Cisco 3032 Software Configuration Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. Catalyst 3032
  6. Software configuration manual

Cisco 3032 Software Configuration Manual

Hide thumbs Also See for 3032:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
Table of Contents

Advertisement

Quick Links

Download this manual
Cisco Catalyst Blade Switch 3130 and
3032 for Dell Software Configuration
Guide
Cisco IOS Release 12.2(52)SE
October 2009
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-12247-04

Advertisement

Table of Contents
loading

Related Manuals for Cisco 3032

Summary of Contents for Cisco 3032

  • Page 1 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide Cisco IOS Release 12.2(52)SE October 2009 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
  • Page 2 OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

  • Page 3: Table Of Contents

    Understanding Command Modes Understanding the Help System Understanding Abbreviated Commands Understanding no and default Forms of Commands Understanding CLI Error Messages Using Configuration Logging Using Command History Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 4 Modifying the Startup Configuration 3-17 Default Boot Configuration 3-17 Automatically Downloading a Configuration File 3-17 Specifying the Filename to Read and Write the System Configuration 3-18 Booting Manually 3-18 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 5 Effects of Adding a Provisioned Switch to a Switch Stack 5-10 Effects of Replacing a Provisioned Switch in a Switch Stack 5-11 Effects of Removing a Provisioned Switch from a Switch Stack 5-11 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 6 Hardware Loopback Example: LINK OK event 5-32 Hardware Loop Example: LINK NOT OK Event 5-33 Finding a Disconnected Stack Cable 5-33 Fixing a Bad Connection Between Stack Ports 5-34 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 7 Configuring MAC Address Change Notification Traps 6-22 Configuring MAC Address Move Notification Traps 6-24 Configuring MAC Threshold Notification Traps 6-25 Adding and Removing Static Address Entries 6-26 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 8 7-19 RADIUS Change of Authorization 7-20 Overview 7-20 Change-of-Authorization Requests 7-20 CoA Request Response Code 7-22 CoA Request Commands 7-23 Stacking Guidelines for Session Termination 7-25 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide viii OL-12247-04...
  • Page 9 Displaying the SSH Configuration and Status 7-50 Configuring the Switch for Secure Socket Layer HTTP 7-50 Understanding Secure HTTP Servers and Clients 7-50 Certificate Authority Trustpoints 7-51 CipherSuites 7-52 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 10 MAC Move 9-14 802.1x Accounting 9-14 802.1x Accounting Attribute-Value Pairs 9-15 802.1x Readiness Check 9-16 802.1x Authentication with VLAN Assignment 9-16 802.1x Authentication with Per-User ACLs 9-17 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 11 Configuring Voice Aware 802.1x Security 9-40 Configuring the Switch-to-RADIUS-Server Communication 9-41 Configuring the Host Mode 9-42 Configuring Periodic Re-Authentication 9-43 Manually Re-Authenticating a Client Connected to a Port 9-44 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 12 Understanding Web-Based Authentication 10-1 Device Roles 10-2 Host Detection 10-3 Session Creation 10-3 Authentication Process 10-3 Local Web Authentication Banner 10-4 Web Authentication Customizable Web Pages 10-6 Guidelines 10-6 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 13 11-3 Tunnel Ports 11-4 Routed Ports 11-4 Switch Virtual Interfaces 11-5 SVI Autostate Exclude 11-5 EtherChannel Port Groups 11-6 10-Gigabit Ethernet Interfaces 11-6 Connecting Interfaces 11-7 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xiii OL-12247-04...
  • Page 14 Default Smartports Macro Configuration 12-2 Smartports Macro Configuration Guidelines 12-2 Creating Smartports Macros 12-4 Applying Smartports Macros 12-5 Applying Cisco-Default Smartports Macros 12-6 Displaying Smartports Macros 12-8 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 15 Load Sharing Using STP Path Cost 13-25 Configuring VMPS 13-27 Understanding VMPS 13-27 Dynamic-Access Port VLAN Membership 13-28 Default VMPS Client Configuration 13-28 VMPS Configuration Guidelines 13-28 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 16 Enabling the VTP Version 14-15 Enabling VTP Pruning 14-16 Configuring VTP on a Per-Port Basis 14-16 Adding a VTP Client Switch to a VTP Domain 14-17 Monitoring VTP 14-18 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 17 Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port 16-13 Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface 16-14 Monitoring Private VLANs 16-15 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xvii OL-12247-04...
  • Page 18 How a Switch or Port Becomes the Root Switch or Root Port 18-8 Spanning Tree and Redundant Connectivity 18-8 Spanning-Tree Address Management 18-9 Accelerated Aging to Retain Connectivity 18-9 Spanning-Tree Modes and Protocols 18-10 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xviii OL-12247-04...
  • Page 19 Port Role Naming Change 19-6 Interoperation Between Legacy and Standard Switches 19-7 Detecting Unidirectional Link Failure 19-7 MSTP and Switch Stacks 19-8 Interoperability with IEEE 802.1D STP 19-8 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 20 Understanding Cross-Stack UplinkFast 20-5 How CSUF Works 20-6 Events that Cause Fast Convergence 20-7 Understanding BackboneFast 20-7 Understanding EtherChannel Guard 20-10 Understanding Root Guard 20-10 Understanding Loop Guard 20-11 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 21 Configuring VLAN Load Balancing on Flex Links 21-11 Configuring the MAC Address-Table Move Update Feature 21-12 Monitoring Flex Links and the MAC Address-Table Move Update Information 21-14 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 22 Default Port-Based Address Allocation Configuration 22-26 Port-Based Address Allocation Configuration Guidelines 22-26 Enabling DHCP Server Port-Based Address Allocation 22-27 Displaying DHCP Server Port-Based Address Allocation 22-29 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxii OL-12247-04...
  • Page 23 Controlling the Multicast Flooding Time After a TCN Event 24-13 Recovering from Flood Mode 24-13 Disabling Multicast Flooding During a TCN Event 24-14 Configuring the IGMP Snooping Querier 24-14 Disabling IGMP Report Suppression 24-16 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxiii OL-12247-04...
  • Page 24 Configuring a Multicast Router Port 25-8 Enabling MLD Immediate Leave 25-9 Configuring MLD Snooping Queries 25-10 Disabling MLD Listener Message Suppression 25-11 Displaying MLD Snooping Information 25-11 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxiv OL-12247-04...
  • Page 25 Default CDP Configuration 27-2 Configuring the CDP Characteristics 27-2 Disabling and Enabling CDP 27-3 Disabling and Enabling CDP on an Interface 27-4 Monitoring and Maintaining CDP 27-5 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 26 SPAN and RSPAN Concepts and Terminology 30-4 SPAN Sessions 30-4 Monitored Traffic 30-5 Source Ports 30-6 Source VLANs 30-7 VLAN Filtering 30-7 Destination Port 30-8 RSPAN VLAN 30-9 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxvi OL-12247-04...
  • Page 27 C H A P T E R Understanding System Message Logging 32-1 Configuring System Message Logging 32-2 System Log Message Format 32-2 Default System Message Logging Configuration 32-4 Disabling Message Logging 32-4 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxvii OL-12247-04...
  • Page 28 Setting the CPU Threshold Notification Types and Values 33-15 Setting the Agent Contact and Location Information 33-16 Limiting TFTP Servers Used Through SNMP 33-16 SNMP Examples 33-17 Displaying SNMP Status 33-18 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxviii OL-12247-04...
  • Page 29 Applying an IPv4 ACL to a Terminal Line 34-19 Applying an IPv4 ACL to an Interface 34-20 Hardware and Software Treatment of IP ACLs 34-22 Troubleshooting ACLs 34-22 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxix OL-12247-04...
  • Page 30 Default IPv6 ACL Configuration 35-4 Interaction with Other Features and Switches 35-4 Creating IPv6 ACLs 35-4 Applying an IPv6 ACL to an Interface 35-8 Displaying IPv6 ACLs 35-9 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 31 36-33 Configuring IPv6 QoS on Switch Stacks 36-34 Policing Guidelines 36-35 General QoS Guidelines 36-35 Enabling QoS Globally 36-36 Enabling VLAN-Based QoS on Physical Ports 36-36 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxxi OL-12247-04...
  • Page 32 Configuring SRR Shared Weights on Egress Queues 36-83 Configuring the Egress Expedite Queue 36-83 Limiting the Bandwidth on an Egress Interface 36-84 Displaying Standard QoS Information 36-85 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxxii OL-12247-04...
  • Page 33 Understanding Link-State Tracking 37-22 Configuring Link-State Tracking 37-24 Default Link-State Tracking Configuration 37-24 Link-State Tracking Configuration Guidelines 37-24 Configuring Link-State Tracking 37-25 Displaying Link-State Tracking Status 37-26 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxxiii OL-12247-04...
  • Page 34 Configuring Summary Addresses and Split Horizon 38-24 Configuring Split Horizon 38-26 Configuring OSPF 38-26 Default OSPF Configuration 38-28 OSPF Nonstop Forwarding 38-29 Configuring Basic OSPF Parameters 38-30 Configuring OSPF Interfaces 38-31 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxxiv OL-12247-04...
  • Page 35 Nonstop Forwarding Awareness 38-69 Enabling IS-IS Routing 38-70 Configuring IS-IS Global Parameters 38-71 Configuring IS-IS Interface Parameters 38-74 Monitoring and Maintaining ISO IGRP and IS-IS 38-76 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxxv OL-12247-04...
  • Page 36 38-104 Controlling Advertising and Processing in Routing Updates 38-105 Filtering Sources of Routing Information 38-106 Managing Authentication Keys 38-106 Monitoring and Maintaining the IP Network 38-108 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxxvi OL-12247-04...
  • Page 37 DHCPv6 Address Assignment Configuration Guidelines 39-16 Enabling DHCPv6 Server Function 39-17 Enabling DHCPv6 Client Function 39-19 Configuring IPv6 ICMP Rate Limiting 39-19 Configuring CEF and dCEF for IPv6 39-20 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxxvii OL-12247-04...
  • Page 38 Analyzing IP Service Levels by Using the UDP Jitter Operation 41-8 Analyzing IP Service Levels by Using the ICMP Echo Operation 41-10 Monitoring IP SLAs Operations 41-13 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxxviii OL-12247-04...
  • Page 39 C H A P T E R Understanding Cisco’s Implementation of IP Multicast Routing 44-1 Understanding IGMP 44-2 IGMP Version 1 44-3 IGMP Version 2 44-3 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxxix OL-12247-04...
  • Page 40 44-25 Configuring Auto-RP 44-26 Configuring PIMv2 BSR 44-30 Using Auto-RP and a BSR 44-34 Monitoring the RP Mapping Information 44-35 Troubleshooting PIMv1 and PIMv2 Interoperability Problems 44-35 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 41 Adding a Metric Offset to the DVMRP Route 44-60 Monitoring and Maintaining IP Multicast Routing 44-61 Clearing Caches, Tables, and Databases 44-61 Displaying System and Network Statistics 44-62 Monitoring IP Multicast Routing 44-63 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 42 Changing the Interface Priority 46-7 Assigning a Path Cost 46-7 Adjusting BPDU Intervals 46-8 Disabling the Spanning Tree on an Interface 46-10 Monitoring and Maintaining Fallback Bridging 46-11 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xlii OL-12247-04...
  • Page 43 Understanding OBFL 47-22 Configuring OBFL 47-22 Displaying OBFL Information 47-23 Troubleshooting CPU Utilization 47-24 Possible Symptoms of High CPU Utilization 47-24 Verifying the Problem and Cause 47-24 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xliii OL-12247-04...
  • Page 44 Preparing to Download or Upload a Configuration File By Using RCP B-17 Downloading a Configuration File By Using RCP B-18 Uploading a Configuration File By Using RCP B-19 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xliv OL-12247-04...
  • Page 45 Archive Commands Unsupported Privileged EXEC Commands ARP Commands Unsupported Global Configuration Commands Unsupported Interface Configuration Commands Boot Loader Commands Unsupported User EXEC Commands Unsupported Global Configuration Commands Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 46 Unsupported Privileged EXEC Commands C-10 Unsupported Global Configuration Commands C-10 Miscellaneous C-10 Unsupported User EXEC Commands C-10 Unsupported Privileged EXEC Commands C-10 Unsupported Global Configuration Commands C-11 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xlvi OL-12247-04...
  • Page 47 C-13 Unsupported Global Configuration Command C-13 Unsupported User EXEC Commands C-13 Unsupported VLAN Database commands C-14 C-14 Unsupported Privileged EXEC Command C-14 N D E X Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xlvii OL-12247-04...
  • Page 48 Contents Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xlviii OL-12247-04...
  • Page 49 This guide is for the networking professional using the Cisco IOS command-line interface (CLI) to manage the standalone Cisco Catalyst Blade Switch 3130 for Dell or blade switch stack, referred to as the switch. Before using this guide, you should have experience working with the Cisco IOS commands and the switch software features.

