlan203 Switch(config-pmap-c)# police cir 500000 bc 10000 pir 1000000 be 10000 conform-action transmit exceed-action set-prec-transmit 2 violate-action drop Catalyst 3750 Metro Switch Software Configuration Guide 26-21 78-15870-01...
Page 502 Switch(config-pmap)# class my-logical-class Switch(config-pmap-c)# shape average 400000000 Switch(config-pmap-c)# service-policy my-class-policy Switch(config-pmap-c)# exit Switch(config-pmap)# exit Switch(config)# policy-map my-physical-policy Switch(config-pmap)# class class-default Switch(config-pmap-c)# shape average 500000000 Switch(config-pmap-c)# service-policy my-logical-policy Switch(config-pmap-c)# exit Switch(config-pmap)# exit Catalyst 3750 Metro Switch Software Configuration Guide 26-22 78-15870-01...
Page 503: Egress Classification Based On Traffic Classes And Traffic Policies
For more information, see the “Egress Policing and Marking” section on page 26-24 and the “Queueing and Scheduling of Hierarchical Queues” section on page 26-26. Catalyst 3750 Metro Switch Software Configuration Guide 26-23 78-15870-01...
Page 504: Egress Policing And Marking
B larger size of B larger than number of tokens than number of tokens available in PIR available in CIR Packet of size B bucket? bucket? Violate Exceed Conform Action Action Action Catalyst 3750 Metro Switch Software Configuration Guide 26-24 78-15870-01...
Page 505 After you configure the policy map and policing actions, attach the egress policy to an ES port by using the service-policy output interface configuration command. For configuration information, see the “Configuring Hierarchical QoS” section on page 26-76. Catalyst 3750 Metro Switch Software Configuration Guide 26-25 78-15870-01...
Page 506: Queueing And Scheduling Of Hierarchical Queues
Service the queue according to the CBWFQ, LLQ, or both. Rewrite any or all DSCP, IP precedence, MPLS EXP, and CoS bits as appropriate. Send the packet out the ES port. Done Catalyst 3750 Metro Switch Software Configuration Guide 26-26 78-15870-01...
Page 507: Hierarchical Queues
You enable tail drop at the class level by using the queue-limit policy-map class configuration command. For configuration information, see the “Configuring an Egress Hierarchical QoS Policy” section on page 26-77. Catalyst 3750 Metro Switch Software Configuration Guide 26-27 78-15870-01...
Page 508 Understanding Hierarchical QoS WRED Cisco Systems implements a version of Random Early Detection (RED), called WRED, differently from other congestion-avoidance techniques. WRED attempts to anticipate and avoid congestion, rather than controlling congestion when it occurs. WRED takes advantage of the TCP congestion control to try to control the average queue size by signaling end hosts when they should temporarily stop sending packets.
Page 509: Configuring Auto-Qos
The switch uses the resulting classification to choose the appropriate egress queue. You use auto-QoS commands to identify ports connected to Cisco IP phones and to identify ports that receive trusted voice over IP (VoIP) traffic through an uplink. Auto-QoS then performs these functions: •...
Page 510: Generated Auto-Qos Configuration
Priority (shaped) 10 percent 20 percent SRR shared 3, 6, 7 10 percent 20 percent SRR shared 2, 4 60 percent 20 percent SRR shared 0, 1 20 percent 40 percent Catalyst 3750 Metro Switch Software Configuration Guide 26-30 78-15870-01...
Page 511 The switch uses the Cisco Discovery Protocol (CDP) to detect the presence or absence of a Cisco IP phone. When a Cisco IP phone is detected, the ingress classification on the port is set to trust the QoS label received in the packet. When a Cisco IP phone is absent, the ingress classification is set to not trust the QoS label in the packet.
Page 512 20 20 20 40 buffer sizes. It configures the bandwidth and the SRR mode Switch(config-if)# srr-queue bandwidth shape 10 0 0 (shaped or shared). Switch(config-if)# srr-queue bandwidth share 10 10 60 20 Catalyst 3750 Metro Switch Software Configuration Guide 26-32 78-15870-01...
Page 513: Effects Of Auto-Qos On The Configuration
Auto-QoS Configuration Guidelines Before configuring auto-QoS, you should be aware of this information: In this release, auto-QoS configures the switch only for VoIP with Cisco IP phones. • To take advantage of the auto-QoS defaults, you should enable auto-QoS before you configure other •...
Page 514: Enabling Auto-Qos For Voip
Enter global configuration mode. Step 2 interface interface-id Specify the port that is connected to a Cisco IP phone or the uplink port that is connected to another switch or router in the interior of the network, and enter interface configuration mode.
Page 515: Auto-Qos Configuration Example
You should not configure any standard QoS commands before entering the auto-QoS commands. You Note can fine-tune the QoS configuration, but we recommend that you do so only after the auto-QoS configuration is completed. Catalyst 3750 Metro Switch Software Configuration Guide 26-35 78-15870-01...
Page 516 Step 6 exit Return to global configuration mode. Step 7 Repeat Steps 4 to 6 for as many ports as are connected to the Cisco IP phone. Step 8 auto qos voip cisco-phone Enable auto-QoS on the port, and specify that the port is connected to a Cisco IP phone.
Page 517: Displaying Auto-Qos Information
Configuring Ingress Queue Characteristics, page 26-64 (optional) • Configuring Egress Queue-Set Characteristics, page 26-69 (optional) If you need to configure outbound traffic on an ES port, see the “Configuring Hierarchical QoS” section on page 26-76. Catalyst 3750 Metro Switch Software Configuration Guide 26-37 78-15870-01...
Page 518: Default Standard Qos Configuration
DSCP input queue threshold map when QoS is enabled. Table 26-8 Default DSCP Input Queue Threshold Map DSCP Value 0–39 40–47 48–63 Queue ID - Threshold ID 1 - 1 2 - 1 1 - 1 Catalyst 3750 Metro Switch Software Configuration Guide 26-38 78-15870-01...
Page 519: Default Egress Queue-Set Configuration
The default DSCP-to-DSCP-mutation map is a null map, which maps an inbound DSCP value to the same DSCP value. The default policed-DSCP map is a null map, which maps an inbound DSCP value to the same DSCP value (no markdown). Catalyst 3750 Metro Switch Software Configuration Guide 26-39 78-15870-01...
Page 520: Standard Qos Configuration Guidelines
You are likely to lose data when you change queue settings; therefore, try to make changes when traffic is at a minimum. For outbound traffic on an ES port, see the “Hierarchical QoS Configuration Guidelines” section on page 26-76. Catalyst 3750 Metro Switch Software Configuration Guide 26-40 78-15870-01...
Page 521: Packet Modification
The set action in a policy map also causes the DSCP to be rewritten. This information applies to both standard and ES ports. On the ES ports, the switch also applies trust policies to 802.1Q tunneling frames at egress. Catalyst 3750 Metro Switch Software Configuration Guide 26-41 78-15870-01...
Page 522: Enabling Qos Globally
QoS domain can then be configured to one of the trusted states because there is no need to classify the packets at every switch within the domain. Figure 26-13 shows a sample network topology. Catalyst 3750 Metro Switch Software Configuration Guide 26-42 78-15870-01...
Page 523 Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the port to be trusted, and enter interface configuration mode. Valid interfaces include physical ports. Catalyst 3750 Metro Switch Software Configuration Guide 26-43 78-15870-01...
Page 524 DSCP-to-DSCP-Mutation Map” section on page 26-63. Step 4 Return to privileged EXEC mode. Step 5 show mls qos interface Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 3750 Metro Switch Software Configuration Guide 26-44 78-15870-01...
Page 525 Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no mls qos cos {default-cos | override} interface configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 26-45 78-15870-01...
Page 526 CoS setting). By contrast, trusted boundary uses CDP to detect the presence of a Cisco IP phone (such as the Cisco IP phone 7910, 7935, 7940, and 7960) on a switch port. If the telephone is not detected, the trusted boundary feature disables the trusted setting on the switch port and prevents misuse of a high-priority queue.
Page 527: Configuring The Dscp Trust State On A Port Bordering Another Qos Domain
Specify the port to be trusted, and enter interface configuration mode. Valid interfaces include physical ports. Step 4 mls qos trust dscp Configure the ingress port as a DSCP-trusted port. By default, the port is not trusted. Catalyst 3750 Metro Switch Software Configuration Guide 26-47 78-15870-01...
Page 528: Configuring An Ingress Qos Policy
CBWFQ, tail drop, DSCP-based WRED, and IP precedence-based WRED, how to enable LLQ, and how to configure shaping. Catalyst 3750 Metro Switch Software Configuration Guide 26-48 78-15870-01...
Page 529 Switch(config)# access-list 1 permit 192.5.255.0 0.0.0.255 Switch(config)# access-list 1 permit 128.88.0.0 0.0.255.255 Switch(config)# access-list 1 permit 36.0.0.0 0.0.0.255 ! (Note: all other access implicitly denied) Catalyst 3750 Metro Switch Software Configuration Guide 26-49 78-15870-01...
Page 530 This example shows how to create an ACL that permits IP traffic from a source host at 10.1.1.1 to a destination host at 10.1.1.2 with a precedence value of 5: Switch(config)# access-list 100 permit ip host 10.1.1.1 host 10.1.1.2 precedence 5 Catalyst 3750 Metro Switch Software Configuration Guide 26-50 78-15870-01...
Page 531 Verify your entries. access-list-name] Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To delete an access list, use the no mac access-list extended access-list-name global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 26-51 78-15870-01...
Page 532 {permit | deny} {host src-MAC-addr mask | any | host dst-MAC-addr | dst-MAC-addr mask} [type mask] Catalyst 3750 Metro Switch Software Configuration Guide 26-52 78-15870-01...
Page 533 This example shows how to create a class map called class2, which matches inbound traffic with DSCP values of 10, 11, and 12: Switch(config)# class-map class2 Switch(config-cmap)# match ip dscp 10 11 12 Switch(config-cmap)# exit Catalyst 3750 Metro Switch Software Configuration Guide 26-53 78-15870-01...
Page 534: Classifying Ingress Traffic By Using Acls
Step 3 class class-name Specify the name of the class whose traffic policy you want to create or change, and enter policy-map class configuration mode. By default, no traffic classes are defined. Catalyst 3750 Metro Switch Software Configuration Guide 26-54 78-15870-01...
Page 535 DSCP value (through the policed-DSCP map) and send the packet. For more information, see the “Configuring the Policed-DSCP Map” section on page 26-61. Step 7 exit Return to policy-map configuration mode. Step 8 exit Return to global configuration mode. Catalyst 3750 Metro Switch Software Configuration Guide 26-55 78-15870-01...
Page 536 Switch(config-ext-mac)# permit 0001.0000.0001 0.0.0 0002.0000.0001 0.0.0 Switch(config-ext-mac)# permit 0001.0000.0002 0.0.0 0002.0000.0002 0.0.0 xns-idp Switch(config-ext-mac)# exit Switch(config)# mac access-list extended maclist2 Switch(config-ext-mac)# permit 0001.0000.0003 0.0.0 0002.0000.0003 0.0.0 Switch(config-ext-mac)# permit 0001.0000.0004 0.0.0 0002.0000.0004 0.0.0 aarp Switch(config-ext-mac)# exit Catalyst 3750 Metro Switch Software Configuration Guide 26-56 78-15870-01...
Page 537: Classifying, Policing, And Marking Ingress Traffic By Using Aggregate Policers
Create a policy map by entering the policy-map name, and enter policy-map configuration mode. For more information, see the “Classifying, Policing, and Marking Ingress Traffic by Using Policy Maps” section on page 26-54. Catalyst 3750 Metro Switch Software Configuration Guide 26-57 78-15870-01...
Page 538 Switch(config)# policy-map aggflow1 Switch(config-pmap)# class ipclass1 Switch(config-pmap-c)# trust dscp Switch(config-pmap-c)# police aggregate transmit1 Switch(config-pmap-c)# exit Switch(config-pmap)# class ipclass2 Switch(config-pmap-c)# set ip dscp 56 Switch(config-pmap-c)# police aggregate transmit1 Switch(config-pmap-c)# exit Switch(config-pmap)# exit Catalyst 3750 Metro Switch Software Configuration Guide 26-58 78-15870-01...
Page 539: Configuring Dscp Maps
Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default map, use the no mls qos cos-dscp global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 26-59 78-15870-01...
Page 540: Configuring The Ip-Precedence-To-Dscp Map
Switch(config)# mls qos map ip-prec-dscp 10 15 20 25 30 35 40 45 Switch(config)# end Switch# show mls qos maps ip-prec-dscp IpPrecedence-dscp map: ipprec: -------------------------------- dscp: 10 15 20 25 30 35 40 45 Catalyst 3750 Metro Switch Software Configuration Guide 26-60 78-15870-01...
Page 541: Configuring The Policed-Dscp Map
DSCP. The intersection of the d1 and d2 values provides the marked-down value. For example, an original DSCP value of 53 corresponds to a marked-down DSCP value of 0. Catalyst 3750 Metro Switch Software Configuration Guide 26-61 78-15870-01...
Page 542: Configuring The Dscp-To-Cos Map
DSCP. The intersection of the d1 and d2 values provides the CoS value. For example, in the DSCP-to-CoS map, a DSCP value of 08 corresponds to a CoS value of 0. Catalyst 3750 Metro Switch Software Configuration Guide 26-62 78-15870-01...
Page 543: Configuring The Dscp-To-Dscp-Mutation Map
Switch(config)# mls qos map dscp-mutation mutation1 20 21 22 to 20 Switch(config)# mls qos map dscp-mutation mutation1 30 31 32 33 34 to 30 Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# mls qos trust dscp Catalyst 3750 Metro Switch Software Configuration Guide 26-63 78-15870-01...
Page 544: Configuring Ingress Queue Characteristics
(optional) Allocating Buffer Space Between the Ingress Queues, page 26-66 (optional) • Allocating Bandwidth Between the Ingress Queues, page 26-67 (optional) • Configuring the Ingress Priority Queue, page 26-68 (optional) • Catalyst 3750 Metro Switch Software Configuration Guide 26-64 78-15870-01...
Page 545 To return to the default WTD threshold percentages, use the no mls qos srr-queue input threshold queue-id global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 26-65 78-15870-01...
Page 546: Allocating Buffer Space Between The Ingress Queues
This example shows how to allocate 60 percent of the buffer space to ingress queue 1 and 40 percent of the buffer space to ingress queue 2: Switch(config)# mls qos srr-queue input buffers 60 40 Catalyst 3750 Metro Switch Software Configuration Guide 26-66 78-15870-01...
Page 547: Allocating Bandwidth Between The Ingress Queues
1 is 25/(25+75) and to queue 2 is 75/(25+75). Switch(config)# mls qos srr-queue input priority-queue 2 bandwidth 0 Switch(config)# mls qos srr-queue input bandwidth 25 75 Catalyst 3750 Metro Switch Software Configuration Guide 26-67 78-15870-01...
Page 548: Configuring The Ingress Priority Queue
SRR equally shares the remaining 90 percent of the bandwidth between queues 1 and 2 by allocating 45 percent to each queue. Switch(config)# mls qos srr-queue input priority-queue 1 bandwidth 10 Switch(config)# mls qos srr-queue input bandwidth 4 4 Catalyst 3750 Metro Switch Software Configuration Guide 26-68 78-15870-01...
Page 549: Configuring Egress Queue-Set Characteristics
QoS solution. Beginning in privileged EXEC mode, follow these steps to configure the memory allocation and drop thresholds for a queue-set. This procedure is optional. Catalyst 3750 Metro Switch Software Configuration Guide 26-69 78-15870-01...
Page 550 Step 6 Return to privileged EXEC mode. Step 7 show mls qos interface [interface-id] Verify your entries. buffers Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 3750 Metro Switch Software Configuration Guide 26-70 78-15870-01...
Page 551 The range is 0 to 63. • For cos1...cos8, enter up to eight values, and separate each value with a space. The range is 0 to 7. Step 3 Return to privileged EXEC mode. Catalyst 3750 Metro Switch Software Configuration Guide 26-71 78-15870-01...
Page 552: Configuring Srr Shaped Weights On An Egress Queue-Set
This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify a standard port, and enter interface configuration mode. Catalyst 3750 Metro Switch Software Configuration Guide 26-72 78-15870-01...
Page 553: Configuring Srr Shared Weights On An Egress Queue-Set
Beginning in privileged EXEC mode, follow these steps to assign the shared weights and to enable bandwidth sharing on a port mapped to the four egress queues. This procedure is optional. Catalyst 3750 Metro Switch Software Configuration Guide 26-73 78-15870-01...
Page 554: Limiting The Egress Bandwidth On A Queue-Set
Specify the percentage of the port speed to which the port should be limited. The range is 10 to 90. This command is not supported on an ES port. By default, the port is not rate limited and is set to 100 percent. Catalyst 3750 Metro Switch Software Configuration Guide 26-74 78-15870-01...
Page 555: Displaying Standard Qos Information
[policy-map-name [class Display QoS policy-maps, which define the traffic policy for a class-map-name]] traffic class. show policy-map interface interface-id [input] Display the ingress policy-map name applied to the specified port. Catalyst 3750 Metro Switch Software Configuration Guide 26-75 78-15870-01...
Page 556: Configuring Hierarchical Qos
EtherChannel. Class maps that contain ACLs are not supported in an egress policy attached to an ES port. You • cannot use the match access-group acl-index-or-name class-map configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 26-76 78-15870-01...
Page 557: Configuring An Egress Hierarchical Qos Policy
Classifying Egress Traffic by Using Class Maps, page 26-78 (required) • Configuring an Egress Two-Rate Traffic Policer, page 26-80 (optional) • • Configuring Class-Based Packet Marking in an Egress Traffic Policy, page 26-84 (optional) Catalyst 3750 Metro Switch Software Configuration Guide 26-77 78-15870-01...
Page 558: Classifying Egress Traffic By Using Class Maps
If neither the match-all nor the match-any keyword is specified, the default is match-all. You must use the match-all keyword if you are matching an 802.1Q tunneling pair (instead of matching a single VLAN). Catalyst 3750 Metro Switch Software Configuration Guide 26-78 78-15870-01...
Page 559 This example shows how to create a class-level class-map called class3, which matches traffic with IP-precedence values of 5, 6, and 7: Switch(config)# class-map class3 Switch(config-cmap)# match ip precedence 5 6 7 Catalyst 3750 Metro Switch Software Configuration Guide 26-79 78-15870-01...
Page 560: Configuring An Egress Two-Rate Traffic Policer
Step 3 class class-name Specify the name of the class whose traffic policy you want to create or change, and enter policy-map class configuration mode. By default, no traffic classes are defined. Catalyst 3750 Metro Switch Software Configuration Guide 26-80 78-15870-01...
Page 561 Setting the burst sizes too low can result in less traffic than expected, and setting them too high can result in more traffic than expected. Step 5 exit Return to policy-map configuration mode. Catalyst 3750 Metro Switch Software Configuration Guide 26-81 78-15870-01...