  • Page 50: Related Publications

    Means reader be careful. In this situation, you might do something that could result in equipment Caution damage or loss of data. Related Publications These documents provide complete information about the switch and are available from this Cisco.com site: http://www.cisco.com/en/US/products/ps8742/tsd_products_support_series_home.html Before installing, configuring, or upgrading the switch, see these documents: Note For initial configuration information, see the “Using Express Setup”...

  • Page 51: Obtaining Documentation And Submitting A Service Request

    • Device manager online help (available on the switch) • Cisco Catalyst Blade Switch 3130 for Dell and Cisco Catalyst Blade Switch 3032 for Dell Hardware • Installation Guide Cisco Catalyst Blade Switch 3130 for Dell and Cisco Catalyst Blade Switch 3032 for Dell Getting •...
  • Page 52 Preface Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 53: Features

    The cryptographic and noncryptographic universal software images support the IP base and IP services feature sets. To enable a specific feature set, you must have a Cisco IOS software license for that feature set. For more information about the software license, see the Cisco Software Activation for Dell document on Cisco.com.

  • Page 54: Deployment Features

    An embedded device manager GUI for configuring and monitoring a single switch through a web • browser. For information about starting the device manager, see the getting started guide. For more information about the device manager, see the switch online help. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 55: Chapter 1 Overview

    – – Automatic Cisco IOS version-check of new stack members with the option to automatically load images from the stack master or from a TFTP server. Adding, removing, and replacing switches in the stack without disrupting the operation of the –...

  • Page 56: Performance Features

    Features Performance Features The switch ships with these performance features: Cisco EnergyWise to manage the energy usage of power over Ethernet (PoE) entities • For more information, see the Cisco EnergyWise Version 2 Configuration Guide on Cisco.com. Autosensing of port speed and autonegotiation of duplex mode on all switch ports for optimizing •...

  • Page 57: Management Options

    Network Assistant—Network Assistant is a network management application that can be • downloaded from Cisco.com. You use it to manage a single switch, a cluster of switches, or a community of devices. For more information about Network Assistant, see Getting Started with Cisco Network Assistant, available on Cisco.com.

  • Page 58: Manageability Features

    Network Time Protocol (NTP) for providing a consistent time stamp to all switches from an external • source Cisco IOS File System (IFS) for providing a single interface to all file systems that the switch uses • Configuration logging to log and to view changes to the switch configuration •...
  • Page 59 VLAN, class of service (CoS), differentiated services code point (DSCP), and tagging mode CPU utilization threshold trap to monitor CPU utilization The HTTP client in Cisco IOS supports can send requests to both IPv4 and IPv6 HTTP servers, and •...

  • Page 60: Availability And Redundancy Features

    Equal-cost routing for link-level and switch-level redundancy • Flex Link Layer 2 interfaces to back up one another as an alternative to STP for basic link • redundancy Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 61: Vlan Features

    Features • Link-state tracking to mirror the state of the ports that carry upstream traffic from connected hosts and servers and to allow the failover of the server traffic to an operational link on another Cisco Ethernet switch • Support for VTP version 3 that includes support for configuring extended range VLANs (VLANs...