Page 562 Switch(config)# policy-map policy1 Switch(config-pmap)# class class1 Switch(config-pmap-c)# police cir percent 20 bc 300 ms pir percent 40 be 400 ms Switch(config-pmap-c)# exit Switch(config-pmap)# exit Switch(config)# interface gigabitethernet1/1/1 Switch(config-if)# service-policy output policy1 Catalyst 3750 Metro Switch Software Configuration Guide 26-82 78-15870-01...
Page 563 Switch(config-pmap-c)# police cir 500000 bc 10000 pir 1000000 be 10000 conform-action transmit exceed-action set-prec-transmit 2 violate-action drop Switch(config-pmap-c)# service-policy my-logical-policy Switch(config-pmap-c)# exit Switch(config-pmap)# exit Switch(config)# interface gigabitethernet1/1/1 Switch(config)# service-policy output my-physical-policy Catalyst 3750 Metro Switch Software Configuration Guide 26-83 78-15870-01...
Page 564: Configuring Class-Based Packet Marking In An Egress Traffic Policy
Step 8 service-policy output policy-map-name Specify the egress policy-map name, and apply it to the ES port. Only one policy map per port is supported. Step 9 Return to privileged EXEC mode. Catalyst 3750 Metro Switch Software Configuration Guide 26-84 78-15870-01...
Page 565 Switch(config-pmap)# exit Switch(config)# policy-map log-policy Switch(config-pmap)# class log-class Switch(config-pmap-c)# service-policy cls-policy Switch(config-pmap-c)# exit Switch(config-pmap)# exit Switch(config)# interface gigabitethernet1/1/2 Switch(config-if)# switchport trunk encapsulation isl Switch(config-if)# switchport mode trunk Switch(config-if)# service-policy output log-policy Catalyst 3750 Metro Switch Software Configuration Guide 26-85 78-15870-01...
Page 566: Configuring Cbwfq And Tail Drop
Step 3 class class-name Specify the name of the class whose traffic policy you want to create or change, and enter policy-map class configuration mode. By default, no traffic classes are defined. Catalyst 3750 Metro Switch Software Configuration Guide 26-86 78-15870-01...
Page 567 To delete an existing class, use the no class class-name policy-map configuration command. To return to the default bandwidth, use the no bandwidth policy-map class configuration command. To return to the default maximum threshold, use the no queue-limit policy-map class configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 26-87 78-15870-01...
Page 568 Switch(config-pmap-c)# bandwidth 2000 Switch(config-pmap-c)# exit Switch(config-pmap)# class vlan202 Switch(config-pmap-c)# bandwidth 2000 Switch(config-pmap-c)# exit Switch(config-pmap)# exit Switch(config)# interface gigabitethernet1/1/2 Switch(config-if)# switchport trunk encapsulation dot1q Switch(config-if)# switchport mode trunk Switch(config-if)# service-policy output vlan-policy Catalyst 3750 Metro Switch Software Configuration Guide 26-88 78-15870-01...
Page 569: Configuring Cbwfq And Dscp-Based Wred
If the average queue size is less than the minimum queue threshold, the arriving packet is queued. • The minimum queue threshold is configured through the min-threshold option in the random-detect dscp policy-map class configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 26-89 78-15870-01...
Page 570 Step 3 class class-name Specify the name of the class whose traffic policy you want to create or change, and enter policy-map class configuration mode. By default, no traffic classes are defined. Catalyst 3750 Metro Switch Software Configuration Guide 26-90 78-15870-01...
Page 571 For example, if the denominator is 512, one out of every 512 packets is dropped when the queue is at the maximum threshold. For a list of the default settings for a specified DSCP value, see the command reference for this release. Catalyst 3750 Metro Switch Software Configuration Guide 26-91 78-15870-01...
Page 572 Switch(config-pmap-c)# random-detect exponential-weighting-constant 10 Switch(config-pmap-c)# random-detect dscp 8 24 40 512 Switch(config-pmap-c)# exit Switch(config-pmap)# exit Switch(config)# interface gigabitethernet1/1/1 Switch(config-if)# switchport trunk encapsulation isl Switch(config-if)# switchport mode trunk Switch(config-if)# service-policy output policy10 Catalyst 3750 Metro Switch Software Configuration Guide 26-92 78-15870-01...
Page 573: Configuring Cbwfq And Ip Precedence-Based Wred
You enable IP precedence-based WRED by using the random-detect precedence-based policy-map class configuration command in an egress policy-map attached to an ES port. This command allows for preferential drop treatment among packets with different IP precedence values. The WRED algorithm Catalyst 3750 Metro Switch Software Configuration Guide 26-93 78-15870-01...
Page 574 The amount of bandwidth configured should be large enough to accommodate Layer 2 overhead. Step 5 random-detect precedence-based Enable IP precedence-based WRED as a drop policy. By default, WRED is disabled. Catalyst 3750 Metro Switch Software Configuration Guide 26-94 78-15870-01...
Page 575 To return to the default bandwidth, use the no bandwidth policy-map class configuration command. To disable IP precedence-based WRED, use the no random-detect precedence-based policy-map class configuration command. To return to the default WRED settings, use the no random-detect precedence ip-precedence policy-map class configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 26-95 78-15870-01...
Page 576 Switch(config-pmap-c)# random-detect precedence-based Switch(config-pmap-c)# random-detect precedence 0 30 40 10 Switch(config-pmap-c)# exit Switch(config-pmap)# class silver Switch(config-pmap-c)# bandwidth percent 20 Switch(config-pmap-c)# random-detect precedence-based Switch(config-pmap-c)# random-detect precedence 3 28 35 10 Switch(config-pmap-c)# exit Switch(config-pmap)# exit Catalyst 3750 Metro Switch Software Configuration Guide 26-96 78-15870-01...
Page 577: Enabling Llq
Step 8 service-policy output policy-map-name Specify the egress policy-map name, and apply it to the ES port. Only one policy map per port is supported. Step 9 Return to privileged EXEC mode. Catalyst 3750 Metro Switch Software Configuration Guide 26-97 78-15870-01...
Page 578 Switch(config-cmap)# exit Switch(config)# class-map vlan101 Switch(config-cmap)# match vlan 101 Switch(config-cmap)# exit Switch(config)# policy-map policy1 Switch(config-pmap)# class gold Switch(config-pmap-c)# priority Switch(config-pmap-c)# exit Switch(config-pmap)# class silver Switch(config-pmap-c)# bandwidth percent 20 Switch(config-pmap-c)# random-detect dscp-based Catalyst 3750 Metro Switch Software Configuration Guide 26-98 78-15870-01...
Page 579: Configuring Shaping
100-kbps increment. By default, average-rate traffic shaping is disabled. Step 5 exit Return to policy-map configuration mode. Step 6 exit Return to global configuration mode. Catalyst 3750 Metro Switch Software Configuration Guide 26-99 78-15870-01...
Page 580 Switch(config-pmap-c)# shape average 400000000 Switch(config-pmap-c)# exit Switch(config-pmap)# class vlan102 Switch(config-pmap-c)# shape average 400000000 Switch(config-pmap-c)# exit Switch(config-pmap)# exit Switch(config)# interface gigabitethernet1/1/1 Switch(config-if)# switchport trunk encapsulation isl Switch(config-if)# switchport mode trunk Switch(config-if)# service-policy output vlan-policy Catalyst 3750 Metro Switch Software Configuration Guide 26-100 78-15870-01...
Page 581: Displaying Hierarchical Qos Information
Display QoS policy-maps, which define the traffic policy for a class-map-name]] traffic class. show policy-map interface interface-id output [class Display QoS policy-map information for the specified ES port, class-name]] and display statistics for an individual class. Catalyst 3750 Metro Switch Software Configuration Guide 26-101 78-15870-01...
Page 582 Chapter 26 Configuring QoS Displaying Hierarchical QoS Information Catalyst 3750 Metro Switch Software Configuration Guide 26-102 78-15870-01...
Page 583: Understanding Etherchannels
This chapter describes how to configure EtherChannels on Layer 2 and Layer 3 ports on the Catalyst 3750 Metro switch. EtherChannel provides fault-tolerant high-speed links between switches, routers, and servers. You can use it to increase the bandwidth between the wiring closets and the data center, and you can deploy it anywhere in the network where bottlenecks are likely to occur.
Page 584: Etherchannel Overview
Each EtherChannel can consist of up to eight compatibly configured Ethernet ports. All ports in each EtherChannel must be configured as either Layer 2 or Layer 3 ports. For Catalyst 3750 Metro switches, the number of EtherChannels is limited to 12. For more information, see the “EtherChannel...
Page 585: Port-Channel Interfaces
To change the parameters of all ports in an EtherChannel, apply configuration commands to the port-channel interface, for example, spanning-tree commands or commands to configure a Layer 2 EtherChannel as a trunk. Catalyst 3750 Metro Switch Software Configuration Guide 27-3 78-15870-01...
Page 586: Port Aggregation Protocol
Understanding EtherChannels Port Aggregation Protocol The Port Aggregation Protocol (PAgP) is a Cisco-proprietary protocol that can be run only on Cisco switches and on those switches licensed by vendors to support PAgP. PAgP facilitates the automatic creation of EtherChannels by exchanging PAgP packets between Ethernet ports.
Page 587: Pagp Interaction With Other Features
Link Aggregation Control Protocol The LACP is defined in IEEE 802.3ad and enables Cisco switches to manage Ethernet channels between switches that conform to the 802.3ad protocol. LACP facilitates the automatic creation of EtherChannels by exchanging LACP packets between Ethernet ports.
Page 588: Lacp Modes
The selected mode applies to all EtherChannels configured on the switch. You configure the load balancing and forwarding method by using the port-channel load-balance global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 27-6 78-15870-01...
Page 589 MAC address, using the destination-MAC address always chooses the same link in the channel. Using source addresses or IP addresses might result in better load balancing. Catalyst 3750 Metro Switch Software Configuration Guide 27-7...
Page 590: Configuring Etherchannels
After you configure an EtherChannel, configuration changes applied to the port-channel interface apply Note to all the physical ports assigned to the port-channel interface, and configuration changes applied to the physical port affect only the port where you apply the configuration. Catalyst 3750 Metro Switch Software Configuration Guide 27-8 78-15870-01...
Page 591: Default Etherchannel Configuration
Spanning-tree path cost for each VLAN – Spanning-tree port priority for each VLAN – Spanning-tree Port Fast setting • Do not configure a port to be a member of more than one EtherChannel group. Catalyst 3750 Metro Switch Software Configuration Guide 27-9 78-15870-01...
Page 592: Configuring Layer 2 Etherchannels
Assign all ports as static-access ports in the same VLAN, or configure them as trunks. switchport access vlan vlan-id If you configure the port as a static-access port, assign it to only one VLAN. The range is 1 to 4094. Catalyst 3750 Metro Switch Software Configuration Guide 27-10 78-15870-01...
Page 593 Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. To remove a port from the EtherChannel group, use the no channel-group interface configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 27-11 78-15870-01...
Page 594: Configuring Layer 3 Etherchannels
Step 4 ip address ip-address mask Assign an IP address and subnet mask to the EtherChannel. Step 5 Return to privileged EXEC mode. Step 6 show etherchannel channel-group-number detail Verify your entries. Catalyst 3750 Metro Switch Software Configuration Guide 27-12 78-15870-01...
Page 595: Configuring The Physical Interfaces
Step 3 no ip address Ensure that there is no IP address assigned to the physical port. Step 4 no switchport Put the port into Layer 3 mode. Catalyst 3750 Metro Switch Software Configuration Guide 27-13 78-15870-01...
Page 596 “LACP Modes” section on page 27-6. Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 3750 Metro Switch Software Configuration Guide 27-14 78-15870-01...
Page 597: Configuring Etherchannel Load Balancing
Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return EtherChannel load balancing to the default configuration, use the no port-channel load-balance global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 27-15 78-15870-01...
Page 598: Configuring The Pagp Learn Method And Priority
This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the port for transmission, and enter interface configuration mode. Catalyst 3750 Metro Switch Software Configuration Guide 27-16 78-15870-01...
Page 599: Configuring Lacp Hot-Standby Ports
In priority comparisons, numerically lower values have higher priority. The priority decides which ports should be put in standby mode when there is a hardware limitation that prevents all compatible ports from aggregating. Catalyst 3750 Metro Switch Software Configuration Guide 27-17 78-15870-01...
Page 600: Configuring The Lacp System Priority
EtherChannel are put in the hot-standby state and are used only if one of the channeled ports fails. Catalyst 3750 Metro Switch Software Configuration Guide 27-18...
Page 601: Displaying Etherchannel, Pagp, And Lacp Status
You can clear LACP channel-group information and traffic counters by using the clear lacp {channel-group-number counters | counters} privileged EXEC command. For detailed information about the fields in the displays, refer to the command reference for this release.s Catalyst 3750 Metro Switch Software Configuration Guide 27-19 78-15870-01...
Page 602 Chapter 27 Configuring EtherChannels Displaying EtherChannel, PAgP, and LACP Status Catalyst 3750 Metro Switch Software Configuration Guide 27-20 78-15870-01...
Page 603: Chapter 28 Configuring Ip Unicast Routing
Note Configuration Guide for Release 12.1. For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS IP and IP Routing Command Reference for Release 12.1. This chapter consists of these sections: •...
Page 604: Understanding Ip Routing
Link-state protocols respond quickly to topology changes, but require greater bandwidth and more resources than distance-vector protocols. Catalyst 3750 Metro Switch Software Configuration Guide 28-2 78-15870-01...
Page 605: Steps For Configuring Routing
Steps for Configuring Routing By default, IP routing is disabled on the switch, and you must enable it before routing can take place. For detailed IP routing configuration information, refer to the Cisco IOS IP and IP Routing Configuration Guide for Release 12.1.
Page 606: Configuring Ip Addressing
If a helper address is defined or User Datagram Protocol (UDP) flooding is configured, UDP forwarding is enabled on default ports. Any-local-broadcast: Disabled. Spanning Tree Protocol (STP): Disabled. Turbo-flood: Disabled. IP helper address Disabled. IP host Disabled. Catalyst 3750 Metro Switch Software Configuration Guide 28-4 78-15870-01...
Page 607: Assigning Ip Addresses To Network Interfaces
Return to privileged EXEC mode. Step 7 show interfaces [interface-id] Verify your entries. show ip interface [interface-id] show running-config interface [interface-id] Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 3750 Metro Switch Software Configuration Guide 28-5 78-15870-01...
Page 608: Use Of Subnet Zero
Figure 28-2 IP Classless Routing 128.0.0.0/8 128.20.4.1 128.20.0.0 IP classless 128.20.1.0 128.20.3.0 128.20.2.0 128.20.4.1 Host Catalyst 3750 Metro Switch Software Configuration Guide 28-6 78-15870-01...
Page 609: Configuring Address Resolution Methods
Ethernet, the software must determine the MAC address of the device. The process of determining the MAC address from an IP address is called address resolution. The process of determining the IP address from the MAC address is called reverse address resolution. Catalyst 3750 Metro Switch Software Configuration Guide 28-7 78-15870-01...
Page 610: Define A Static Arp Cache
ARP request then sends its packets to the router, which forwards them to the intended host. Catalyst 3750 Metro switches also use the Reverse Address Resolution Protocol (RARP), which functions the same as ARP does, except that the RARP packets request an IP address instead of a local MAC address.
Page 611: Set Arp Encapsulation
Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To disable an encapsulation type, use the no arp arpa or no arp snap interface configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 28-9 78-15870-01...
Page 612: Enable Proxy Arp
A limitation of this method is that there is no means of detecting when the default router has gone down or is unavailable. Catalyst 3750 Metro Switch Software Configuration Guide 28-10...
Page 613: Icmp Router Discovery Protocol (Irdp)
(Optional) Set the IRDP period for which advertisements are valid. The default is three times the maxadvertinterval value. It must be greater than maxadvertinterval and cannot be greater than 9000 seconds. If you change the maxadvertinterval value, this value also changes. Catalyst 3750 Metro Switch Software Configuration Guide 28-11 78-15870-01...
Page 614: Configuring Broadcast Packet Handling
In most modern IP implementations, you can set the address to be used as the broadcast address. Many implementations, including the one in the Catalyst 3750 switch, support several addressing schemes for forwarding broadcast messages. Perform the tasks in these sections to enable these schemes: •...
Page 615: Enabling Directed Broadcast-To-Physical Broadcast Translation
Use the no ip directed-broadcast interface configuration command to disable translation of directed broadcast to physical broadcasts. Use the no ip forward-protocol global configuration command to remove a protocol or port. Catalyst 3750 Metro Switch Software Configuration Guide 28-13 78-15870-01...
Page 616: Forwarding Udp Broadcast Packets And Protocols
By default, both UDP and ND forwarding are enabled if a helper address has been defined for an interface. The description for the ip forward-protocol interface configuration command in the Cisco IOS IP and IP Routing Command Reference for Release 12.1 lists the ports that are forwarded by default if you do not specify any UDP ports.
Page 617: Establishing An Ip Broadcast Address
When a flooded UDP datagram is sent out an interface (and the destination address possibly changed), the datagram is handed to the normal IP output routines and is, therefore, subject to access lists, if they are present on the output interface. Catalyst 3750 Metro Switch Software Configuration Guide 28-15 78-15870-01...
Page 618: Monitoring And Maintaining Ip Addressing
IP broadcasts. In a Catalyst 3750 Metro switch, the majority of packets are forwarded in hardware; most packets do not go through the switch CPU. For those packets that do go to the CPU, you can speed up spanning tree-based UDP flooding by a factor of about four to five times by using turbo-flooding.
Page 619: Enabling Ip Unicast Routing
(RIP) router configuration command. For information on specific protocols, refer to sections later in this chapter and to the Cisco IOS IP and IP Routing Configuration Guide for Release 12.1. Step 4 Return to privileged EXEC mode.
Page 620: Configuring Rip
Protocol (UDP) data packets to exchange routing information. The protocol is documented in RFC 1058. You can find detailed information about RIP in IP Routing Fundamentals, published by Cisco Press. Using RIP, the switch sends routing information updates (advertisements) every 30 seconds. If a router does not receive an update from another router for 180 seconds or more, it marks the routes served by that router as unusable.