  • Page 62: Security Features

    STP, CDP, and VTP information about all users Layer 2 point-to-point tunneling to facilitate the automatic creation of EtherChannels • Layer 2 protocol tunneling bypass feature to provide interoperability with third-party vendors • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 1-10 OL-12247-04...
  • Page 63 – Port security for controlling access to IEEE 802.1x ports – Voice VLAN to permit a Cisco IP Phone to access the voice VLAN regardless of the authorized – or unauthorized state of the port IP phone detection enhancement to detect and recognize a Cisco IP phone –...
  • Page 64 When there is a change in policy for a user or user group in AAA, administrators can send the RADIUS CoA packets from the AAA server, such as Cisco Secure ACS to reinitialize authentication, and apply to the new policies.

  • Page 65: Qos And Cos Features

    Trusted port states (CoS, DSCP, and IP precedence) within a QoS domain and with a port – bordering another QoS domain Trusted boundary for detecting the presence of a Cisco IP Phone, trusting the CoS value – received, and ensuring port security •...

  • Page 66: Layer 3 Features

    IP routing between VLANs (inter-VLAN routing) for full Layer 3 routing between two or more • VLANs, allowing each VLAN to maintain its own autonomous data-link domain Policy-based routing (PBR) for configuring defined policies for traffic flows • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 1-14 OL-12247-04...
  • Page 67 VLAN from the SVI line-state up or down calculation Intermediate System-to-Intermediate System (IS-IS) routing supports dynamic routing protocols for • Connectionless Network Service (CLNS) networks (requires the IP services feature set) Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 1-15 OL-12247-04...

  • Page 68: Monitoring Features

    • Support for EEM 3.2, which introduces event detectors for Neighbor Discovery, Identity, and MAC-Address-Table. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 1-16 OL-12247-04...

  • Page 69: Default Settings After Initial Switch Configuration

    The standard HTTP server and Secure Socket Layer (SSL) HTTPS server are both enabled. For more • information, see Chapter 7, “Configuring Switch-Based Authentication.” IEEE 802.1x is disabled. For more information, see Chapter 9, “Configuring IEEE 802.1x • Port-Based Authentication.” Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 1-17 OL-12247-04...
  • Page 70 IGMP snooping is enabled. No IGMP filters are applied. For more information, see Chapter 24, • “Configuring IGMP Snooping and MVR.” IGMP throttling setting is deny. For more information, see Chapter 24, “Configuring IGMP • Snooping and MVR.” Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 1-18 OL-12247-04...
  • Page 71 MSDP is disabled. For more information, see Chapter 45, “Configuring MSDP.” • Fallback bridging is not configured. For more information, see Chapter 46, “Configuring Fallback • Bridging.” Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 1-19 OL-12247-04...

  • Page 72: Network Configuration Examples

    Use the EtherChannel feature between the switch and its connected servers and • e-mail with large attached files) routers. and from bandwidth-intensive applications (such as multimedia) Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 1-20 OL-12247-04...
  • Page 73 Gigabit multilayer switch in the backbone, such as a Catalyst 4500 Gigabit switch or Catalyst 6500 Gigabit switch. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 1-21...
  • Page 74 The various lengths of stack cable available, ranging from 0.5 meter to 3 meters, provide extended connections to the switch stacks across multiple server racks, for multiple stack aggregation. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 1-22...

  • Page 75: Small To Medium-Sized Network

    Cisco CallManager controls call processing and routing. Users with workstations running Cisco SoftPhone software can place, receive, and control calls from their PCs. Using Cisco CallManager software and Cisco SoftPhone software integrates telephony and IP networks, and the IP network supports both voice and data.

  • Page 76: Where To Go Next

    Before configuring the switch, review these sections for startup information: Chapter 2, “Using the Command-Line Interface” • Chapter 3, “Assigning the Switch IP Address and Default Gateway” • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 1-24 OL-12247-04...

  • Page 77: Understanding Command Modes

    C H A P T E R Using the Command-Line Interface This chapter describes the Cisco IOS command-line interface (CLI) and how to use it to configure your standalone switch or a switch stack, referred to as the switch. It contains these sections: Understanding Command Modes, page 2-1 •...

  • Page 78: C H A P T E R 2 Using The Command-Line Interface

    To return to console command. privileged EXEC mode, press Ctrl-Z or enter end. For more detailed information on the command modes, see the command reference guide for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 79: Understanding The Help System

    You need to enter only enough characters for the switch to recognize the command as unique. This example shows how to enter the show configuration privileged EXEC command in an abbreviated form: Switch# show conf Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 80: Understanding No And Default Forms Of Commands

    The caret (^) marks the that are available in this command mode. point of the error. The possible keywords that you can enter with the command appear. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 81: Using Configuration Logging

    You can choose to have the notifications sent to the syslog. For more information, see the “Configuration Change Notification and Logging” section of the Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.4 at this URL: http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080454f...

  • Page 82: Using Editing Features

    These procedures are optional. To globally disable enhanced editing mode, enter this command in line configuration mode: Switch (config-line)# no editing Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 83: Editing Commands Through Keystrokes

    Press Ctrl-W. Delete the word to the left of the cursor. Press Esc D. Delete from the cursor to the end of the word. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 84: Editing Command Lines That Wrap

    Switch(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1 Switch(config)# $ 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.25 Switch(config)# $t tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq Switch(config)# $108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq 45 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 85: Searching And Filtering Output Of Show And More Commands

    If you want to configure a specific stack member port, you must include the stack member number in the CLI command interface notation. For more information about interface notations, see the “Using Interface Configuration Mode” section on page 11-8. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 86: Accessing The Cli Through A Console Connection Or Through Telnet

    After you connect through the console port, through the Ethernet management port, through a Telnet session or through an SSH session, the user EXEC prompt appears on the management station. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 2-10...

  • Page 87: Understanding The Boot Process

    Note For complete syntax and usage information for the commands used in this chapter, see the command reference for this release and the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2. This chapter consists of these sections: Understanding the Boot Process, page 3-1 •...

  • Page 88: C H A P T E R 3 Assigning The Switch Ip Address And Default Gateway

    You can still manage the stack through the same IP address even if you remove the stack master or any other stack member from the stack, provided there is IP connectivity. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 89: Default Switch Information

    The switch can act as both a DHCP client and a DHCP server. During DHCP-based autoconfiguration, your switch (DHCP client) is automatically configured at startup with IP address information and a configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 90: Dhcp Client Request Process

    The amount of information the switch receives depends on how you configure the DHCP server. For more information, see the “Configuring the TFTP Server” section on page 3-7. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 91: Understanding Dhcp-Based Autoconfiguration And Image Update

    If the new configuration is downloaded to a switch that already has a configuration, the downloaded configuration is appended to the configuration file stored on the switch. (Any existing configuration is not overwritten by the downloaded one.) Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 92: Limitations And Restrictions

    Example Configuration, page 3-10 • If your DHCP server is a Cisco device, see the “Configuring DHCP” section of the “IP Addressing and Services” section of the Cisco IOS IP Configuration Guide, Release 12.2 for additional information about configuring DHCP.

  • Page 93: Dhcp Server Configuration Guidelines

    The switch can act as a DHCP server. By default, the Cisco IOS DHCP server and relay agent features are enabled on your switch but are not configured. These features are not operational. If your DHCP server is a Cisco device, for additional information about configuring DHCP, see the “Configuring...

  • Page 94: Configuring The Dns

    If the relay device is a Cisco router, enable IP routing (ip routing global configuration command), and configure helper addresses by using the ip helper-address interface configuration command.

  • Page 95: Obtaining Configuration Files

    If the switch cannot read the network-confg, cisconet.cfg, or the hostname file, it reads the router-confg file. If the switch cannot read the router-confg file, it reads the ciscortr.cfg file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 96: Example Configuration

    (optional) Hostname (optional) switcha switchb switchc switchd DNS Server Configuration The DNS server maps the TFTP server name tftpserver to IP address 10.0.0.3. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-10 OL-12247-04...

  • Page 97: Configuring The Dhcp Auto Configuration And Image Update Features

    Create a name for the DHCP Server address pool, and enter DHCP pool configuration mode. Step 3 bootfile filename Specify the name of the configuration file that is used as a boot image. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-11 OL-12247-04...