Page 621: Configuring Basic Rip Parameters
Step 5 neighbor ip-address (Optional) Define a neighboring router with which to exchange routing information. This step allows routing updates from RIP (normally a broadcast protocol) to reach nonbroadcast networks. Catalyst 3750 Metro Switch Software Configuration Guide 28-19 78-15870-01...
Page 622 To display the parameters and current state of the active routing protocol process, use the show ip protocols privileged EXEC command. Use the show ip rip database privileged EXEC command to display summary address entries in the RIP database. Catalyst 3750 Metro Switch Software Configuration Guide 28-20 78-15870-01...
Page 623: Configuring Rip Authentication
If you want to configure an interface running RIP to advertise a summarized local IP address pool on a network access server for dial-up clients, use the ip summary-address rip interface configuration command. If split horizon is enabled, neither autosummary nor interface IP summary addresses are advertised. Note Catalyst 3750 Metro Switch Software Configuration Guide 28-21 78-15870-01...
Page 624 Switch(config-router)# interface gigabitethernet1/0/2 Switch(config-if)# ip address 10.1.5.1 255.255.255.0 Switch(config-if)# ip summary-address rip 10.2.0.0 255.255.0.0 Switch(config-if)# no ip split-horizon Switch(config-if)# exit Switch(config)# router rip Switch(config-router)# network 10.0.0.0 Switch(config-router)# neighbor 2.2.2.2 peer-group mygroup Switch(config-router)# end Catalyst 3750 Metro Switch Software Configuration Guide 28-22 78-15870-01...
Page 625: Configuring Igrp
Configuring IGRP Configuring IGRP Interior Gateway Routing Protocol (IGRP) is a dynamic, distance-vector routing, proprietary Cisco protocol for routing in an autonomous system (AS) that contains large, arbitrarily complex networks with diverse bandwidth and delay characteristics. IGRP uses a combination of user-configurable metrics, including internetwork delay, bandwidth, reliability, and load.
Page 626: Default Igrp Configuration
The local best metric must be greater than the metric learned from the next router; that is, the next hop router must be closer (have a smaller metric value) to the destination than the local best metric. Catalyst 3750 Metro Switch Software Configuration Guide 28-24...
Page 627: Configuring Basic Igrp Parameters
Use the traffic-share router configuration command to control distribution of traffic among multiple routes of unequal cost. For more information and examples, refer to the Cisco IOS IP and IP Routing Configuration Guide for Note Release 12.1.
Page 628 Verify your entries. Step 15 copy running-config startup-config (Optional) Save your entries in the configuration file. To shut down an IGRP routing process, use the no router igrp global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 28-26 78-15870-01...
Page 629: Configuring Split Horizon
Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. To enable the split horizon mechanism, use the ip split-horizon interface configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 28-27 78-15870-01...
Page 630: Configuring Ospf
Configuring OSPF This section briefly describes how to configure Open Shortest Path First (OSPF). For a complete description of the OSPF commands, refer to the “OSPF Commands” chapter of the Cisco IOS IP and IP Routing Command Reference for Release 12.1.
Page 631: Default Ospf Configuration
Neighbor database filter Disabled. All outgoing LSAs are flooded to the neighbor. Network area Disabled. Router ID No OSPF routing process defined. Summary address Disabled. Timers LSA group pacing 240 seconds. Catalyst 3750 Metro Switch Software Configuration Guide 28-29 78-15870-01...
Page 632: Configuring Basic Ospf Parameters
To terminate an OSPF routing process, use the no router ospf process-id global configuration command. This example shows how to configure an OSPF routing process and assign it a process number of 109: Switch(config)# router ospf 109 Switch(config-router)# network 131.108.0.0 255.255.255.0 area 24 Catalyst 3750 Metro Switch Software Configuration Guide 28-30 78-15870-01...
Page 633: Configuring Ospf Interfaces
(Optional) Block flooding of OSPF LSA packets to the interface. By default, OSPF floods new LSAs over all interfaces in the same area, except the interface on which the LSA arrives. Step 12 Return to privileged EXEC mode. Catalyst 3750 Metro Switch Software Configuration Guide 28-31 78-15870-01...
Page 634: Configuring Ospf Area Parameters
NSSA. • default-information-originate—Select on an ABR to allow importing type 7 LSAs into the NSSA. • no-redistribution—Select to not send summary LSAs into the NSSA. Catalyst 3750 Metro Switch Software Configuration Guide 28-32 78-15870-01...
Page 635: Configuring Other Ospf Parameters
OSPF from sending hello packets for the sending interface, you must configure the sending device to be a passive interface. Both devices can identify each other through the hello packet for the receiving interface. Catalyst 3750 Metro Switch Software Configuration Guide 28-33 78-15870-01...
Page 636 [process-id [area-id]] database Display lists of information related to the OSPF database for a specific router. For some of the keyword options, see to the “Monitoring OSPF” section on page 28-36. Step 14 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 3750 Metro Switch Software Configuration Guide 28-34 78-15870-01...
Page 637: Changing Lsa Group Pacing
Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no interface loopback 0 global configuration command to disable the loopback interface. Catalyst 3750 Metro Switch Software Configuration Guide 28-35 78-15870-01...
Page 638: Monitoring Ospf
EXEC commands for displaying statistics. For more show ip ospf database privileged EXEC command options and for explanations of fields in the resulting display, refer to the Cisco IOS IP and IP Routing Command Reference for Release 12.1. Table 28-7 Show IP OSPF Statistics Commands...
Page 639: Configuring Eigrp
Configuring EIGRP Configuring EIGRP Enhanced IGRP (EIGRP) is a Cisco proprietary enhanced version of the IGRP. EIGRP uses the same distance vector algorithm and distance information as IGRP; however, the convergence properties and the operating efficiency of EIGRP are significantly improved.
Page 640: Default Eigrp Configuration
MTU: maximum transmission unit size of the route in bytes. 0 or any positive integer. Distance Internal distance: 90. External distance: 170. EIGRP log-neighbor changes Disabled. No adjacency changes logged. IP authentication key-chain No authentication provided. Catalyst 3750 Metro Switch Software Configuration Guide 28-38 78-15870-01...
Page 641: Configuring Basic Eigrp Parameters
Associate networks with an EIGRP routing process. EIGRP sends updates to the interfaces in the specified networks. If an interface’s network is not specified, it is not advertised in any IGRP or EIGRP update. Catalyst 3750 Metro Switch Software Configuration Guide 28-39 78-15870-01...
Page 642: Configuring Eigrp Interfaces
(Optional) Change the hello time interval for an EIGRP seconds routing process. The range is 1 to 65535 seconds. The default is 60 seconds for low-speed NBMA networks and 5 seconds for all other networks. Catalyst 3750 Metro Switch Software Configuration Guide 28-40 78-15870-01...
Page 643: Configuring Eigrp Route Authentication
Match the name configured in Step 4. Step 7 key number In key-chain configuration mode, identify the key number. Step 8 key-string text In key-chain key configuration mode, identify the key string. Catalyst 3750 Metro Switch Software Configuration Guide 28-41 78-15870-01...
Page 644: Monitoring And Maintaining Eigrp
You can delete neighbors from the neighbor table. You can also display various EIGRP routing statistics. Table 28-9 lists the privileged EXEC commands for deleting neighbors and displaying statistics. For explanations of fields in the resulting display, refer to the Cisco IOS IP and IP Routing Command Reference for Release 12.1. Table 28-9...
Page 645: Configuring Bgp
BGP in Internet Routing Architectures, published by Cisco Press, and in the “Configuring BGP” chapter in the Cisco IOS IP and IP Routing Configuration Guide. For details about BGP commands and keywords, refer to the Cisco IOS IP and IP Routing Command Note Reference for Release 12.1.
Page 646 AS-level policy decisions. A router or switch running Cisco IOS does not select or use an IBGP route unless it has a route available to the next-hop router and it has received synchronization from an IGP (unless IGP synchronization is disabled).
Page 647: Default Bgp Configuration
Default BGP Configuration Table 28-10 shows the basic default BGP configuration. For the defaults for all characteristics, refer to the specific commands in the Cisco IOS IP and IP Routing Command Reference for Release 12.1. Table 28-10 Default BGP Configuration Feature...
Page 648 Weight: Routes learned through BGP peer: 0; routes sourced by the local router: • 32768. Route reflector None configured. Synchronization (BGP and IGP) Enabled. Table map update Disabled. Timers Keepalive: 60 seconds Holdtime: 180 seconds. Catalyst 3750 Metro Switch Software Configuration Guide 28-46 78-15870-01...
Page 649: Enabling Bgp Routing
Step 8 no auto-summary (Optional) Disable automatic network summarization. By default, when a subnet is redistributed from an IGP into BGP, only the network route is inserted into the BGP table. Catalyst 3750 Metro Switch Software Configuration Guide 28-47 78-15870-01...
Page 650 IP address on that router (or the highest loopback interface). Each time the table is updated with new information, the table version number increments. A table version number that continually increments means that a route is flapping, causing continual routing updates. Catalyst 3750 Metro Switch Software Configuration Guide 28-48 78-15870-01...
Page 651: Managing Routing Policy Changes
BGP sessions so that the configuration changes take effect. There are two types of reset, hard reset and soft reset. Cisco IOS software releases 12.1 and later support a soft reset without any prior configuration. To use a soft reset without preconfiguration, both BGP peers must support the soft route refresh capability, which is advertised in the OPEN message sent when the peers establish a TCP session.
Page 652: Configuring Bgp Decision Attributes
Prefer the path with the largest weight (a Cisco proprietary parameter). The weight attribute is local to the router and not propagated in routing updates. By default, the weight attribute is 32768 for paths that the router originates and zero for other paths.
Page 653 (Optional) Set a MED metric to set preferred paths to external neighbors. All routes without a MED will also be set to this value. The range is 1 to 4294967295. The lowest value is the most desirable. Catalyst 3750 Metro Switch Software Configuration Guide 28-51 78-15870-01...
Page 654: Configuring Bgp Filtering With Route Maps
Beginning in privileged EXEC mode, follow these steps to use a route map to disable next-hop processing: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 route-map map-tag [[permit | deny] | Create a route map, and enter route-map configuration mode. sequence-number]] Catalyst 3750 Metro Switch Software Configuration Guide 28-52 78-15870-01...
Page 655: Configuring Bgp Filtering By Neighbor
Step 4 neighbor {ip-address | peer-group name} (Optional) Apply a route map to filter an incoming or outgoing route-map map-tag {in | out} route. Step 5 Return to privileged EXEC mode. Catalyst 3750 Metro Switch Software Configuration Guide 28-53 78-15870-01...
Page 656: Configuring Prefix Lists For Bgp Filtering
BGP autonomous system paths. Each filter is an access list based on regular expressions. (Refer to the “Regular Expressions” appendix in the Cisco IOS Dial Services Command Reference for more information on forming regular expressions.) To use this method, define an autonomous system path access list, and apply it to updates to and from particular neighbors.
Page 657: Configuring Bgp Community Filtering
EBGP peers. • no-advertise—Do not advertise this route to any peer (internal or external). • local-as—Do not advertise this route to peers outside the local autonomous system. Catalyst 3750 Metro Switch Software Configuration Guide 28-55 78-15870-01...
Page 658: Configuring Bgp Neighbors And Peer Groups
(Optional) Display and parse BGP communities in the format AA:NN. A BGP community is displayed in a two-part format 2 bytes long. The Cisco default community format is in the format NNAA. In the most recent RFC for BGP, a community takes the form AA:NN, where the first part is the AS number and the second part is a 2-byte number.
Page 659 (optional) is the percentage of maximum at which a warning message is generated. The default is 75 percent. Step 14 neighbor {ip-address | peer-group-name} (Optional) Disable next-hop processing on the BGP updates to a next-hop-self neighbor. Catalyst 3750 Metro Switch Software Configuration Guide 28-57 78-15870-01...
Page 660: Configuring Aggregate Addresses
BGP table when there is at least one more specific entry in the BGP table. Beginning in privileged EXEC mode, use these commands to create an aggregate address in the routing table: Catalyst 3750 Metro Switch Software Configuration Guide 28-58 78-15870-01...
Page 661: Configuring Routing Domain Confederations
Beginning in privileged EXEC mode, use these commands to configure a BGP confederation: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 router bgp autonomous-system Enter BGP router configuration mode. Catalyst 3750 Metro Switch Software Configuration Guide 28-59 78-15870-01...
Page 662: Configuring Bgp Route Reflectors
Configure the local router as a BGP route reflector and the route-reflector-client specified neighbor as a client. Step 4 bgp cluster-id cluster-id (Optional) Configure the cluster ID if the cluster has more than one route reflector. Catalyst 3750 Metro Switch Software Configuration Guide 28-60 78-15870-01...
Page 663: Configuring Route Dampening
To disable flap dampening, use the no bgp dampening router configuration command without keywords. To set dampening factors back to the default values, use the no bgp dampening router configuration command with values. Catalyst 3750 Metro Switch Software Configuration Guide 28-61 78-15870-01...
Page 664: Monitoring And Maintaining Bgp
Table 28-9 lists the privileged EXEC commands for clearing and displaying BGP. For explanations of the display fields, refer to the Cisco IOS IP and IP Routing Command Reference for Release 12.1. Table 28-12 IP BGP Clear and Show Commands...
Page 665: Configuring Iso Clns Routing
Configuring IS-IS Dynamic Routing, page 28-66 Note For more detailed information about ISO CLNS, refer to the Cisco IOS Apollo Domain, Banyan VINES, DECnet, ISO CLNS and XNS Configuration Guide for Release 12.1. For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS Apollo Domain, Banyan VINES, DECnet, ISO CLNS and XNS Command Reference for Release 12.1, use the IOS command...
Page 666: Default Iso Igrp Configuration
Level 1 information. Step 8 exit Return to global configuration mode. Repeat steps 5 and 6 to enable ISO IGRP on other interfaces. Step 9 Return to privileged EXEC mode. Catalyst 3750 Metro Switch Software Configuration Guide 28-64 78-15870-01...
Page 667: Configuring Optional Iso Igrp Parameters
You can also configure the bandwidth and delay associated with an interface to change the metrics. Refer to the Cisco IOS Interface Command Reference publication for details about the bandwidth and delay interface configuration commands used to set these metrics. Using these commands to change the values of the ISO IGRP metrics also changes the values of IP IGRP metrics.
Page 668: Configuring Is-Is Dynamic Routing
Within a local area, routers know how to reach all system IDs. Between areas, routers know how to reach the backbone, and the backbone routers know how to reach other areas. Catalyst 3750 Metro Switch Software Configuration Guide 28-66 78-15870-01...
Page 669: Default Is-Is Configuration
For IS-IS multiarea routing, you can configure only one process to perform Level 2 routing, although you can define up to 29 Level 1 areas for each Cisco unit. If Level 2 routing is configured on any process, all additional processes are automatically configured as Level 1. You can configure this process to perform Level 1 routing at the same time.
Page 670: Enabling Is-Is Routing
Level 2 (area) router for multi-area routing, or both (the default): level-1—act as a station router only • level-1-2—act as both a station router and an area router • level 2—act as an area router only • Catalyst 3750 Metro Switch Software Configuration Guide 28-68 78-15870-01...
Page 671 Switch(config)# router isis Switch(config-router)# net 49.0001.0000.0000.000b.00 Switch(config-router)# exit Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# ip router isis Switch(config-if)# clns router isis Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# ip router isis Switch(config-if)# clns router isis Switch(config-router)# exit Catalyst 3750 Metro Switch Software Configuration Guide 28-69 78-15870-01...
Page 672: Configuring Is-Is Global Parameters
Enter global configuration mode. Step 2 clns routing Enable ISO connectionless routing on the switch. Step 3 router isis Specify the IS-IS routing protocol and enter router configuration mode. Catalyst 3750 Metro Switch Software Configuration Guide 28-70 78-15870-01...
Page 673 The range is 1 to 10000; the default is 50. lsp-second-wait—the hold time between the first and second LSP • generation (in milliseconds). The range is 1 to 10000; the default is 5000. Catalyst 3750 Metro Switch Software Configuration Guide 28-71 78-15870-01...
Page 674: Configuring Is-Is Interface Parameters
However, if you change some values from the defaults, such as multipliers and time intervals, it makes sense to also change them on multiple routers and interfaces. Most of the interface parameters can be configured for level 1, level 2, or both. Catalyst 3750 Metro Switch Software Configuration Guide 28-72 78-15870-01...
Page 675 • hello multiplier so that the resulting hold time is 1 second. seconds—the range is from 1 to 65535. The default is 10 seconds. • Catalyst 3750 Metro Switch Software Configuration Guide 28-73 78-15870-01...
Page 676: Monitoring And Maintaining Iso Igrp And Is-Is
You can remove all contents of a CLNS cache or remove information for a particular neighbor or route. You can display specific CLNS or IS-IS statistics, such as the contents of routing tables, caches, and databases. You can also display information about specific interfaces, filters, or neighbors. Catalyst 3750 Metro Switch Software Configuration Guide 28-74 78-15870-01...
Page 677 EXEC commands for clearing and displaying ISO CLNS and IS-IS routing. For explanations of the display fields, refer to the Cisco IOS Apollo Domain, Banyan VINES, DECnet, ISO CLNS and XNS Command Reference for Release 12.1, use the Cisco IOS command reference master index, or search online.
Page 678: Configuring Multi-Vrf Ce