  • Page 98: Configuring Dhcp Auto-Image Update (Configuration File And Image)

    In the text file, put the name of the image that you want to download. This image must be a tar and not a bin file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-12...
  • Page 99 Switch(config)# tftp-server flash:config-boot.text Switch(config)# tftp-server flash:cbs31x0-ipservices-mz.122-44.3.SE.tar Switch(config)# tftp-server flash:boot-config.text Switch(config)# tftp-server flash: autoinstall_dhcp Switch(config)# interface gigabitethernet1/0/4 Switch(config-if)# no switchport Switch(config-if)# ip address 10.10.10.1 255.255.255.0 Switch(config-if)# end Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-13 OL-12247-04...

  • Page 100: Configuring The Client

    (next boot: enabled) Switch# You should only configure and enable the Layer 3 interface. Do not assign an IP address or DHCP-based Note autoconfiguration with a saved configuration. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-14 OL-12247-04...

  • Page 101: Manually Assigning Ip Information

    IP addresses. The MAC addresses that appear in the show interfaces vlan vlan-id command output are not the same as the MAC address that is printed on the switch label (the base MAC address). Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-15...

  • Page 102: Checking And Saving The Running Configuration

    To store the configuration or changes you have made to your startup configuration in flash memory, enter this privileged EXEC command: Switch# copy running-config startup-config Destination filename [startup-config]? Building configuration... Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-16 OL-12247-04...

  • Page 103: Modifying The Startup Configuration

    The Cisco IOS image is stored in a directory that has the same name as the image file (excluding the .bin extension).

  • Page 104: Specifying The Filename To Read And Write The System Configuration

    Specifying the Filename to Read and Write the System Configuration By default, the Cisco IOS software uses the file config.text to read and write a nonvolatile copy of the system configuration. However, you can specify a different filename, which will be loaded during the next boot cycle.

  • Page 105: Booting A Specific Software Image

    • Use number to specify a stack member. Use all to specify all stack members. • Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-19 OL-12247-04...

  • Page 106: Controlling Environment Variables

    Cisco IOS configuration file can be stored as an environment variable. You can change the settings of the environment variables by accessing the boot loader or by using Cisco IOS commands. Under normal circumstances, it is not necessary to alter the setting of the environment variables.
  • Page 107 Changes the priority value of a stack member. Changes the priority value of a stack member This command is supported only on Note stacking-capable switches. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-21 OL-12247-04...

  • Page 108: Scheduling A Reload Of The Software Image

    (if the specified time is later than the current time) or on the next day (if the specified time is earlier than the current time). Specifying 00:00 schedules the reload for midnight. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-22...

  • Page 109: Displaying Scheduled Reload Information

    It displays reload information including the time the reload is scheduled to occur and the reason for the reload (if it was specified when the reload was scheduled). Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-23...
  • Page 110 Chapter 3 Assigning the Switch IP Address and Default Gateway Scheduling a Reload of the Software Image Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-24 OL-12247-04...

  • Page 111: Understanding Cisco Configuration Engine Software

    For complete configuration information for the Cisco Configuration Engine, go to Note http://www.cisco.com/en/US/products/sw/netmgtsw/ps4617/tsd_products_support_series_home.html For complete syntax and usage information for the commands used in this chapter, go to the Cisco IOS Network Management Command Reference, Release 12.4 at http://www.cisco.com/en/US/docs/ios/netmgmt/command/reference/nm_book.html This chapter consists of these sections: •...

  • Page 112: C H A P T E R 4 Configuring Cisco Ios Configuration Engine

    (LDAP) URLs that reference the device-specific configuration information stored in a directory. The Cisco IOS agent can perform a syntax check on received configuration files and publish events to show the success or failure of the syntax check. The configuration agent can either apply configurations immediately or delay the application until receipt of a synchronization event from the configuration server.

  • Page 113: Event Service

    ID, and event. Cisco IOS devices recognize only event subject-names that match those configured in Cisco IOS software; for example, cisco.cns.config.load. You can use the namespace mapping service to designate events by using any desired naming convention.

  • Page 114: Deviceid

    Therefore, the DeviceID, as originated on the switch, must match the DeviceID of the corresponding switch definition in the Configuration Engine. The origin of the DeviceID is defined by the Cisco IOS hostname of the switch. However, the DeviceID variable and its usage reside within the event gateway adjacent to the switch.

  • Page 115: Understanding Cisco Ios Agents

    Understanding Cisco IOS Agents The CNS event agent feature allows the switch to publish and subscribe to events on the event bus and works with the Cisco IOS agent. The Cisco IOS agent feature supports the switch by providing these features: •...

  • Page 116: Incremental (Partial) Configuration

    NVRAM for use at the next reboot. Configuring Cisco IOS Agents The Cisco IOS agents embedded in the switch Cisco IOS software allow the switch to be connected and automatically configured as described in the “Enabling Automated CNS Configuration” section on page 4-7.

  • Page 117: Enabling Automated Cns Configuration

    For more information about running the setup program and creating templates on the Configuration Note Engine, see the Cisco Configuration Engine Installation and Setup Guide, 1.5 for Linux at http://www.cisco.com/en/US/docs/net_mgmt/configuration_engine/1.5/installation_linux/guide/setup_ 1.html Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide...

  • Page 118: Enabling The Cns Event Agent

    This example shows how to enable the CNS event agent, set the IP address gateway to 10.180.1.27, set 120 seconds as the keepalive interval, and set 10 as the retry count. Switch(config)# cns event 10.180.1.27 keepalive 120 10 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 119: Enabling The Cisco Ios Cns Agent

    Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Enabling the Cisco IOS CNS Agent After enabling the CNS event agent, start the Cisco IOS CNS agent on the switch. You can enable the Cisco IOS agent with these commands: •...
  • Page 120 Enter the hostname for the switch. Step 12 ip route network-number (Optional) Establish a static route to the Configuration Engine whose IP address is network-number. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 4-10 OL-12247-04...
  • Page 121 ID, enter an arbitrary text string for string string as the unique ID, or enter udi to set the unique device identifier (UDI) as the unique ID. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 4-11 OL-12247-04...
  • Page 122 Verify your entries. To disable the CNS Cisco IOS agent, use the no cns config initial {ip-address | hostname} global configuration command. This example shows how to configure an initial configuration on a remote switch when the switch configuration is unknown (the CNS Zero Touch feature).

  • Page 123: Enabling A Partial Configuration

    RemoteSwitch(config)# cns id ethernet 0 ipaddress RemoteSwitch(config)# cns config initial 172.28.129.22 no-persist Enabling a Partial Configuration Beginning in privileged EXEC mode, follow these steps to enable the Cisco IOS agent and to initiate a partial configuration on the switch: Command...

  • Page 124: Displaying Cns Configuration

    Displays statistics about the CNS event agent. show cns event subject Displays a list of event agent subjects that are subscribed to by applications. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 4-14 OL-12247-04...

  • Page 125: Understanding Switch Stacks

    One of the switches controls the operation of the stack and is called the stack master. The stack master and the other switches in the stack are all stack members. The stack members use the Cisco StackWise Plus technology to work together as a unified system. Layer 2 and Layer 3 protocols present the entire switch stack as a single entity to the network.

  • Page 126: Chapter 5 Managing Switch Stack

    Major Version Number Incompatibility Among Switches, page 5-12 – Minor Version Number Incompatibility Among Switches, page 5-13 – Incompatible Software and Stack Member Image Upgrades, page 5-16 – Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 127: Switch Stack Membership

    Reconnect them to the original switch stack through their StackWise Plus ports. Power on the switches. For more information about cabling and powering switch stacks, see the “Switch Installation” chapter in the hardware installation guide. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 128 Blade switch Enclosure 1 Blade switch Stack member 1 Blade switch Blade switch Enclosure 2 Blade switch Blade switch Blade switch Stack member 2 and stack master Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 129 Stack member 1 Blade switch Blade switch Blade switch Stack member 1 Enclosure Stack member 1 Blade switch Blade switch Blade switch Stack member 2 and stack master Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 130: Stack Master Election And Re-Election

    We recommend assigning the highest priority value to the switch that you prefer to be the Note stack master. This ensures that the switch is re-elected as stack master if a re-election occurs. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 131 As described in the hardware installation guide, you can use the Master LED on the switch to see if the switch is the stack master. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 132: Switch Stack Bridge Id And Router Mac Address

    If you merge switch stacks, the switches that join the switch stack of a new stack master select the • the lowest available numbers in the stack. For more information about merging switch stacks, see “Switch Stack Membership” section on page 5-3. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 133: Stack Member Priority Values

    Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 134: Effects Of Adding A Provisioned Switch To A Switch Stack

    The switch type of the provisioned switch does not match the switch type in the provisioned configuration on the stack. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-10 OL-12247-04...

  • Page 135: Effects Of Replacing A Provisioned Switch In A Switch Stack

    If you remove a provisioned switch from the switch stack, the configuration associated with the removed stack member remains in the running configuration as provisioned information. To completely remove the configuration, use the no switch stack-member-number provision global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-11 OL-12247-04...

  • Page 136: Hardware Compatibility And Sdm Mismatch Mode In Switch Stacks

    “Hardware Compatibility and SDM Mismatch Mode in Switch Stacks” section on page 5-12. All stack members must run the same Cisco IOS software image and feature set to ensure compatibility between stack members. For example, all stack members should run the cryptographic universal software image and have the IP services feature set enabled for Cisco IOS Release 12.2(40)EX1 or later.

  • Page 137: Minor Version Number Incompatibility Among Switches

    If you have both StackWise Plus cables connected during the reload, network downtime does not occur because the switch stack operates on two rings. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-13...

  • Page 138: Auto-Upgrade And Auto-Advise Example Messages

    *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:archiving cbs31x0-universal-mz.122-40.EX1/cbs31x0-universal-mz.122-40.EX.bin (4945851 bytes) *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:archiving cbs31x0-universal-mz.122-40.EX1/info (450 bytes) *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:archiving info (104 bytes) *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:examining image... *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:extracting info (104 bytes) Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-14 OL-12247-04...
  • Page 139 1 00:01:15.547:%STACKMGR-6-SWITCH_ADDED_VM:Switch 1 has been ADDED to the stack (VERSION_MISMATCH) stack_2# *Mar 1 00:03:15.554:%IMAGEMGR-6-AUTO_COPY_SW_INITIATED:Auto-copy-software process initiated for switch number(s) 1 *Mar 1 00:03:15.554:%IMAGEMGR-6-AUTO_COPY_SW: *Mar 1 00:03:15.554:%IMAGEMGR-6-AUTO_COPY_SW:Searching for stack member to act Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-15 OL-12247-04...

  • Page 140: Incompatible Software And Stack Member Image Upgrades

    We recommend that all stack members run Cisco IOS Release 12.2(40)EX1 or later. The Note interface-specific settings of the stack master are saved if the stack master is replaced without saving the running configuration to the startup configuration.

  • Page 141: Additional Considerations For System-Wide Configuration On Switch Stacks

    “Working with the Cisco IOS File System, Configuration Files, and Software Images.” Additional Considerations for System-Wide Configuration on Switch Stacks These sections provide additional considerations for configuring system-wide features on switch stacks: “Planning and Creating Clusters” chapter in the Getting Started with Cisco Network Assistant, • available on Cisco.com “MAC Addresses and Switch Stacks”...

  • Page 142: Switch Stack Management Connectivity

    IP base or IP services feature set be the stack master. Encryption features are unavailable if the stack master is running the noncryptographic software image. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-18...

  • Page 143: Connectivity To The Switch Stack Through Console Ports Or Ethernet Management Ports

    Restart both stack members at the same time. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-19 OL-12247-04...
  • Page 144 Ensure that both stack members have the same stack member number. If necessary, use the switch current-stack-member-number renumber new-stack-member-number global configuration command. Restart both stack members at the same time. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-20 OL-12247-04...

  • Page 145: Configuring The Switch Stack

    Default Switch Stack Configuration Feature Default Setting Stack MAC address timer Disabled. Stack member number Stack member priority value Offline configuration The switch stack is not provisioned. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-21 OL-12247-04...

  • Page 146: Enabling Persistent Mac Address

    If the entire switch stack reloads, it uses with the MAC address of the stack master as the stack MAC Note address. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-22 OL-12247-04...
  • Page 147 (Optional) Save your entries in the configuration file. Use the no stack-mac persistent timer global configuration command to disable the persistent MAC address feature. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-23 OL-12247-04...

  • Page 148: Assigning Stack Member Information

    Reset the stack member. Step 5 show switch Verify the stack member number. Step 6 copy running-config startup-config Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-24 OL-12247-04...

  • Page 149: Setting The Stack Member Priority Value

    See Step 1. For type, enter the model number of a supported switch that is listed in the command-line help strings. Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-25 OL-12247-04...

  • Page 150: Accessing The Cli Of A Specific Stack Member

    . Enter exit to return to the CLI Switch-2# Switch# session on the master. Only the show and debug commands are available on a specific member. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-26 OL-12247-04...

  • Page 151: Displaying Switch Stack Information

    Understanding the show switch stack-ports summary Output, page 5-29 • Identifying Loopback Problems, page 5-30 • Finding a Disconnected Stack Cable, page 5-33 • Fixing a Bad Connection Between Stack Ports, page 5-34 • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-27 OL-12247-04...

  • Page 152: Manually Disabling A Stack Port

    If Switch 4 is powered on first, you might need to enter the switch 1 stack port 1 enable and the switch 4 stack port 2 enable privileged EXEC commands to bring up the link. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-28...

  • Page 153: Understanding The Show Switch Stack-Ports Summary Output

    No—At least one stack port on the member has an attached stack • cable. • Yes—None of the stack ports on the member has an attached stack cable. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-29 OL-12247-04...

  • Page 154: Identifying Loopback Problems

    Length Active Changes Loopback Status To LinkOK -------- ------ -------- -------- ---- ------ ---- --------- -------- Down None 50 cm 50 cm Down None 50 cm Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-30 OL-12247-04...

  • Page 155: Software Loopback Example: No Connected Stack Cable

    --------- -------- 50 cm 50 cm The port status shows that Switch 2 is a standalone switch. – The ports can send and receive traffic. – Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-31 OL-12247-04...

  • Page 156: Hardware Loopback

    FF01FF00 00017C07 00000000 0000FFFF 0CE60C10 No /No Event type: RAC 0000000154 FF01FF00 860351A5 55A5FFFF FFFFFFFF 0CE60C10 No /No 50 cm 0000000154 FF01FF00 00017C85 00000000 0000FFFF 0CE60C10 No /No Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-32 OL-12247-04...

  • Page 157: Hardware Loop Example: Link Not Ok Event

    If you disconnect the cable from Port 2 on Switch 1, these messages appear: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 2 has changed to state DOWN %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 1 has changed to state DOWN Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-33 OL-12247-04...

  • Page 158: Fixing A Bad Connection Between Stack Ports

    The Cable Length value is 50 cm. The switch detects and correctly identifies the cable. • The connection between Port 2 on Switch 1 and Port 1 on Switch 2 is unreliable on at least one of the connector pins. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-34 OL-12247-04...

  • Page 159: Managing The System Time And Date

    You can manage the system time and date on your switch using automatic configuration, such as the Network Time Protocol (NTP), or manual configuration methods. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Configuration Fundamentals Command Reference, Release 12.2.

  • Page 160: Chapter 6 Administering The Switch

    Cisco’s implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that the time service for your network be derived from the public NTP servers available on the IP Internet.

  • Page 161: Configuring Ntp

    Blade servers If the network is isolated from the Internet, Cisco’s implementation of NTP allows a device to act as if it is synchronized through NTP, when in fact it has learned the time by using other means. Other devices then synchronize to that device through NTP.