VPN. Each VPN is mapped to a specified VRF. After learning local VPN routes from CEs, a PE router exchanges VPN routing information with other PE routers by using internal BGP (IBPG). A Catalyst 3750 Metro switch would typically be used as a PE. Catalyst 3750 Metro Switch Software Configuration Guide...
Page 679 VPN service, for example, small companies. In this case, multi-VRF CE support is required in the Catalyst 3750 Metro switches. Because multi-VRF CE is a Layer 3 feature, each interface in a VRF must be a Layer 3 interface.
Page 680: Default Multi-Vrf Ce Configuration
No import maps, export maps, or route maps are defined. VRF maximum routes 8000 (total number of routes supported in hardware). Forwarding table The default for an interface is the global routing table. Catalyst 3750 Metro Switch Software Configuration Guide 28-78 78-15870-01...
Page 681: Multi-Vrf Ce Configuration Guidelines
VRFs are not compatible with the PBR template. If you configure the PBR template by entering the sdm prefer routing-pbr command, any preconfigured VRFs are removed from the configuration. PBR and VRFs cannot function on the same switch. Catalyst 3750 Metro Switch Software Configuration Guide 28-79 78-15870-01...
Page 682: Configuring Vrfs
Beginning in privileged EXEC mode, follow these steps to configure one or more VRFs. For complete syntax and usage information for the commands, refer to the switch command reference for this release and the Cisco IOS Switching Services Command Reference for Release 12.1. Command...
Page 683: Configuring Bgp Pe To Ce Routing Sessions
(Optional) Save your entries in the configuration file. Use the no router bgp autonomous-system-number global configuration command to delete the BGP routing process. Use the command with keywords to delete routing characteristics. Catalyst 3750 Metro Switch Software Configuration Guide 28-81 78-15870-01...
Page 684: Multi-Vrf Ce Configuration Example
28-6. OSPF is the protocol used in VPN1, VPN2, and the global network. BGP is used in the CE-to-PE connections. The examples following the illustration show how to configure a Catalyst 3750 Metro switch as CE Switch A and the VRF configuration for customer switches D and F. Commands for configuring CE Switch C and the other customer switches are not included, but would be similar to those shown.
Page 685 Switch(config-router)# redistribute bgp 800 subnets Switch(config-router)# network 208.0.0.0 0.0.0.255 area 0 Switch(config-router)# exit Switch(config)# router ospf 2 vrf vl2 Switch(config-router)# redistribute bgp 800 subnets Switch(config-router)# network 118.0.0.0 0.0.0.255 area 0 Switch(config-router)# exit Catalyst 3750 Metro Switch Software Configuration Guide 28-83 78-15870-01...
Page 686 Switch(config-if)# switchport mode trunk Switch(config-if)# no ip address Switch(config-if)# exit Switch(config)# interface Vlan118 Switch(config-if)# ip address 118.0.0.11 255.255.255.0 Switch(config-if)# exit Switch(config)# router ospf 101 Switch(config-router)# network 118.0.0.0 0.0.0.255 area 0 Switch(config-router)# end Catalyst 3750 Metro Switch Software Configuration Guide 28-84 78-15870-01...
Page 687 Router(config-router-af)# neighbor 83.0.0.8 activate Router(config-router-af)# network 3.3.2.0 mask 255.255.255.0 Router(config-router-af)# exit Router(config-router)# address-family ipv4 vrf vl Router(config-router-af)# neighbor 83.0.0.8 remote-as 800 Router(config-router-af)# neighbor 83.0.0.8 activate Router(config-router-af)# network 3.3.1.0 mask 255.255.255.0 Router(config-router-af)# end Catalyst 3750 Metro Switch Software Configuration Guide 28-85 78-15870-01...
Page 688: Displaying Multi-Vrf Ce Status
[brief | detail | interfaces] [vrf-name] Display information about the defined VRF instances. For more information about the information in the displays, refer to the Cisco IOS Switching Services Command Reference for Release 12.1. Configuring Protocol-Independent Features This section describes how to configure IP routing protocol-independent features.For a complete...
Page 689: Configuring The Number Of Equal-Cost Routing Paths
Although the router automatically learns about and configures equal-cost routes, you can control the maximum number of parallel paths supported by an IP routing protocol in its routing table. Catalyst 3750 Metro Switch Software Configuration Guide 28-87 78-15870-01...
Page 690: Configuring Static Unicast Routes
28-18. If you want a static route to be overridden by information from a dynamic routing protocol, set the administrative distance of the static route higher than that of the dynamic protocol. Catalyst 3750 Metro Switch Software Configuration Guide 28-88 78-15870-01...
Page 691: Specifying Default Routes And Networks
A router that is generating the default for a network also might need a default of its own. One way a router can generate its own default is to specify a static route to the network 0.0.0.0 through the appropriate device. Catalyst 3750 Metro Switch Software Configuration Guide 28-89 78-15870-01...
Page 692: Using Route Maps To Redistribute Routing Information
The system periodically scans its routing table to choose the optimal default network as its default route. In IGRP networks, there might be several candidate networks for the system default. Cisco routers use administrative distance and metric information to determine the default route or the gateway of last resort.
Page 693 Match the specified route-type: type-2]} local—Locally generated BGP routes. • internal—OSPF intra-area and interarea routes or • EIGRP internal routes. external—OSPF external routes (Type 1 or Type 2) • or EIGRP external routes. Catalyst 3750 Metro Switch Software Configuration Guide 28-91 78-15870-01...
Page 694 To delete an entry, use the no route-map map tag global configuration command or the no match or no set route-map configuration commands. You can distribute routes from one routing domain into another and control route distribution. Catalyst 3750 Metro Switch Software Configuration Guide 28-92 78-15870-01...
Page 695 It does not change the metrics of routes derived from IGRP updates from other autonomous systems. • Any protocol can redistribute other routing protocols if a default mode is in effect. Catalyst 3750 Metro Switch Software Configuration Guide 28-93 78-15870-01...
Page 696: Configuring Policy-Based Routing
If match clauses are satisfied, you can use a set clause to specify the IP addresses identifying the next hop router in the path. Note For details about PBR commands and keywords, refer to the Cisco IOS IP and IP Routing Command Reference for Release 12.1. PBR Configuration Guidelines...
Page 697: Enabling Pbr
(Optional)— Number that shows the position of a new route map in the list of route maps already configured with the same name. Catalyst 3750 Metro Switch Software Configuration Guide 28-95 78-15870-01...
Page 698: Filtering Routing Information
Filtering Routing Information You can filter routing protocol information by performing the tasks described in this section. When routes are redistributed between OSPF processes, no OSPF metrics are preserved. Note Catalyst 3750 Metro Switch Software Configuration Guide 28-96 78-15870-01...
Page 699: Setting Passive Interfaces
When used in OSPF, this feature applies to only external routes, and you cannot specify an interface name. You can also use a distribute-list router configuration command to avoid processing certain routes listed in incoming updates. (This feature does not apply to OSPF.) Catalyst 3750 Metro Switch Software Configuration Guide 28-97 78-15870-01...
Page 700: Filtering Sources Of Routing Information
Routes with a distance of 255 are not installed in the routing table. (Optional) ip access list—An IP standard or extended access list to be applied to incoming routing updates. Step 4 Return to privileged EXEC mode. Catalyst 3750 Metro Switch Software Configuration Guide 28-98 78-15870-01...
Page 701: Managing Authentication Keys
Month date year or hh:mm:ss date Month year. The default is forever with the default start-time and the earliest acceptable date as January 1, 1993. The default end-time and duration is infinite. Catalyst 3750 Metro Switch Software Configuration Guide 28-99 78-15870-01...
Page 702: Monitoring And Maintaining The Ip Network
Display supernets. show ip cache Display the routing table used to switch IP traffic. show route-map [map-name] Display all route maps configured or only the one specified. Catalyst 3750 Metro Switch Software Configuration Guide 28-100 78-15870-01...
Page 703: Chapter 29 Configuring Hsrp
C H A P T E R Configuring HSRP This chapter describes how to use Hot Standby Router Protocol (HSRP) on the Catalyst 3750 Metro switch to provide routing redundancy for routing IP traffic without being dependent on the availability of any single router.
Page 704 Host C’s segment that need to communicate with users on Host B’s segment and also continues to perform its normal function of handling packets between the Host A segment and Host B. Catalyst 3750 Metro Switch Software Configuration Guide 29-2 78-15870-01...
Page 705: Configuring Hsrp
Configuring HSRP These sections include HSRP configuration information: Default HSRP Configuration, page 29-4 • HSRP Configuration Guidelines, page 29-4 • • Enabling HSRP, page 29-5 • Configuring HSRP Group Attributes, page 29-6 Catalyst 3750 Metro Switch Software Configuration Guide 29-3 78-15870-01...
Page 706: Default Hsrp Configuration
Ethernet interface into the channel group. For more information, see the “Configuring Layer 3 EtherChannels” section on page 27-12. • All Layer 3 interfaces must have IP addresses assigned to them. See the “Configuring Layer 3 Interfaces” section on page 9-18. Catalyst 3750 Metro Switch Software Configuration Guide 29-4 78-15870-01...
Page 707: Enabling Hsrp
[interface-id [group]] Verify the configuration. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no standby [group-number] ip [ip-address] interface configuration command to disable HSRP. Catalyst 3750 Metro Switch Software Configuration Guide 29-5 78-15870-01...
Page 708: Configuring Hsrp Group Attributes
To solve this problem, configure a delay time to allow the router to update its routing table. Catalyst 3750 Metro Switch Software Configuration Guide 29-6 78-15870-01...
Page 709 Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify the configuration of the standby groups. Step 8 copy running-config (Optional) Save your entries in the configuration file. startup-config Catalyst 3750 Metro Switch Software Configuration Guide 29-7 78-15870-01...
Page 710: Configuring Hsrp Authentication And Timers
[group-number] authentication string (Optional) authentication string—Enter a string to be carried in all HSRP messages. The authentication string can be up to eight characters in length; the default string is cisco. (Optional) group-number—The group number to which the command applies.
Page 711 15 seconds: Switch# configure terminal Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# no switchport Switch(config-if)# standby 1 ip Switch(config-if)# standby 1 timers 5 15 Switch(config-if)# end Switch# Catalyst 3750 Metro Switch Software Configuration Guide 29-9 78-15870-01...
Page 712: Displaying Hsrp Configurations
Hellotime 3 holdtime 10 Next hello sent in 00:00:02.262 Hot standby IP address is 172.20.138.51 configured Active router is local Standby router is unknown expired Standby virtual mac address is 0000.0c07.ac64 Name is test Catalyst 3750 Metro Switch Software Configuration Guide 29-10 78-15870-01...
Page 713: Chapter 30 Configuring Mpls And Eompls
This chapter describes how to configure multiprotocol label switching (MPLS) and Ethernet over MPLS (EoMPLS) on the Catalyst 3750 Metro switch. MPLS is a packet-switching technology that integrates link layer (Layer 2) switching with network layer (Layer 3) routing. With MPLS, data is transferred over any combination of Layer 2 technologies, using any Layer 3 protocol, with increased scalability.
Page 714: Understanding Mpls Vpns
Thus, the label value changes as the IP packet travels through the network. Because the Catalyst 3750 Metro switch is used as a service-provider edge (PE) device, rather than a Note service-provider core router, it does not normally operate as an LSR. The switch only performs label switching when it is connected to two different provider core routers over the ES ports to provide a redundant path.
Page 715: Vpn Benefits
• Easy to create—Because MPLS VPNs are connectionless, no specific point-to-point connection maps or topologies are required, and you can add sites to intranets and extranets to form closed user groups. Catalyst 3750 Metro Switch Software Configuration Guide 30-3 78-15870-01...
Page 716 VPNs. The VPNs can communicate with these sites: VPN1: Sites 2 and 4 VPN2: Sites 1, 3, and 4 VPN3: Sites 1, 3, and 5 Catalyst 3750 Metro Switch Software Configuration Guide 30-4 78-15870-01...
Page 717: Distribution Of Vpn Routing Information
IPv4. It does this in a way that ensures that the routes for a given VPN are learned only by other members of that VPN, which enables members of the VPN to communicate with each other. Catalyst 3750 Metro Switch Software Configuration Guide 30-5 78-15870-01...
Page 718: Configuring Mpls Vpns
Chapter 30 Configuring MPLS and EoMPLS Configuring MPLS VPNs Configuring MPLS VPNs This section includes this information about configuring MPLS VPNs on a Catalyst 3750 Metro switch used as a PE router: • Default MPLS Configuration, page 30-6 • MPLS VPN Configuration Guidelines, page 30-6...
Page 719: Enabling Mpls
MPLS. Use the no mpls ip global configuration command to disable MPLS on the switch. Use the no mpls label protocol ldp global configuration command to return to the default TDP. Catalyst 3750 Metro Switch Software Configuration Guide 30-7 78-15870-01...
Page 720: Defining Vpns
Use the no ip vrf vrf-name global configuration command to delete a VRF and remove all interfaces from it. Use the no ip vrf forwarding interface configuration command to remove an interface from a VRF. Catalyst 3750 Metro Switch Software Configuration Guide 30-8 78-15870-01...
Page 721: Configuring Bgp Routing Sessions
Verify BGP configuration. Display information about all BGP IPv4 prefixes. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no router bgp autonomous-system global configuration command to delete the BGP routing session. Catalyst 3750 Metro Switch Software Configuration Guide 30-9 78-15870-01...
Page 722: Configuring Bgp Pe-To-Ce Routing Sessions
[network-prefix] Verify the configuration. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no router rip global configuration command to disable RIP routing. Catalyst 3750 Metro Switch Software Configuration Guide 30-10 78-15870-01...
Page 723: Configuring Static Route Pe-To-Ce Routing Sessions
Label 42 Step 2 Step 2 destination: CE2 VPN A, site 1 IP destination: Label N 16.2.1.1 destination: PE3 16.2/16 Label 42 VPN A, site 2 destination: CE2 IP destination: 16.2.1.1 Catalyst 3750 Metro Switch Software Configuration Guide 30-11 78-15870-01...
Page 724: Understanding Eompls
The packet flow follows these steps: Step 1 Provider-edge switch PE1 (which could be a Catalyst 3750 Metro switch) receives a packet from the customer switch at site 1. The switch determines from the lookup table that the VRF is a VLAN running MPLS and uses the MPLS lookup table to determine what to do with the packet.
Page 725: Interaction With Other Features
MPLS label MPLS label Trunk port applied removed port MPLS cloud VLANs 10-50 VLANs 10-50 (VLAN 100 tag VLANs 10-50 VLANs 10-50 removed) encapsulated in encapsulated in VLAN 100 VLAN 100 Catalyst 3750 Metro Switch Software Configuration Guide 30-13 78-15870-01...
Page 726: Eompls And Layer 2 Tunneling
Ethernet VLANs over the MPLS backbone. Adding a second Layer 2 connection causes the spanning-tree state to constantly toggle if you disable spanning tree on the peer router. Catalyst 3750 Metro Switch Software Configuration Guide 30-14 78-15870-01...
Page 727: Enabling Eompls
If the specified interface is not up or does not have an IP address, use the force keyword with – the command to ensure that the IP address of the specified interface is used when that interface is brought up. Catalyst 3750 Metro Switch Software Configuration Guide 30-15 78-15870-01...
Page 728: Configuring Eompls
(Optional) Save your entries in the configuration file. Use the no mpls l2transport route destination vc-id or no xconnect destination vc-id interface command to delete the EoMPLS tunnel. Catalyst 3750 Metro Switch Software Configuration Guide 30-16 78-15870-01...
Page 729: Packet Flow In An Eompls Network
PE1 configured for 802.1Q tagging. Host A sends a packet to Host B, using the specific values of MAC addresses, labels, and VLANs shown in the figure. The customer switch tags the host packet and forwards it over the trunk port to PE1. Catalyst 3750 Metro Switch Software Configuration Guide 30-17 78-15870-01...
Page 730: Configuring Mpls And Eompls Qos
If the network is an MPLS network, the IP precedence bits are copied into the MPLS EXP field at the edge of the network. Catalyst 3750 Metro Switch Software Configuration Guide 30-18 78-15870-01...
Page 731 Packets are considered to be in-rate or out-of-rate. If there is congestion in the network, out-of-rate packets might be dropped more aggressively. Catalyst 3750 Metro Switch Software Configuration Guide 30-19 78-15870-01...
Page 732: Enabling Mpls And Eompls Qos
MPLS QoS: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 mls qos Enable QoS globally. QoS runs from the default settings described in Chapter 26, “Configuring QoS.” Catalyst 3750 Metro Switch Software Configuration Guide 30-20 78-15870-01...
Page 733 Switch(config)# class-map match-all silver-class Switch(config-cmap)# match ip precedence 2 Switch(config-cmap)# exit Switch(config)# policy-map out-policy Switch(config-pmap)# class gold-class Switch(config-pmap-c)# set mpls experimental 5 Switch(config-pmap-c)# exit Switch(config-pmap)# class silver-class Switch(config-pmap-c)# set mpls experimental 4 Switch(config-pmap-c)# exit Catalyst 3750 Metro Switch Software Configuration Guide 30-21 78-15870-01...
Page 734: Monitoring And Maintaining Mpls And Eompls
IP access list. show mpls ldp backoff Display information about the configured session setup backoff parameters and any potential LDP peers with which session setup attempts are being throttled. Catalyst 3750 Metro Switch Software Configuration Guide 30-22 78-15870-01...
Page 735: Chapter 31 Configuring Ip Multicast Routing
However, only the members of a group receive the message. Note For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS IP and IP Routing Command Reference for Release 12.1. This chapter consists of these sections: •...
Page 736: Understanding Cisco's Implementation Of Ip Multicast Routing
• Internet (MBONE). The software supports PIM-to-DVMRP interaction. • Cisco Group Management Protocol (CGMP) is used on Cisco routers and multilayer switches connected to Layer 2 Catalyst switches to perform tasks similar to those performed by IGMP. Figure 31-1 shows where these protocols operate within the IP multicast environment.
Page 737: Igmp Version 1
Protocol Independent Multicast (PIM), Dense Mode Protocol Specification • Protocol Independent Multicast (PIM), Sparse Mode Protocol Specification • draft-ietf-idmr-igmp-v2-06.txt, Internet Group Management Protocol, Version 2 • draft-ietf-pim-v2-dm-03.txt, PIM Version 2 Dense Mode Catalyst 3750 Metro Switch Software Configuration Guide 31-3 78-15870-01...