  • Page 162: Default Ntp Configuration

    NTP that provide for accurate timekeeping) with other devices for security purposes: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ntp authenticate Enable the NTP authentication feature, which is disabled by default. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 163: Configuring Ntp Associations

    (meaning that only this switch synchronizes to the other device, and not the other way around). Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 164: Configuring Ntp Broadcast Service

    However, in a LAN environment, NTP can be configured to use IP broadcast messages instead. This alternative reduces configuration complexity because each device can simply be configured to send or receive broadcast messages. However, the information flow is one-way only. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 165 Enable the interface to receive NTP broadcast packets. By default, no interfaces receive NTP broadcast packets. Step 4 exit Return to global configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 166: Configuring Ntp Access Restrictions

    NTP control queries and allows the • switch to synchronize to the remote device. For access-list-number, enter a standard IP access list number from 1 to 99. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 167 99. However, the switch restricts access to allow only time requests from access list 42: Switch# configure terminal Switch(config)# ntp access-group peer 99 Switch(config)# ntp access-group serve-only 42 Switch(config)# access-list 99 permit 172.20.130.5 Switch(config)# access list 42 permit 172.20.130.6 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 168: Configuring The Source Ip Address For Ntp Packets

    “Configuring NTP Associations” section on page 6-5. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-10 OL-12247-04...

  • Page 169: Displaying The Ntp Configuration

    • show ntp status • For detailed information about the fields in these displays, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2. Configuring Time and Date Manually If no other source of time is available, you can manually configure the time and date after the system is restarted.

  • Page 170: Displaying The Time And Date Configuration

    In this case, the necessary command is clock timezone AST -3 30. To set the time to UTC, use the no clock timezone global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-12...

  • Page 171: Configuring Summer Time (Daylight Saving Time)

    This example shows how to specify that summer time starts on the first Sunday in April at 02:00 and ends on the last Sunday in October at 02:00: Switch(config)# clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-13 OL-12247-04...

  • Page 172: Configuring A System Name And Prompt

    9. When you use this command, the stack member number is appended to the system prompt. For example, is the prompt in privileged EXEC mode for stack member 2, and the system prompt Switch-2# for the switch stack is Switch Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-14 OL-12247-04...

  • Page 173: Default System Name And Prompt Configuration

    Administering the Switch Configuring a System Name and Prompt For complete syntax and usage information for the commands used in this section, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 and the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2.

  • Page 174: Default Dns Configuration

    If your network devices require connectivity with devices in networks for which you do not control name assignment, you can dynamically assign device names that uniquely identify your devices by using the global Internet naming scheme (DNS). Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-16 OL-12247-04...

  • Page 175: Displaying The Dns Configuration

    If there is a period (.) in the hostname, the Cisco IOS software looks up the IP address without appending any default domain name to the hostname.

  • Page 176: Configuring A Message-Of-The-Day Login Banner

    Configuring a Login Banner You can configure a login banner to be displayed on all connected terminals. This banner appears after the MOTD banner and before the login prompt. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-18 OL-12247-04...

  • Page 177: Managing The Mac Address Table

    MAC Addresses and VLANs, page 6-20 • MAC Addresses and Switch Stacks, page 6-21 • Default MAC Address Table Configuration, page 6-21 • Changing the Address Aging Time, page 6-21 • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-19 OL-12247-04...

  • Page 178: Building The Address Table

    VLAN, you should also configure the same static MAC address in all associated VLANs. For more information about private VLANs, see Chapter 16, “Configuring Private VLANs.” Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-20 OL-12247-04...

  • Page 179: Mac Addresses And Switch Stacks

    (Optional) Save your entries in the configuration file. To return to the default value, use the no mac address-table aging-time global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-21 OL-12247-04...

  • Page 180: Removing Dynamic Address Entries

    Enable the switch to send MAC address change notification traps to the NMS. Step 4 mac address-table notification change Enable the MAC address change notification feature. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-22 OL-12247-04...
  • Page 181 Switch(config-if)# snmp trap mac-notification change added You can verify your settings by entering the show mac address-table notification change interface and the show mac address-table notification change privileged EXEC commands. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-23 OL-12247-04...

  • Page 182: Configuring Mac Address Move Notification Traps

    Switch(config)# snmp-server enable traps mac-notification move Switch(config)# mac address-table notification mac-move You can verify your settings by entering the show mac address-table notification mac-move privileged EXEC commands. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-24 OL-12247-04...

  • Page 183: Configuring Mac Threshold Notification Traps

    Return to privileged EXEC mode. Step 7 show mac address-table notification threshold Verify your entries. show running-config Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-25 OL-12247-04...

  • Page 184: Adding And Removing Static Address Entries

    VLAN are not replicated in the associated VLAN. For more information about private VLANs, see Chapter 16, “Configuring Private VLANs.” Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-26 OL-12247-04...

  • Page 185: Configuring Unicast Mac Address Filtering

    % Only unicast addresses can be configured to be dropped % CPU destined address cannot be configured as drop address Packets that are forwarded to the CPU are also not supported. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-27 OL-12247-04...

  • Page 186: Disabling Mac Address Learning On A Vlan

    Disabling MAC address learning on a VLAN could cause flooding in the network. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-28 OL-12247-04...
  • Page 187 You can display the MAC address learning status of all VLANs or a specified VLAN by entering the show mac-address-table learning [vlan vlan-id] privileged EXEC command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-29 OL-12247-04...

  • Page 188: Displaying Address Table Entries

    ARP entries added manually to the table do not age and must be manually removed. For CLI procedures, see the Cisco IOS Release 12.2 documentation on Cisco.com. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-30...

  • Page 189: Configuring Switch-Based Authentication

    (with associated rights and privileges) to each username and password pair. For more information, see the “Configuring Username and Password Pairs” section on page 7-6. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 190: Default Password And Privilege Level Configuration

    Password protection restricts access to a network or network device. Privilege levels define what commands users can enter after they have logged into a network device. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Security Command Reference, Release 12.2.

  • Page 191: Setting Or Changing A Static Enable Password

    We recommend that you use the enable secret command because it uses an improved encryption algorithm. If you configure the enable secret command, it takes precedence over the enable password command; the two commands cannot be in effect simultaneously. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 192 To remove a password and level, use the no enable password [level level] or no enable secret [level level] global configuration command. To disable password encryption, use the no service password-encryption global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 193: Disabling Password Recovery

    Disable password recovery. This setting is saved in an area of the flash memory that is accessible by the bootloader and the Cisco IOS image, but it is not part of the file system and is not accessible by any user.

  • Page 194: Setting A Telnet Password For A Terminal Line

    If you have defined privilege levels, you can also assign a specific privilege level (with associated rights and privileges) to each username and password pair. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 195: Configuring Multiple Privilege Levels

    Configuring Multiple Privilege Levels By default, the Cisco IOS software has two modes of password security: user EXEC and privileged EXEC. You can configure up to 16 hierarchical levels of commands for each mode. By configuring multiple passwords, you can allow different sets of users to have access to specified commands.

  • Page 196: Setting The Privilege Level For A Command

    This example shows how to set the configure command to privilege level 14 and define SecretPswd14 as the password users must enter to use level 14 commands: Switch(config)# privilege exec level 14 configure Switch(config)# enable password level 14 SecretPswd14 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 197: Changing The Default Privilege Level For Lines

    Log in to a specified privilege level. For level, the range is 0 to 15. Step 2 disable level Exit to a specified privilege level. For level, the range is 0 to 15. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 198: Controlling Switch Access With Tacacs

    (AAA) and can be enabled only through AAA commands. Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS Security Command Reference, Release 12.2. These sections contain this configuration information: •...
  • Page 199 TACACS+ daemon are encrypted. You need a system running the TACACS+ daemon software to use TACACS+ on your switch. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-11 OL-12247-04...

  • Page 200: Tacacs+ Operation

    This process continues until there is successful communication with a listed method or the method list is exhausted. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-12 OL-12247-04...

  • Page 201: Default Tacacs+ Configuration

    TACACS+ daemon. You must configure the same key on the TACACS+ daemon for encryption to be successful. Step 3 aaa new-model Enable AAA. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-13 OL-12247-04...

  • Page 202: Configuring Tacacs+ Login Authentication

    Beginning in privileged EXEC mode, follow these steps to configure login authentication: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-14 OL-12247-04...
  • Page 203 Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-15 OL-12247-04...

  • Page 204: Configuring Tacacs+ Authorization For Privileged Exec Access And Network Services

    Configuring AAA authentication does not secure the switch for HTTP access by using AAA methods. For more information about the ip http authentication command, see the Cisco IOS Security Command Reference, Release 12.2.