Page 738: Pim Versions
(designated router [DR]) to complete the shared tree path from the source to the receiver. When using a shared tree, sources must send their traffic to the RP so that the traffic reaches all receivers. Catalyst 3750 Metro Switch Software Configuration Guide 31-4 78-15870-01...
Page 739: Auto-Rp
This proprietary feature eliminates the need to manually configure the RP information in every router and multilayer switch in the network. For Auto-RP to work, you configure a Cisco router or multilayer switch as the mapping agent. It uses IP multicast to learn which routers or switches in the network are possible candidate RPs to receive candidate RP announcements.
Page 740: Multicast Forwarding And Reverse Path Check
Layer 3 switch Gigabit Ethernet 1/1/1 Gigabit Ethernet 1/1/2 Table 31-1 Routing Table Example for an RPF Check Network Port 151.10.0.0/16 Gigabit Ethernet 1/0/1 198.14.32.0/32 Gigabit Ethernet 1/1/1 204.1.16.0/24 Gigabit Ethernet 1/1/2 Catalyst 3750 Metro Switch Software Configuration Guide 31-6 78-15870-01...
Page 741: Understanding Dvmrp
This protocol has been deployed in the MBONE and in other intradomain multicast networks. Cisco routers and multilayer switches run PIM and can forward multicast packets to and receive from a DVMRP neighbor. It is also possible to propagate DVMRP routes into and through a PIM cloud. The software propagates DVMRP routes and builds a separate database for these routes on each router and multilayer switch, but PIM uses this routing information to make the packet-forwarding decision.
Page 742: Configuring Ip Multicast Routing
• you want to treat the group as a sparse group) • Using Auto-RP and a BSR, page 31-21 (required for non-Cisco PIMv2 devices to interoperate with Cisco PIM v1 devices)) Monitoring the RP Mapping Information, page 31-22 (optional) •...
Page 743: Pimv1 And Pimv2 Interoperability
PIMv2 BSR. However, Auto-RP is a standalone protocol, separate from PIMv1, and is a proprietary Cisco protocol. PIMv2 is a standards track protocol in the IETF. We recommend that you use PIMv2. The BSR mechanism interoperates with Auto-RP on Cisco routers and multilayer switches.
Page 744: Configuring Basic Multicast Routing
If you have a network that includes non-Cisco routers, configure the Auto-RP mapping agent and the BSR on a Cisco PIMv2 router or multilayer switch. Ensure that no PIMv1 device is on the path between the BSR and a non-Cisco PIMv2 router.
Page 745: Configuring A Rendezvous Point
For more information, see the “PIMv1 and PIMv2 Interoperability” section on page 31-9 and the “Auto-RP and BSR Configuration Guidelines” section on page 31-9. Catalyst 3750 Metro Switch Software Configuration Guide 31-11 78-15870-01...
Page 746: Manually Assigning An Rp To Multicast Groups
Place ones in the bit positions that you want to ignore. Recall that the access list is always terminated by an implicit deny statement for everything. Step 4 Return to privileged EXEC mode. Catalyst 3750 Metro Switch Software Configuration Guide 31-12 78-15870-01...
Page 747: Configuring Auto-Rp
Switch(config)# ip pim rp-address 147.106.6.22 1 Configuring Auto-RP Auto-RP uses IP multicast to automate the distribution of group-to-RP mappings to all Cisco routers and multilayer switches in a PIM network. It has these benefits: It is easy to use multiple RPs within a network to serve different group ranges.
Page 748 Place ones in the bit positions that you want to ignore. Recall that the access list is always terminated by an implicit deny statement for everything. Catalyst 3750 Metro Switch Software Configuration Guide 31-14 78-15870-01...
Page 749 RP-mapping information. When this is the case and the ip pim accept-rp auto-rp command is configured, another ip pim accept-rp command accepting the RP must be configured as follows: Switch(config)# ip pim accept-rp 172.10.20.1 1 Switch(config)# access-list 1 permit 224.0.1.39 Switch(config)# access-list 1 permit 224.0.1.40 Catalyst 3750 Metro Switch Software Configuration Guide 31-15 78-15870-01...
Page 750 (Optional) Save your entries in the configuration file. To remove a filter on incoming RP announcement messages, use the no ip pim rp-announce-filter rp-list access-list-number [group-list access-list-number] global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 31-16 78-15870-01...
Page 751: Configuring Pimv2 Bsr
PIMv2 BSR messages on this interface as shown in Figure 31-3. Step 4 Return to privileged EXEC mode. Step 5 show running-config Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 3750 Metro Switch Software Configuration Guide 31-17 78-15870-01...
Page 752 Configure the boundary, specifying the access list you created in Step 2. access-list-number Step 5 Return to privileged EXEC mode. Step 6 show running-config Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 3750 Metro Switch Software Configuration Guide 31-18 78-15870-01...
Page 753 BSR address, uses 30 bits as the hash-mask-length, and has a priority of 10. Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# ip address 172.21.24.18 255.255.255.0 Switch(config-if)# ip pim sparse-dense-mode Switch(config-if)# ip pim bsr-candidate gigabitethernet1/0/2 30 10 Catalyst 3750 Metro Switch Software Configuration Guide 31-19 78-15870-01...
Page 754 IP multicast address space or an interface on it. Candidate RPs send candidate RP advertisements to the BSR. When deciding which devices should be RPs, consider these options: • In a network of Cisco routers and multilayer switches where only Auto-RP is used, any device can be configured as an RP. •...
Page 755: Using Auto-Rp And A Bsr
Switch(config)# access-list 4 permit 239.0.0.0 0.255.255.255 Using Auto-RP and a BSR If there are only Cisco devices in you network (no routers from other vendors), there is no need to configure a BSR. Configure Auto-RP in a network that is running both PIMv1 and PIMv2.
Page 756: Monitoring The Rp Mapping Information
RP. Figure 31-4 shows this type of shared-distribution tree. Data from senders is delivered to the RP for distribution to group members joined to the shared tree. Catalyst 3750 Metro Switch Software Configuration Guide 31-22 78-15870-01...
Page 757 Multiple sources sending to groups use the shared tree. You can configure the PIM device to stay on the shared tree. For more information, see the “Delaying the Use of PIM Shortest-Path Tree” section on page 31-24. Catalyst 3750 Metro Switch Software Configuration Guide 31-23 78-15870-01...
Page 758: Delaying The Use Of Pim Shortest-Path Tree
(spt). For kbps, specify the traffic rate in kbps. The default is 0. • Note Because of Catalyst 3750 Metro switch hardware limitations, 0 kbps is the only valid entry even though the range is 0 to 4294967. •...
Page 759: Modifying The Pim Router-Query Message Interval
Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no ip pim query-interval [seconds] interface configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 31-25 78-15870-01...
Page 760: Configuring Optional Igmp Features
Performing this procedure might impact the CPU performance because the CPU will receive all data Caution traffic for the group address. Beginning in privileged EXEC mode, follow these steps to configure the switch to be a member of a group. This procedure is optional. Catalyst 3750 Metro Switch Software Configuration Guide 31-26 78-15870-01...
Page 761: Controlling Access To Ip Multicast Groups
By default, all groups are allowed on an interface. For access-list-number, specify an IP standard access list number. The range is 1 to 99. Step 4 exit Return to global configuration mode. Catalyst 3750 Metro Switch Software Configuration Guide 31-27 78-15870-01...
Page 762: Changing The Igmp Version
Specify the IGMP version that the switch uses. Note If you change to Version 1, you cannot configure the ip igmp query-interval or the ip igmp query-max-response-time interface configuration commands. Step 4 Return to privileged EXEC mode. Catalyst 3750 Metro Switch Software Configuration Guide 31-28 78-15870-01...
Page 763: Modifying The Igmp Host-Query Message Interval
Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no ip igmp query-interval interface configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 31-29 78-15870-01...
Page 764: Changing The Igmp Query Timeout For Igmpv2
The default is 10 seconds. The range is 1 to 25. Step 4 Return to privileged EXEC mode. Step 5 show ip igmp interface [interface-id] Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 3750 Metro Switch Software Configuration Guide 31-30 78-15870-01...
Page 765: Configuring The Switch As A Statically Connected Member
– Enabling CGMP Server Support, page 31-32 (optional) – Configuring sdr Listener Support, page 31-33 (optional) • Features that control bandwidth utilization: Configuring an IP Multicast Boundary, page 31-34 (optional) – Catalyst 3750 Metro Switch Software Configuration Guide 31-31 78-15870-01...
Page 766: Enabling Cgmp Server Support
The switch serves as a CGMP server for devices that do not support IGMP snooping but have CGMP client functionality. CGMP is a protocol used on Cisco routers and multilayer switches connected to Layer 2 Catalyst switches to perform tasks similar to those performed by IGMP. CGMP is necessary because the Layer 2 switch cannot distinguish between IP multicast data packets and IGMP report messages, which are both at the MAC-level and are addressed to the same group address.
Page 767: Configuring Sdr Listener Support
Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To disable sdr support, use the no ip sdr listen interface configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 31-33 78-15870-01...
Page 768: Limiting How Long An Sdr Cache Entry Exists
Similarly, the engineering and marketing departments have an administratively-scoped boundary of 239.128.0.0/16 around the perimeter of their networks. This boundary prevents multicast traffic in the range of 239.128.0.0 through 239.128.255.255 from entering or leaving their respective networks. Catalyst 3750 Metro Switch Software Configuration Guide 31-34 78-15870-01...
Page 769 Configure the boundary, specifying the access list you created in Step 2. access-list-number Step 5 Return to privileged EXEC mode. Step 6 show running-config Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 3750 Metro Switch Software Configuration Guide 31-35 78-15870-01...
Page 770: Configuring Basic Dvmrp Interoperability Features
DVMRP routers or interoperate with DVMRP routers over an MBONE tunnel. DVMRP advertisements produced by the Cisco IOS software can cause older versions of the mrouted protocol to corrupt their routing tables and those of their neighbors.
Page 771 A more sophisticated way to achieve the same results as the preceding command is to use a route map (ip dvmrp metric metric route-map map-name interface configuration command) instead of an access list. You subject unicast routes to route-map conditions before they are injected into DVMRP. Catalyst 3750 Metro Switch Software Configuration Guide 31-37 78-15870-01...
Page 772: Configuring A Dvmrp Tunnel
You cannot configure a DVMRP tunnel between two routers. When a Cisco router or multilayer switch runs DVMRP through a tunnel, it advertises sources in DVMRP report messages, much as it does on real networks. The software also caches DVMRP report messages it receives and uses them in its RPF calculation.
Page 773 For neighbor-list access-list-number, enter the number of the • neighbor list created in Step 2. DVMRP reports are accepted only by those neighbors on the list. Step 10 Return to privileged EXEC mode. Catalyst 3750 Metro Switch Software Configuration Guide 31-39 78-15870-01...
Page 774: Advertising Network 0.0.0.0 To Dvmrp Neighbors
This example shows how to configure a DVMRP tunnel. In this configuration, the IP address of the tunnel on the Cisco switch is assigned unnumbered, which causes the tunnel to appear to have the same IP address as port 1. The tunnel endpoint source address is 172.16.2.1, and the tunnel endpoint address of the remote DVMRP router to which the tunnel is connected is 192.168.1.10.
Page 775: Responding To Mrinfo Requests
171.69.214.18 -> 171.69.214.17 (mm1-45a.cisco.com) [1/0/pim] Configuring Advanced DVMRP Interoperability Features Cisco routers and multilayer switches run PIM to forward multicast packets to receivers and receive multicast packets from senders. It is also possible to propagate DVMRP routes into and through a PIM cloud.
Page 776: Enabling Dvmrp Unicast Routing
DVMRP unicast routes, to which PIM can then reverse-path forward. Cisco devices do not perform DVMRP multicast routing among each other, but they can exchange DVMRP routes. The DVMRP routes provide a multicast topology that might differ from the unicast topology.
Page 777: Rejecting A Dvmrp Nonpruning Neighbor
Configuring Advanced DVMRP Interoperability Features Rejecting a DVMRP Nonpruning Neighbor By default, Cisco devices accept all DVMRP neighbors as peers, regardless of their DVMRP capability. However, some non-Cisco devices run old versions of DVMRP that cannot prune, so they continuously receive forwarded packets, wasting bandwidth.
Page 778 Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To disable this function, use the no ip dvmrp reject-non-pruners interface configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 31-44 78-15870-01...
Page 779: Controlling Route Exchanges
Chapter 31 Configuring IP Multicast Routing Configuring Advanced DVMRP Interoperability Features Controlling Route Exchanges These sections describe how to tune the Cisco device advertisements of DVMRP routes: • Limiting the Number of DVMRP Routes Advertised, page 31-45 (optional) • Changing the DVMRP Route Threshold, page 31-45 (optional) •...
Page 780: Configuring A Dvmrp Summary Address
Cisco router that is not on these two Ethernet segments does not properly RPF-check on the DVMRP router and is discarded. You can force the Cisco router to advertise the summary address (specified by the address and mask pair in the ip dvmrp summary-address address mask interface configuration command) in place of any route that falls in this address range.
Page 781 Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To remove the summary address, use the no ip dvmrp summary-address address mask [metric value] interface configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 31-47 78-15870-01...
Page 782: Disabling Dvmrp Autosummarization
Beginning in privileged EXEC mode, follow these steps to change the default metric. This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the interface to be configured, and enter interface configuration mode. Catalyst 3750 Metro Switch Software Configuration Guide 31-48 78-15870-01...
Page 783: Monitoring And Maintaining Ip Multicast Routing
Table 31-4 Commands for Clearing Caches, Tables, and Databases Command Purpose clear ip cgmp Clear all group entries the Catalyst switches have cached. clear ip dvmrp route {* | route} Delete routes from the DVMRP routing table. Catalyst 3750 Metro Switch Software Configuration Guide 31-49 78-15870-01...
Page 784: Displaying System And Network Statistics
[type number] List the PIM neighbors discovered by the switch. show ip pim rp [group-name | group-address] Display the RP routers associated with a sparse-mode multicast group. Catalyst 3750 Metro Switch Software Configuration Guide 31-50 78-15870-01...
Page 785: Monitoring Ip Multicast Routing
Display IP multicast packet rate and loss information. mtrace source [destination] [group] Trace the path from a source to a destination branch for a multicast distribution tree for a given group. Catalyst 3750 Metro Switch Software Configuration Guide 31-51 78-15870-01...
Page 786 Chapter 31 Configuring IP Multicast Routing Monitoring and Maintaining IP Multicast Routing Catalyst 3750 Metro Switch Software Configuration Guide 31-52 78-15870-01...
Page 787: Chapter 32 Configuring Msdp
MSDP can operate with if MBGP is not running. Note For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS IP and IP Routing Command Reference for Release 12.1. This chapter consists of these sections: •...
Page 788: Msdp Operation
DR, a branch of the source tree has been built from the source to the RP in the remote domain. Multicast traffic can now flow from the source across the source tree to the RP and then down the shared tree in the remote domain to the receiver. Catalyst 3750 Metro Switch Software Configuration Guide 32-2 78-15870-01...
Page 789: Msdp Benefits
This increases security because you can prevent your sources from being known outside your domain. Domains with only receivers can receive data without globally advertising group membership. • Global source multicast routing table state is not required, saving memory. • Catalyst 3750 Metro Switch Software Configuration Guide 32-3 78-15870-01...
Page 790: Configuring Msdp
The ISP probably uses a prefix list to define which prefixes it accepts from the customer’s router. Catalyst 3750 Metro Switch Software Configuration Guide 32-4...
Page 791 SA messages. If that peer fails, the next configured default peer accepts all SA messages. This syntax is typically used at a stub site. Catalyst 3750 Metro Switch Software Configuration Guide 32-5 78-15870-01...
Page 792: Caching Source-Active State
This delay is known as join latency. If you want to sacrifice some memory in exchange for reducing the latency of the source information, you can configure the switch to cache SA messages. Catalyst 3750 Metro Switch Software Configuration Guide 32-6 78-15870-01...
Page 793 This example shows how to enable the cache state for all sources in 171.69.0.0/16 sending to groups 224.2.0.0/16: Switch(config)# ip msdp cache-sa-state 100 Switch(config)# access-list 100 permit ip 171.69.0.0 0.0.255.255 224.2.0.0 0.0.255.255 Catalyst 3750 Metro Switch Software Configuration Guide 32-7 78-15870-01...
Page 794: Requesting Source Information From An Msdp Peer
Receivers of source information (based on knowing the requestor) • For more information, see the “Redistributing Sources” section on page 32-9 and the “Filtering Source-Active Request Messages” section on page 32-11. Catalyst 3750 Metro Switch Software Configuration Guide 32-8 78-15870-01...
Page 795: Redistributing Sources
1 to 199. This access list number must also be configured in the ip as-path access-list command. The switch advertises (S,G) pairs according to the access list or autonomous system path access list. Catalyst 3750 Metro Switch Software Configuration Guide 32-9 78-15870-01...
Page 796 Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To remove the filter, use the no ip msdp redistribute global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 32-10 78-15870-01...
Page 797: Filtering Source-Active Request Messages
171.69.2.2. SA request messages from sources on network 192.4.22.0 pass access list 1 and are accepted; all others are ignored. Switch(config)# ip msdp filter sa-request 171.69.2.2 list 1 Switch(config)# access-list 1 permit 192.4.22.0 0.0.0.255 Catalyst 3750 Metro Switch Software Configuration Guide 32-11 78-15870-01...
Page 798: Controlling Source Information That Your Switch Forwards
{ip-address | name} match criteria in the route map map-tag. route-map map-tag If all match criteria are true, a permit from the route map passes routes through the filter. A deny filters routes. Catalyst 3750 Metro Switch Software Configuration Guide 32-12 78-15870-01...
Page 799 This example shows how to allow only (S,G) pairs that pass access list 100 to be forwarded in an SA message to the peer named switch.cisco.com: Switch(config)# ip msdp peer switch.cisco.com connect-source gigabitethernet1/0/1 Switch(config)# ip msdp sa-filter out switch.cisco.com list 100 Switch(config)# access-list 100 permit ip 171.69.0.0 0.0.255.255 224.20 0 0.0.255.255 Catalyst 3750 Metro Switch Software Configuration Guide...
Page 800: Using Ttl To Limit The Multicast Data Sent In Sa Messages
Specify an IP extended access list to pass certain source/group pairs • Filter based on match criteria in a route map Beginning in privileged EXEC mode, follow these steps to apply a filter. This procedure is optional. Catalyst 3750 Metro Switch Software Configuration Guide 32-14 78-15870-01...
Page 801 To remove the filter, use the no ip msdp sa-filter in {ip-address | name} [list access-list-number] [route-map map-tag] global configuration command. This example shows how to filter all SA messages from the peer named switch.cisco.com: Switch(config)# ip msdp peer switch.cisco.com connect-source gigabitethernet1/0/1 Switch(config)# ip msdp sa-filter in switch.cisco.com...
Page 802: Configuring An Msdp Mesh Group
Administratively shut down the specified MSDP peer without losing address} configuration information. For peer-name | peer address, enter the IP address or name of the MSDP peer to shut down. Step 3 Return to privileged EXEC mode. Catalyst 3750 Metro Switch Software Configuration Guide 32-16 78-15870-01...
Page 803: Including A Bordering Pim Dense-Mode Region In Msdp
RP address. To return to the default setting (active sources in the dense-mode region do not participate in MSDP), use the no ip msdp border sa-address interface-id global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 32-17 78-15870-01...
Page 804: Configuring An Originating Address Other Than The Rp Address
RP. To prevent the RP address from being derived in this way, use the no ip msdp originator-id interface-id global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 32-18 78-15870-01...
Page 805: Monitoring And Maintaining Msdp
[group-address | name] Clears the SA cache entries for all entries, all sources for a specific group, or all entries for a specific source/group pair. Catalyst 3750 Metro Switch Software Configuration Guide 32-19 78-15870-01...
Page 806 Chapter 32 Configuring MSDP Monitoring and Maintaining MSDP Catalyst 3750 Metro Switch Software Configuration Guide 32-20 78-15870-01...
Page 807: Chapter 33 Configuring Fallback Bridging
VLAN bridge domains and routed ports. For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS Note Bridging and IBM Networking Command Reference for Release 12.1.
Page 808: Configuring Fallback Bridging
These sections describe how to configure fallback bridging on your switch: • Default Fallback Bridging Configuration, page 33-3 • Fallback Bridging Configuration Guidelines, page 33-3 Creating a Bridge Group, page 33-3 (required) • Adjusting Spanning-Tree Parameters, page 33-5 (optional) • Catalyst 3750 Metro Switch Software Configuration Guide 33-2 78-15870-01...
Page 809: Default Fallback Bridging Configuration
VLANs. Beginning in privileged EXEC mode, follow these steps to create a bridge group and to assign an interface to it. This procedure is required. Catalyst 3750 Metro Switch Software Configuration Guide 33-3 78-15870-01...
Page 810 Switch(config)# bridge 10 protocol vlan-bridge Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# no switchport Switch(config-if)# no shutdown Switch(config-if)# bridge-group 10 Catalyst 3750 Metro Switch Software Configuration Guide 33-4 78-15870-01...
Page 811: Adjusting Spanning-Tree Parameters
Poorly planned adjustments can have a negative impact on performance. A good source on switching is the IEEE 802.1D specification. For more information, refer to the “References and Recommended Reading” appendix in the Cisco IOS Configuration Fundamentals Command Reference.
Page 812: Changing The Interface Priority
Verify your entry. Step 6 copy running-config startup-config (Optional) Save your entry in the configuration file. To return to the default setting, use the no bridge-group bridge-group priority interface configuration command. Catalyst 3750 Metro Switch Software Configuration Guide 33-6 78-15870-01...
Page 813: Assigning A Path Cost
To return to the default path cost, use the no bridge-group bridge-group path-cost interface configuration command. This example shows how to change the path cost to 20 on a port in bridge group 10: Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# bridge-group 10 path-cost 20 Catalyst 3750 Metro Switch Software Configuration Guide 33-7 78-15870-01...
Page 814: Adjusting Bpdu Intervals
To return to the default setting, use the no bridge bridge-group hello-time global configuration command. This example shows how to change the hello interval to 5 seconds in bridge group 10: Switch(config)# bridge 10 hello-time 5 Catalyst 3750 Metro Switch Software Configuration Guide 33-8 78-15870-01...
Page 815 To return to the default setting, use the no bridge bridge-group max-age global configuration command. This example shows how to change the maximum-idle interval to 30 seconds in bridge group 10: Switch(config)# bridge 10 max-age 30 Catalyst 3750 Metro Switch Software Configuration Guide 33-9 78-15870-01...
Page 816: Disabling The Spanning Tree On An Interface
Displays MAC addresses learned in the bridge group. mac-address | verbose] For information about the fields in these displays, refer to the Cisco IOS Bridging and IBM Networking Command Reference for Release 12.1. Catalyst 3750 Metro Switch Software Configuration Guide...
Page 817: Chapter 34 Troubleshooting
C H A P T E R Troubleshooting This chapter describes how to identify and resolve software problems related to the Cisco IOS software on the Catalyst 3750 Metro switch. Additional troubleshooting information is provided in the hardware installation guide.
Page 818: Recovering From Corrupted Software By Using The Xmodem Protocol
From your PC, download the software image tar file (image_filename.tar) from Cisco.com. Step 1 The Cisco IOS image is stored as a bin file in a directory in the tar file. For information about locating the software image files on Cisco.com, refer to the release notes.
Page 819: Recovering From A Lost Or Forgotten Password
Connect a terminal or PC with terminal-emulation software to the switch console port. Step 1 Set the line speed on the emulation software to 9600 baud. Step 2 Power off the switch. Step 3 Catalyst 3750 Metro Switch Software Configuration Guide 34-3 78-15870-01...
Page 820: Procedure With Password Recovery Enabled
Step 4 switch: dir flash: The switch file system appears in the directory. Step 5 Rename the configuration file to config.text.old. This file contains the password definition. switch: rename flash:config.text flash:config.text.old Catalyst 3750 Metro Switch Software Configuration Guide 34-4 78-15870-01...
Page 821 To re-enable the interface, enter the interface vlan vlan-id global configuration command, and specify the VLAN ID of the shutdown interface. With the switch in interface configuration mode, enter the no shutdown command. Reload the switch: Step 14 Switch# reload Catalyst 3750 Metro Switch Software Configuration Guide 34-5 78-15870-01...
Page 822: Procedure With Password Recovery Disabled
Switch (config)# enable secret password The secret password can be from 1 to 25 alphanumeric characters, can start with a number, is case sensitive, and allows spaces but ignores leading spaces. Catalyst 3750 Metro Switch Software Configuration Guide 34-6 78-15870-01...
Page 823: Preventing Autonegotiation Mismatches
If a remote device does not autonegotiate, configure the duplex settings on the two ports to match. The Note speed parameter can adjust itself even if the connected port does not autonegotiate. Catalyst 3750 Metro Switch Software Configuration Guide 34-7 78-15870-01...
Page 824: Sfp Module Security And Identification
If you are using a non-Cisco approved SFP module, remove the SFP module from the switch, and replace it with a Cisco-approved module. After inserting a Cisco-approved SFP module, use the errdisable recovery cause gbic-invalid global configuration command to verify the port status, and enter a time interval for recovering from the error-disabled state.
Page 825: Executing Ping
To terminate a ping session, enter the escape sequence (Ctrl-^ X by default). You enter the default by simultaneously pressing and releasing the Ctrl, Shift, and 6 keys, and then pressing the X key. Catalyst 3750 Metro Switch Software Configuration Guide 34-9...
Page 826: Using Layer 2 Traceroute
Usage Guidelines These are the Layer 2 traceroute usage guidelines: Cisco Discovery Protocol (CDP) must be enabled on all the devices in the network. For Layer 2 • traceroute to function properly, do not disable CDP. If any devices in the physical path are transparent to CDP, the switch cannot identify the path through these devices.
Page 827: Displaying The Physical Path
Traceroute starts by sending a User Datagram Protocol (UDP) datagram to the destination host with the TTL field set to 1. If a router finds a TTL value Catalyst 3750 Metro Switch Software Configuration Guide 34-11...
Page 828: Executing Ip Traceroute
To terminate a trace in progress, enter the escape sequence (Ctrl-^ X by default). You enter the default by simultaneously pressing and releasing the Ctrl, Shift, and 6 keys, and then pressing the X key. Catalyst 3750 Metro Switch Software Configuration Guide 34-12...
Page 829: Using Debug Commands
For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. It is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.
Page 830: Enabling All-System Diagnostics
Most of the information in the output from the command is useful mainly for technical support personnel, who have access to detailed information about the switch application-specific integrated circuits (ASICs). However, packet forwarding information can also be helpful in troubleshooting. Catalyst 3750 Metro Switch Software Configuration Guide 34-14 78-15870-01...
Page 831 VLAN on another port. It should be forwarded from the port on which the address was learned. Switch# show platform forward gigabitethernet1/1/1 vlan 5 1.1.1 0009.43a8.0145 ip 13.1.1.1 13.2.2.2 udp 10 20 Global Port Number:472, Asic Number:1 Src Real Vlan Id:5, Mapped Vlan Id:5 Ingress: Catalyst 3750 Metro Switch Software Configuration Guide 34-15 78-15870-01...
Page 832 Station Descriptor:F0070007, DestIndex:F007, RewriteIndex:0007 ========================================== Egress:Asic 3, switch 1e Output Packets: ------------------------------------------ Packet 1 Lookup Key-Used Index-Hit A-Data OutptACL 50_10010A05_0A010505-00_40000014_000A0000 01FFE 03000000 Port Vlan SrcMac DstMac Dscpv Gi1/0/1 0007 XXXX.XXXX.0246 0009.43A8.0147 Catalyst 3750 Metro Switch Software Configuration Guide 34-16 78-15870-01...
Page 833: Using The Crashinfo File
Cisco IOS image to fail (crash). The switch writes the crash information to the console at the time of the failure, and the file is created the next time you boot the Cisco IOS image after the failure (instead of while the system is failing).
Page 834 Chapter 34 Troubleshooting Using the crashinfo File Catalyst 3750 Metro Switch Software Configuration Guide 34-18 78-15870-01...
Page 835: Supported Mibs
C H A P T E R Supported MIBs This appendix lists the supported MIBs for this release on the Catalyst 3750 Metro switch. It contains these sections: MIB List, page A-1 • • Using FTP to Access the MIB Files, page A-3 MIB List •...
Page 836 • OLD-CISCO-SYS-MIB • OLD-CISCO-TCP-MIB OLD-CISCO-TS-MIB • PIM-MIB • RFC1213-MIB (Functionality is as per the agent capabilities specified in the • CISCO-RFC1213-CAPABILITY.my.) RFC1253-MIB (OSPF-MIB) • • RMON-MIB • RMON2-MIB • SNMP-FRAMEWORK-MIB • SNMP-MPD-MIB Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 837: Using Ftp To Access The Mib Files
• TCP-MIB UDP-MIB • You can also use this URL for a list of supported MIBs for the Catalyst 3750 Metro switch: Note ftp://ftp.cisco.com/pub/mibs/supportlists/cat3750me/cat3750me-supportlist.html You can access other information about MIBs and Cisco products on the Cisco web site: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml...
Page 838 Chapter A Supported MIBs Using FTP to Access the MIB Files Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 839: Appendix
Working with the Cisco IOS File System, Configuration Files, and Software Images This appendix describes how to manipulate the Catalyst 3750 Metro switch flash file system, how to copy configuration files, and how to archive (upload and download) software images to a switch.
Page 840: Displaying Available File Systems
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Displaying Available File Systems To display the available file systems on your switch, use the show file systems privileged EXEC command as shown in this example.
Page 841: Setting The Default File System
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Setting the Default File System You can specify the file system or directory that the system uses as the default file system by using the cd filesystem: privileged EXEC command.
Page 842: Creating And Removing Directories
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Creating and Removing Directories Beginning in privileged EXEC mode, follow these steps to create and remove a directory: Command Purpose...
Page 843: Deleting Files
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Some invalid combinations of source and destination exist. Specifically, you cannot copy these combinations: • From a running configuration to a running configuration •...
Page 844: Creating A Tar File
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Creating a tar File To create a tar file and write files into it, use this privileged EXEC command: archive tar /create destination-url flash:/file-url For destination-url, specify the destination URL alias for the local or network file system and the name of the tar file to create.
Page 845: Extracting A Tar File
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System This example shows how to display only the image-tv0-mz-121/html directory and its contents: Switch# archive tar /table flash:image-tv0-m.tar image-tv0-mz-121/html image-tv0-mz-121/html/ (directory) image-tv0-mz-121/html/foo.html (0 bytes)
Page 846: Working With Configuration Files
This section describes how to create, load, and maintain configuration files. Configuration files contain commands entered to customize the function of the Cisco IOS software. A way to create a basic configuration file is to use the setup program or to enter the setup privileged EXEC command.
Page 847 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Use these guidelines when creating a configuration file: • We recommend that you connect through the console port for the initial configuration of the switch.
Page 848: Preparing To Download Or Upload A Configuration File By Using Tftp
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Step 4 Copy the configuration file to the appropriate server location. For example, copy the file to the TFTP directory on the workstation (usually /tftpboot on a UNIX workstation).
Page 849 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Downloading the Configuration File By Using TFTP To configure the switch by using a configuration file downloaded from a TFTP server, follow these steps: Step 1 Copy the configuration file to the appropriate TFTP directory on the workstation.
Page 850: Copying Configuration Files By Using Ftp
The FTP protocol requires a client to send a remote username and password on each FTP request to a server. When you copy a configuration file from the switch to a server by using FTP, the Cisco IOS software sends the first valid username in this list: The username specified in the copy command if a username is specified.
Page 851: Downloading A Configuration File By Using Ftp
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files NVRAM. If you are accessing the switch through a Telnet session and you have a valid username, this username is used, and you do not need to set the FTP username. Include the username in the copy command if you want to specify a username for only that copy operation.
Page 852: Uploading A Configuration File By Using Ftp
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files This example shows how to specify a remote username of netadmin1. The software copies the configuration file host2-confg from the netadmin1 directory on the remote server with an IP address of 172.16.101.101 to the switch startup configuration.
Page 853: Preparing To Download Or Upload A Configuration File By Using Rcp
The RCP requires a client to send a remote username with each RCP request to a server. When you copy a configuration file from the switch to a server, the Cisco IOS software sends the first valid username in this list: •...
Page 854 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Preparing to Download or Upload a Configuration File By Using RCP Before you begin downloading or uploading a configuration file by using RCP, do these tasks: Ensure that the workstation acting as the RCP server supports the remote shell (rsh).
Page 855 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Command Purpose Step 5 Return to privileged EXEC mode. Step 6 copy Using RCP, copy the configuration file from a network rcp:[[[//[username@]location]/directory]/filename]...
Page 856: Clearing Configuration Information
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Command Purpose Step 4 ip rcmd remote-username username (Optional) Specify the remote username. Step 5 Return to privileged EXEC mode. Step 6...
Page 857: Deleting A Stored Configuration File
Depending on the setting of the file prompt global configuration command, you might be prompted for confirmation before you delete a file. By default, the switch prompts for confirmation on destructive file operations. For more information about the file prompt command, refer to the Cisco IOS Command Reference for Release 12.1.
Page 858 Working with Software Images Image Location on the Switch The Cisco IOS image is stored as a .bin file in a directory that shows the version number. The image is stored on the system board flash memory (flash:). You can use the show version privileged EXEC command to see the software version that is currently running on your switch.
Page 859: Copying Image Files By Using Tftp
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Copying Image Files By Using TFTP You can download a switch image from a TFTP server or upload the image from the switch to a TFTP server.
Page 860 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images • Before uploading the image file, you might need to create an empty file on the TFTP server. To create an empty file, enter the touch filename command, where filename is the name of the file you will use when uploading the image to the server.
Page 861 The archive upload-sw privileged EXEC command builds an image file on the server by uploading the the info file and the Cisco IOS image file. After these files are uploaded, the upload algorithm creates the tar file format.