  • Page 205: Starting Tacacs+ Accounting

    RADIUS is facilitated through AAA and can be enabled only through AAA commands. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Security Command Reference, Release 12.2.

  • Page 206: Understanding Radius

    Switch-to-switch or router-to-router situations. RADIUS does not provide two-way authentication. • RADIUS can be used to authenticate from one device to a non-Cisco device if the non-Cisco device requires authentication. Networks using a variety of services. RADIUS generally binds a user to one service model.

  • Page 207: Radius Operation

    REJECT packets includes these items: Telnet, SSH, rlogin, or privileged EXEC services • Connection parameters, including the host or client IP address, access list, and user timeouts • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-19 OL-12247-04...

  • Page 208: Radius Change Of Authorization

    RADIUS Change of Authorization (CoA) extensions defined in RFC 5176 that are typically used in a pushed model and allow for the dynamic reconfiguring of sessions from external authentication, authorization, and accounting (AAA) or policy servers. Beginning with Cisco IOS Release 12.2(52)SE, the switch supports these per-session CoA requests: Session reauthentication •...

  • Page 209: Coa Request Response Code

    Administratively Prohibited Request Not Routable (Proxy) Session Context Not Found Session Context Not Removable Other Proxy Processing Error Resources Unavailable Request Initiated Multiple Session Selection Unsupported Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-21 OL-12247-04...
  • Page 210 If the authorization state is changed successfully, a positive acknowledgement (ACK) is sent. The attributes returned within CoA ACK will vary based on the CoA Request and are discussed in individual CoA Commands. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-22 OL-12247-04...
  • Page 211 • • CoA Disconnect-Request CoA Request: Disable Host Port • • CoA Request: Bounce-Port Beginning with Cisco IOS Release 12.2(52)SE, the switch supports the commands shown in Table 7-4. Table 7-4 CoA Commands Supported on the Switch Command Cisco VSA Reauthenticate host Cisco:Avpair=“subscriber:command=reauthenticate”...
  • Page 212 Disconnect-ACK is sent with the “Session Context Not Found” error-code attribute. CoA Request: Disable Host Port This command is carried in a standard CoA-Request message that has this new VSA: Cisco:Avpair="subscriber:command=disable-host-port" Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-24 OL-12247-04...

  • Page 213: Stacking Guidelines For Session Termination

    (which is subsequently removed). If the stack master fails before sending a CoA-ACK message, the new stack master treats the re-sent command as a new command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-25 OL-12247-04...

  • Page 214: Configuring Radius

    (optional) • Configuring CoA on the Switch, page 7-38 Monitoring and Troubleshooting CoA Functionality, page 7-39 • Configuring RADIUS Server Load Balancing, page 7-39 (optional) • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-26 OL-12247-04...

  • Page 215: Default Radius Configuration

    You can configure the switch to use AAA server groups to group existing server hosts for authentication. For more information, see the “Defining AAA Server Groups” section on page 7-31. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-27 OL-12247-04...
  • Page 216 (Optional) Save your entries in the configuration file. To remove the specified RADIUS server, use the no radius-server host hostname | ip-address global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-28 OL-12247-04...

  • Page 217: Configuring Radius Login Authentication

    Beginning in privileged EXEC mode, follow these steps to configure login authentication. This procedure is required. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-29 OL-12247-04...
  • Page 218 Step 4 line [console | tty | vty] line-number Enter line configuration mode, and configure the lines to which you want [ending-line-number] to apply the authentication list. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-30 OL-12247-04...

  • Page 219: Defining Aaa Server Groups

    Configuring AAA authentication does not secure the switch for HTTP access by using AAA methods. For more information about the ip http authentication command, see the Cisco IOS Security Command Reference, Release 12.2.
  • Page 220 Each server in the group must be previously defined in Step 2. Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-32 OL-12247-04...

  • Page 221: Configuring Radius Authorization For User Privileged Access And Network Services

    Step 1 configure terminal Enter global configuration mode. Step 2 aaa authorization network radius Configure the switch for user RADIUS authorization for all network-related service requests. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-33 OL-12247-04...

  • Page 222: Starting Radius Accounting

    (AV) pairs and is stored on the security server. This data can then be analyzed for network management, client billing, or auditing. Beginning in privileged EXEC mode, follow these steps to enable RADIUS accounting for each Cisco IOS privilege level and for network services:...

  • Page 223: Configuring Settings For All Radius Servers

    1, which is named cisco-avpair. The value is a string with this format: protocol : attribute sep value * Protocol is a value of the Cisco protocol attribute for a particular type of authorization. Attribute and value are an appropriate attribute-value (AV) pair defined in the Cisco TACACS+ specification, and sep is = for mandatory attributes and is * for optional attributes.
  • Page 224 Chapter 7 Configuring Switch-Based Authentication Controlling Switch Access with RADIUS For example, this AV pair activates Cisco’s multiple named ip address pools feature during IP authorization (during PPP IPCP address assignment): cisco-avpair= ”ip:addr-pool=first“ This example shows how to provide a user logging in from a switch with immediate access to privileged EXEC commands: cisco-avpair= ”shell:priv-lvl=15“...

  • Page 225: Configuring The Switch For Vendor-Proprietary Radius Server Communication

    Although an IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the switch and the RADIUS server, some vendors have extended the RADIUS attribute set in a unique way. Cisco IOS software supports a subset of vendor-proprietary RADIUS attributes.

  • Page 226: Configuring Coa On The Switch

    To disable AAA, use the no aaa new-model global configuration command. To disable the AAA server functionality on the switch, use the no aaa server radius dynamic authorization global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-38 OL-12247-04...

  • Page 227: Monitoring And Troubleshooting Coa Functionality

    Chapter 7 Configuring Switch-Based Authentication Controlling Switch Access with Kerberos Monitoring and Troubleshooting CoA Functionality The following Cisco IOS commands can be used to monitor and troubleshoot CoA functionality on the switch: debug radius • debug aaa coa • debug aaa pod •...

  • Page 228: Understanding Kerberos

    Controlling Switch Access with Kerberos For complete syntax and usage information for the commands used in this section, see the “Kerberos Commands” section in the “Security Server Protocols” chapter of the Cisco IOS Security Command Reference, Release 12.2, at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_reference_book09186a...
  • Page 229 Kerberos versions, the network service authenticates an encrypted service credential by using the KEYTAB to decrypt it. In Kerberos versions earlier than Kerberos 5, KEYTAB is referred to as SRVTAB Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-41 OL-12247-04...

  • Page 230: Kerberos Operation

    The switch prompts the user for a username and password. The switch requests a TGT from the KDC for this user. The KDC sends an encrypted TGT that includes the user identity to the switch. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-42 OL-12247-04...

  • Page 231: Obtaining A Tgt From A Kdc

    KDC and obtain a TGT from the KDC to access network services. For instructions about how to authenticate to a KDC, see the “Obtaining a TGT from a KDC” section in the “Security Server Protocols” chapter of the Cisco IOS Security Configuration Guide, Release 12.2, at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_book09186a...

  • Page 232: Configuring The Switch For Local Authentication And Authorization

    Configure the switch to use the Kerberos protocol. • For instructions, see the “Kerberos Configuration Task List” section in the “Security Server Protocols” chapter of the Cisco IOS Security Configuration Guide, Release 12.2, at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter0918 6a00800ca7ad.html Configuring the Switch for Local Authentication and...

  • Page 233: Configuring The Switch For Secure Shell

    6a00800ca7d5.html For complete syntax and usage information for the commands used in this section, see the command Note reference for this release and the command reference for Cisco IOS Release 12.2 at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_reference_book09186a 0080087e33.html Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide...

  • Page 234: Understanding Ssh

    You can use an SSH client to connect to a switch running the SSH server. The SSH server works with the SSH client supported in this release and with non-Cisco SSH clients. The SSH client also works with the SSH server supported in this release and with non-Cisco SSH servers.

  • Page 235: Limitations

    IP domain name by using the ip domain-name global configuration command. • When configuring the local authentication and authorization authentication method, make sure that AAA is disabled on the console. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-47 OL-12247-04...