Page 862: Copying Image Files By Using Ftp
The FTP protocol requires a client to send a remote username and password on each FTP request to a server. When you copy an image file from the switch to a server by using FTP, the Cisco IOS software sends the first valid username in this list: •...
Page 863 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images If the server has a directory structure, the image file is written to or copied from the directory associated with the username on the server. For example, if the image file resides in the home directory of a user on the server, specify that user's name as the remote username.
Page 864 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Command Purpose Step 7 archive download-sw /overwrite /reload Download the image file from the FTP server to the switch, ftp:[[//username[:password]@location]/directory] and overwrite the current image.
Page 865 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images The algorithm installs the downloaded image onto the system board flash device (flash:). The image is placed into a new directory named with the software version string, and the BOOT environment variable is updated to point to the newly installed image.
Page 866: Copying Image Files By Using Rcp
RCP requires a client to send a remote username on each RCP request to a server. When you copy an image from the switch to a server by using RCP, the Cisco IOS software sends the first valid username in this list: The username specified in the archive download-sw or archive upload-sw privileged EXEC •...
Page 867 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images • The remote username associated with the current TTY (terminal) process. For example, if the user is connected to the router through Telnet and was authenticated through the username command, the switch software sends the Telnet username as the remote username.
Page 868 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Command Purpose Step 3 configure terminal Enter global configuration mode. This step is required only if you override the default remote username (see Steps 4 and 5).
Page 869 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Note If the flash device has sufficient space to hold two images and you want to overwrite one of these images with the same version, you must specify the /overwrite option.
Page 870 Working with Software Images The archive upload-sw privileged EXEC command builds an image file on the server by uploading the info file and the Cisco IOS image file. After these files are uploaded, the upload algorithm creates the tar file format.
Page 871: Appendix
This appendix lists some of the command-line interface (CLI) commands that are displayed when you enter the question mark (?) at the Catalyst 3750 Metro switch prompt but are not supported in this release, either because they are not tested, or because of Catalyst 3750 Metro switch hardware limitations.
Page 872: Unsupported Interface Configuration Commands
{forward | discard} [interface-id] bridge bridge-group aging-time seconds bridge bridge-group bitswap_l3_addresses bridge bridge-group bridge ip bridge bridge-group circuit-group circuit-group pause milliseconds bridge bridge-group circuit-group circuit-group source-based Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 873: Unsupported Interface Configuration Commands
[options-keywords] Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 874: Hsrp
Unsupported Privileged EXEC Commands show interfaces [interface-id | vlan vlan-id] [crb | fair-queue | irb | mac-accounting | precedence | irb | random-detect | rate-limit | shape] Unsupported Global Configuration Commands interface tunnel Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 875: Unsupported Interface Configuration Commands
CPU. If the route is hardward-switched, the command has no effect because the CPU does not receive the packet and cannot display it. show ip pim vc [group-address | name] [type number] show ip rtp header-compression [type number] [detail] Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 876: Unsupported Global Configuration Commands
[drop | not-cef-switched] show ip accounting [checkpoint] [output-packets | access-violations] show ip bgp dampened-paths show ip bgp inconsistent-as show ip bgp regexp regular expression show ip prefix-list regular expression Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 877: Unsupported Global Configuration Commands
Unsupported Interface Configuration Commands ip accounting ip load-sharing [per-packet] ip mtu bytes ip route-cache ip verify ip unnumbered type number All ip security commands Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 878: Unsupported Bgp Router Configuration Commands
Layer 2 Protocol Tunneling Unsupported Interface Configuration Commands l2protocol-tunnel [point-to-point [pagp | lacp | udld]] Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 879: Miscellaneous
| name [prefix-list list] (Because BGP/MBGP is not supported, use the ip msdp peer command instead of this command.) RADIUS Unsupported Global Configuration Commands aaa nas port extended radius-server attribute nas-port radius-server configure radius-server extended-portnames Catalyst 3750 Metro Switch Software Configuration Guide 78-15870-01...
Page 880: Snmp
Virtual Forwarding Infrastructure (VFI) Unsupported Global Configuration Commands l2 vfi vfi-name manual All VFI configuration mode commands Unsupported Privileged EXEC Commands debug vfi show vfi VLAN Unsupported vlan-config Commands private-vlan Catalyst 3750 Metro Switch Software Configuration Guide C-10 78-15870-01...
Page 881: Unsupported Privileged Exec Commands
Unsupported User EXEC Commands show vlan ifindex Unsupported Privileged EXEC Commands vtp {password password | pruning | version number}private-vlan Note This command has been replaced by the vtp global configuration command. Catalyst 3750 Metro Switch Software Configuration Guide C-11 78-15870-01...
Page 882 Appendix C Unsupported Commands in Cisco IOS Release12.1(14)AX Catalyst 3750 Metro Switch Software Configuration Guide C-12 78-15870-01...
Page 883: I N D E X
28-28 to QoS 26-8 classifying traffic for QoS access-class command 25-17 26-49 access control entries comments in 25-17 See ACEs compiling 25-20 access-denied response, VMPS 10-28 configuring with VLAN maps 25-34 Catalyst 3750 Metro Switch Software Configuration Guide IN-1 78-15870-01...
Page 884 25-2 advertisements standard IP 19-1 configuring for QoS classification 26-49 IGRP 28-23 creating 25-8 28-18 matching criteria 25-6 10-20, 11-3 supported features aggregate addresses, BGP 25-19 28-58 time ranges 25-15 Catalyst 3750 Metro Switch Software Configuration Guide IN-2 78-15870-01...
Page 885 28-28 AS-path filters, BGP 28-53 See voice VLAN asymmetrical links, and 802.1Q tunneling 13-4 availability features AToM 30-12 attributes, RADIUS vendor-proprietary 7-30 vendor-specific 7-29 BackboneFast audience xxxiii described 16-5 enabling 16-14 Catalyst 3750 Metro Switch Software Configuration Guide IN-3 78-15870-01...
Page 886 Layer 2 protocol-tunneling 28-58 13-11, 13-13 Version 4 28-44 blocking packets 18-5 booting boot loader, function of cables, monitoring for unidirectional links 20-1 boot process caution, described xxxiv manually 3-12 specific image 3-12 Catalyst 3750 Metro Switch Software Configuration Guide IN-4 78-15870-01...
Page 887 Cisco Group Management Protocol client mode, VTP 11-3 See CGMP CLNS Cisco Intelligence Engine 2100 Series Configuration See ISO CLNS Registrar clock See IE2100 See system clock Catalyst 3750 Metro Switch Software Configuration Guide IN-5 78-15870-01...
Page 888 FTP B-13 router ACLs and VLAN maps 25-34 using RCP B-16 RSPAN 21-16 using TFTP SDM templates B-11 guidelines for creating and using SNMP 24-6 invalid combinations when copying SPAN 21-10 Catalyst 3750 Metro Switch Software Configuration Guide IN-6 78-15870-01...
Page 889 CoS output queue threshold map for QoS 26-19 initial switch information CoS-to-DSCP map for QoS 26-59 IP addressing, IP routing 28-4 counters, clearing interface 9-21 IP multicast routing 31-8 crashinfo file 34-17 IS-IS 28-67 Catalyst 3750 Metro Switch Software Configuration Guide IN-7 78-15870-01...
Page 890 3-10, 28-10 and DHCP-based autoconfiguration default networks 28-89 default configuration 5-17 default routes 28-89 displaying the configuration 5-18 default routing 28-2 overview 5-16 deleting VLANs 10-11 setting up 5-17 description command 9-17 Catalyst 3750 Metro Switch Software Configuration Guide IN-8 78-15870-01...
Page 891 26-16 source distribution tree, building 31-7 DSCP output queue threshold map for QoS 26-19 tunnels DSCP-to-CoS map for QoS 26-62 configuring 31-38 DSCP-to-DSCP-mutation map for QoS 26-63 displaying neighbor information 31-41 Catalyst 3750 Metro Switch Software Configuration Guide IN-9 78-15870-01...
Page 892 27-2 configuring 28-39 displaying status 27-19 default configuration 28-38 forwarding methods 27-6, 27-15 definition 28-37 interaction interface parameters, configuring 28-40 with STP 27-9 monitoring 28-42 with VLANs 27-10 enable password Catalyst 3750 Metro Switch Software Configuration Guide IN-10 78-15870-01...
Page 893 RMON 22-3 default configuration 33-3 examples described 33-1 conventions for xxxiv frame forwarding network configuration 1-11 flooding packets 33-2 experimental bits, setting MPLS priority with 30-20 forwarding packets 33-2 overview 33-1 Catalyst 3750 Metro Switch Software Configuration Guide IN-11 78-15870-01...
Page 894 9-15 crashinfo forward-delay time description 34-17 MSTP 15-20 displaying the contents of 34-17 14-21 location 34-17 forwarding equivalence classes 30-2 deleting Forwarding Information Base displaying the contents of See FIB Catalyst 3750 Metro Switch Software Configuration Guide IN-12 78-15870-01...
Page 895 25-18 MSTP 15-19 unreachables and ACLs 25-19 14-20 ICMP ping help, for the command line executing 34-9 hierarchical QoS overview 34-8 See QoS ICMP Router Discovery Protocol See IRDP Catalyst 3750 Metro Switch Software Configuration Guide IN-13 78-15870-01...
Page 896 Version 1 alternate routes 28-24 changing to Version 2 31-28 configuring 28-25 described default configuration 31-3 28-24 described 28-23 exterior routes 28-23 flash updates 28-24 interior routes 28-23 load balancing 28-24 Catalyst 3750 Metro Switch Software Configuration Guide IN-14 78-15870-01...
Page 897 IP addresses physical, identifying classes of 28-5 range of default configuration 28-4 restarting 9-22 discovering 5-26 shutting down for IP routing 9-22 28-4 supported MAC address association 28-7 types of monitoring 28-16 Catalyst 3750 Metro Switch Software Configuration Guide IN-15 78-15870-01...
Page 898 Auto-RP and BSR 31-21 using with Auto-RP 31-21 statistics, displaying system and network 31-50 Cisco implementation 31-2 See also CGMP configuring See also DVMRP basic multicast routing 31-10 IP multicast boundary 31-34 Catalyst 3750 Metro Switch Software Configuration Guide IN-16 78-15870-01...
Page 899 28-88 See also IGRP default See also IS-IS addressing configuration See also OSPF 28-4 gateways 28-10 See also RIP networks 28-89 IRDP routes configuring 28-89 28-11 routing definition 28-2 28-11 Catalyst 3750 Metro Switch Software Configuration Guide IN-17 78-15870-01...
Page 900 See LDP labels, MPLS 30-2 join messages, IGMP 17-2 label switching router See LSR LACP See EtherChannel Layer 2 frames, classification with CoS 26-2 Layer 2 interfaces, default configuration 9-11 Catalyst 3750 Metro Switch Software Configuration Guide IN-18 78-15870-01...
Page 901 See EtherChannel static See LACP adding 5-25 links, unidirectional 20-1 characteristics of 5-24 link state advertisements (LSAs) 28-32 removing 5-25 link-state protocols 28-2 MAC address-to-VLAN mapping 10-28 described 26-29 enabling 26-97 Catalyst 3750 Metro Switch Software Configuration Guide IN-19 78-15870-01...
Page 902 30-22 logging ACL violations 25-14 MSDP peers 32-19 to users through banners multicast router interfaces 5-18 17-11 metrics, in BGP multi-VRF CE 28-51 28-86 metric translations, between routing protocols 28-93 17-18 Catalyst 3750 Metro Switch Software Configuration Guide IN-20 78-15870-01...
Page 903 32-14 packet flow 30-11 filtering to a peer 32-12 MSDP limiting data with TTL 32-14 benefits of 32-3 monitoring 32-19 clearing MSDP connections and statistics 32-19 restricting advertised sources 32-9 Catalyst 3750 Metro Switch Software Configuration Guide IN-21 78-15870-01...
Page 904 15-16 unexpected behavior 15-15 Immediate Leave 17-5 instances supported 14-10 joining 17-2 interface state, blocking to forwarding leaving 16-2 17-4 interoperability and compatibility among modes static joins 14-10 17-9 Catalyst 3750 Metro Switch Software Configuration Guide IN-22 78-15870-01...
Page 905 ACL time ranges 25-15 configuring interfaces 17-17 associations default configuration 17-14 authenticating described 17-12 defined modes 17-16 enabling broadcast messages monitoring 17-18 peer setting global parameters 17-15 server default configuration Catalyst 3750 Metro Switch Software Configuration Guide IN-23 78-15870-01...
Page 906 IDs 28-35 route summarization 28-33 default configuration 31-8 virtual links 28-33 dense mode overview 31-4 rendezvous point (RP), described 31-4 RPF lookups 31-7 packet modification, with QoS 26-41 displaying neighbors 31-50 Catalyst 3750 Metro Switch Software Configuration Guide IN-24 78-15870-01...
Page 907 EAP-request/identity frame policing EAP-response/identity frame egress, described encapsulation 26-24 ingress, described 26-9 guest VLAN token-bucket algorithm 26-10, 26-24 configuration guidelines policy-based routing described See PBR initiation and message exchange method lists 8-11 Catalyst 3750 Metro Switch Software Configuration Guide IN-25 78-15870-01...
Page 908 VMPS 10-28 port blocking 18-5 preferential treatment of traffic port-channel See QoS See EtherChannel prefix lists, BGP 28-54 Port Fast preventing unauthorized access described 16-2 enabling 16-10 mode, spanning tree 10-29 Catalyst 3750 Metro Switch Software Configuration Guide IN-26 78-15870-01...
Page 909 11-4 flowchart, ingress 26-7 pruning-eligible list forwarding treatment 26-3 changing 10-23 in frames and packets 26-3 for VTP pruning 11-4 ingress, defined 26-4 VLANs 11-14 IP ACLs, described 26-6, 26-8 Catalyst 3750 Metro Switch Software Configuration Guide IN-27 78-15870-01...
Page 910 CBWFQ and tail drop 26-86 See also QoS, hierarchical QoS child policy 26-21 tail drop 26-27 classification based on class maps 26-23, 26-78 WRED 26-28 configuration guidelines 26-76 congestion avoidance 26-27 congestion management 26-27 Catalyst 3750 Metro Switch Software Configuration Guide IN-28 78-15870-01...
Page 911 26-8, 26-23 in MPLS networks 30-18 displaying 26-75, 26-101 IP phones QoS label, defined 26-4 automatic classification and queueing 26-29 detection and trusted settings 26-29, 26-46 limiting bandwidth on egress interface 26-74 Catalyst 3750 Metro Switch Software Configuration Guide IN-29 78-15870-01...
Page 912 7-21, 7-28 redundancy communication, per-server 7-20, 7-21 EtherChannel 27-2 multiple UDP ports 7-21 HSRP 29-1 default configuration 7-20 defining AAA server groups 7-25 displaying the configuration 7-31 identifying the server 7-20 Catalyst 3750 Metro Switch Software Configuration Guide IN-30 78-15870-01...
Page 913 1166, IP addresses routed ports 28-5 1253, OSPF 28-28 configuring 28-3 1267, BGP 28-43 defined 1305, NTP IP addresses on 9-18, 28-3 1587, NSSAs route-map command 28-28 28-95 1757, RMON 22-2 Catalyst 3750 Metro Switch Software Configuration Guide IN-31 78-15870-01...
Page 914 21-17 egress hierarchical queues defined 21-3 CBWFQ 26-28, 26-86 limiting source traffic to specific VLANs 21-22 26-29, 26-97 specifying monitored ports 21-17 shaping 26-29, 26-99 with ingress traffic enabled 21-20 Catalyst 3750 Metro Switch Software Configuration Guide IN-32 78-15870-01...
Page 915 24-7 Layer 2 protocols across authentication level 13-11 24-9 MSTP and RSTP 15-1 community strings VPNs in 30-3 configuring 24-7 set-request operation overview 24-4 24-4 configuration examples 24-14 configuration guidelines 24-6 Catalyst 3750 Metro Switch Software Configuration Guide IN-33 78-15870-01...
Page 916 (monitoring) ports 21-12 versions supported 24-2 specifying monitored ports 21-11 SNMPv1 24-2 with ingress traffic enabled 21-13 SNMPv2C 24-2 source ports 21-5 SNMPv3 24-2 transmitted traffic 21-5 snooping, IGMP 17-2 VLAN-based 21-6 Catalyst 3750 Metro Switch Software Configuration Guide IN-34 78-15870-01...
Page 917 BPDU guard default boot configuration 3-11 described 16-3 static access ports enabling 16-11 assigning to VLAN 10-11 BPDU message exchange 14-3 defined 9-3, 10-3 configuration guidelines 14-12, 16-9 static addresses See addresses Catalyst 3750 Metro Switch Software Configuration Guide IN-35 78-15870-01...
Page 918 14-6 timers, described 14-20 listening 14-6 UplinkFast overview described 14-4 16-4 interoperability and compatibility among modes 14-10 enabling 16-13 Layer 2 protocol tunneling 13-10 VLAN-bridge 14-11 limitations with 802.1Q trunks 14-10 Catalyst 3750 Metro Switch Software Configuration Guide IN-36 78-15870-01...
Page 919 IS-IS LSPs 28-70 synchronization, BGP 28-47 configuring 9-19 syslog maximum size supported 9-19 See system message logging system name default configuration 5-15 default setting 5-15 manual configuration 5-15 See also DNS Catalyst 3750 Metro Switch Software Configuration Guide IN-37 78-15870-01...
Page 920 Layer 2 protocol 13-10 time tail drop See NTP and system clock configuring 26-86 time-range command 25-15 described 26-27 time ranges in ACLs 25-15 timestamps in log messages 23-7 time zones 5-12 Catalyst 3750 Metro Switch Software Configuration Guide IN-38 78-15870-01...
Page 921 34-17 802.1Q, configuring 13-6 PIMv1 and PIMv2 interoperability problems defined 31-22 10-4 SFP security and identification described 34-8 9-3, 13-2 show forward command 34-14 incompatibilities with other features 13-6 Catalyst 3750 Metro Switch Software Configuration Guide IN-39 78-15870-01...
Page 922 VLAN ACLs 23-11 unrecognized Type-Length-Value (TLV) support 11-4 See VLAN maps upgrading software images vlan-assignment response, VMPS 10-28 See downloading VLAN configuration See release notes xxxv at bootup 10-8 saving 10-8 Catalyst 3750 Metro Switch Software Configuration Guide IN-40 78-15870-01...
Page 923 25-33 10-24 denying and permitting packets 25-29 normal-range 10-1, 10-4 displaying 25-38 number supported examples parameters 25-33 10-5 with router ACLs port membership modes 25-38 10-3 Catalyst 3750 Metro Switch Software Configuration Guide IN-41 78-15870-01...
Page 924 VLANs 11-1 trust CoS priority of incoming frame and normal-range VLANs 12-5 11-2 configuring ports for voice traffic in client mode, configuring 11-11 802.1P priority tagged frames 12-5 802.1Q frames 12-4 Catalyst 3750 Metro Switch Software Configuration Guide IN-42 78-15870-01...
Page 925 11-3 transparent 11-3, 11-12 monitoring 11-16 passwords 11-8 XMODEM protocol 34-2 pruning disabling 11-14 enabling 11-14 examples 11-5 overview 11-4 pruning-eligible list, changing 10-23 server mode, configuring 11-9 statistics 11-16 Catalyst 3750 Metro Switch Software Configuration Guide IN-43 78-15870-01...
Page 926 Index Catalyst 3750 Metro Switch Software Configuration Guide IN-44 78-15870-01...

Cisco Catalyst 3750 Software Configuration Manual

Chapter 1 Overview

Understanding Command Modes

CHAPTER 2 C H a P T E R 2 Using the Command-Line Interface

Understanding the Help System

Understanding Abbreviated Commands

Understanding no and Default Forms of Commands

Using Command History

Understanding CLI Error Messages

Using Editing Features

Searching and Filtering Output of Show and more Commands

Accessing the CLI

Chapter 3 Assigning the Switch IP Address and Default Gateway

Chapter 4 Configuring IE2100 CNS Agents

Chapter 5 Administering the Switch

Configuring NTP Authentication

Configuring NTP Associations

Configuring NTP Broadcast Service

Configuring NTP Access Restrictions

Configuring the Source IP Address for NTP Packets

Displaying the NTP Configuration

Table

Default MAC Address Table Configuration

Changing the Address Aging Time

Removing Dynamic Address Entries

Configuring MAC Address Notification Traps

Adding and Removing Static Address Entries

Displaying Address Table Entries

Chapter 6 Configuring SDM Templates

CHAPTER 7 Configuring Switch-Based Authentication

Controlling Switch Access with TACACS

Controlling Switch Access with RADIUS

Controlling Switch Access with Kerberos

Configuring the Switch for Local Authentication and Authorization

Configuring the Switch for Secure Shell

CHAPTER 8 Configuring 802.1X Port-Based Authentication

CHAPTER 9 Configuring Interface Characteristics

Chapter 10 Configuring Vlans

Token Ring Vlans

Normal-Range VLAN Configuration Guidelines

VLAN Configuration Mode Options

Saving VLAN Configuration

Default Ethernet VLAN Configuration

Creating or Modifying an Ethernet VLAN

Deleting a VLAN

Assigning Static-Access Ports to a VLAN

Chapter 11 Configuring VTP

Default VTP Configuration

VTP Configuration Options

VTP Configuration Guidelines

Configuring a VTP Server

Configuring a VTP Client

Disabling VTP (VTP Transparent Mode)

Enabling VTP Version 2

Enabling VTP Pruning

Adding a VTP Client Switch to a VTP Domain

Quick Links

Troubleshooting

Related Manuals for Cisco Catalyst 3750

Summary of Contents for Cisco Catalyst 3750