  • Page 236: Setting Up The Switch To Run Ssh

    To delete the RSA key pair, use the crypto key zeroize rsa global configuration command. After the RSA key pair is deleted, the SSH server is automatically disabled. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-48...

  • Page 237: Configuring The Ssh Server

    (Optional) Save your entries in the configuration file. To return to the default SSH control parameters, use the no ip ssh {timeout | authentication-retries} global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-49 OL-12247-04...

  • Page 238: Displaying The Ssh Configuration And Status

    Displaying Secure HTTP Server and Client Status, page 7-56 • For configuration examples and complete syntax and usage information for the commands used in this section, see the “HTTPS - HTTP Server and Client with SSL 3.0” feature description for Cisco IOS Release 12.2(15)T at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a008015a4c6.

  • Page 239: Certificate Authority Trustpoints

    (pages) back to the HTTP secure server, which, in turn, responds to the original request. The primary role of the HTTP secure client (the web browser) is to respond to Cisco IOS application requests for HTTPS User Agent services, perform HTTPS User Agent services for the application, and pass the response back to the application.

  • Page 240: Ciphersuites

    RSA (in conjunction with the specified encryption and digest algorithm combinations) is used for both key generation and authentication on SSL connections. This usage is independent of whether or not a CA trustpoint is configured. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-52 OL-12247-04...

  • Page 241: Configuring Secure Http Servers And Clients

    Specify a local configuration name for the CA trustpoint and enter CA trustpoint configuration mode. Step 6 enrollment url url Specify the URL to which the switch should send certificate requests. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-53 OL-12247-04...

  • Page 242: Configuring The Secure Http Server

    (Optional) Specify the port number to be used for the HTTPS server. The default port number is 443. Valid options are 443 or any number in the range 1025 to 65535. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-54 OL-12247-04...
  • Page 243 IP address or hostname of the server switch. If you configure a port other than the default port, you must also specify the port number after the URL. For example: https://209.165.129:1026 https://host.domain.com:1026 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-55 OL-12247-04...

  • Page 244: Configuring The Secure Http Client

    Shows the HTTP secure client configuration. secure status show ip http server Shows the HTTP secure server configuration. secure status show running-config Shows the generated self-signed certificate for secure HTTP connections. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-56 OL-12247-04...

  • Page 245: Configuring The Switch For Secure Copy Protocol

    A user who has appropriate authorization can use SCP to copy any file in the Cisco IOS File System (IFS) to and from a switch by using the copy command. An authorized administrator can also do this from a workstation.
  • Page 246 Chapter 7 Configuring Switch-Based Authentication Configuring the Switch for Secure Copy Protocol Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-58 OL-12247-04...

  • Page 247: Understanding The Sdm Templates

    Default—The default template gives balance to all functions. • • Access—The access template maximizes system resources for access control lists (ACLs) to accommodate a large number of ACLs. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 248: Chapter 8 Configuring Sdm Template

    IPv4 and IPv6 template. Template estimations are based on a switch with 8 routed interfaces and 1024 VLANs. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 249: Sdm Templates And Switch Stacks

    This example shows the output from the show switch privileged EXEC command when an SDM mismatch exists: Switch# show switch Current Switch# Role Mac Address Priority State ------------------------------------------------------------ Master 000a.fdfd.0100 Ready Member 0003.fd63.9c00 SDM Mismatch Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 250: Configuring The Switch Sdm Template

    Using the dual stack template results in less hardware capacity allowed for each resource, so do not • use it if you plan to forward only IPv4 traffic. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 251: Setting The Sdm Template

    If you enter the show sdm prefer command before you enter the reload privileged EXEC command, the show sdm prefer command shows the template currently in use and the template that will become active after a reload. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 252: Displaying The Sdm Templates

    0.5K number of security aces: Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 253 0.5K number of IPv4/MAC security aces: 0.5K number of IPv6 policy based routing aces: 0.25K number of IPv6 qos aces: 0.5K number of IPv6 security aces: 0.5K Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 254 Chapter 8 Configuring SDM Templates Displaying the SDM Templates Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 255: Understanding Ieee 802.1X Port-Based Authentication

    For complete syntax and usage information for the commands used in this chapter, see the “RADIUS Note Commands” section in the Cisco IOS Security Command Reference, Release 12.2 and the command reference or this release. This chapter consists of these sections: Understanding IEEE 802.1x Port-Based Authentication, page 9-1...

  • Page 256: C H A P T E R 9 Configuring Ieee 802.1X Port-Based Authentication

    Multidomain Authentication, page 9-29 • Flexible Authentication Ordering, page 9-28 • Open1x Authentication, page 9-28 • • 802.1x Supplicant and Authenticator Switches with Network Edge Access Topology (NEAT), page 9-30 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 257: 802.1X Device Roles

    Authentication Protocol (EAP) extensions is the only supported authentication server. It is available in Cisco Secure Access Control Server Version 3.0 or later. RADIUS operates in a client/server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients.

  • Page 258: Authentication Process

    RADIUS-configured or the user-specified access VLAN. Note Inaccessible authentication bypass is also referred to as critical authentication or the AAA fail policy. Figure 9-2 shows the authentication process. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 259 (critical authentication) to assign the critical port to a VLAN. Done 1 = This occurs if the switch does not detect EAPOL packets from the client. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 260: Authentication Initiation And Message Exchange

    VLAN that provides limited services, or network access is not granted. For more information, see the “Ports in Authorized and Unauthorized States” section on page 9-11. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...
  • Page 261 VLAN. If the switch detects an EAPOL packet while waiting for an Ethernet packet, the switch stops the MAC authentication bypass process and stops 802.1x authentication. Figure 9-4 shows the message exchange during MAC authentication bypass. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 262: Authentication Manager

    RADIUS Access/Accept Authentication Manager In Cisco IOS Release 12.2(46)SE and earlier, you could not use the same authorization methods, including CLI commands and messages, on this switch and also on other network devices, such as Catalyst 6000 switches. You had to use separate authentication configurations. Cisco IOS Release 12.2(50)SE and later supports the same authorization methods on all Catalyst switches in a network.

  • Page 263: Port-Based Authentication Methods

    1. MDA = Multidomain authentication. 2. Also referred to as multiauth. 3. Supported in Cisco IOS Release 12.2(50)SE and later. 4. For clients that do not support 802.1x authentication. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-12247-04...

  • Page 264: Per-User Acls And Filter-Ids

    ACL configured on another device running Cisco IOS software, such as a Catalyst 6000 switch. In Cisco IOS Release 12.2(50)SE or later, the ACLs configured on the switch are compatible with other devices running Cisco IOS release.

  • Page 265: Ports In Authorized And Unauthorized States

    Because no response is received, the client begins sending frames as if the port is in the authorized state. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-11...

  • Page 266: 802.1X Authentication And Switch Stacks

    If the switch that failed comes up and rejoins the switch stack, the authentications might or might not fail depending on the boot-up time and whether the connectivity to the RADIUS server is re-established by the time the authentication is attempted. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-12 OL-12247-04...

  • Page 267: X Host Mode

    Multiple-authentication mode is limited to eight authentications (hosts) per port. Note Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-13 OL-12247-04...

  • Page 268: Mac Move

    • The switch does not log 802.1x accounting information. Instead, it sends this information to the RADIUS server, which must be configured to log accounting messages. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-14 OL-12247-04...

  • Page 269: X Accounting Attribute-Value Pairs

    You can view the AV pairs that are being sent by the switch by entering the debug radius accounting privileged EXEC command. For more information about this command, see the Cisco IOS Debug Command Reference, Release 12.2 at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_reference_book09186a...

  • Page 270: X Readiness Check

    Enabling port security does not impact the RADIUS server-assigned VLAN behavior. • If 802.1x authentication is disabled on the port, it is returned to the configured access VLAN and • configured voice VLAN. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-16 OL-12247-04...

  • Page 271: X Authentication With Per-User Acls

    ACL. Outgoing routed packets are filtered by the router ACL. To avoid configuration conflicts, you should carefully plan the user profiles stored on the RADIUS server. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-17 OL-12247-04...

  • Page 272: X Authentication With Downloadable Acls And Redirect Urls

    If the RADIUS server does not allow the .in or .out syntax, the access list is applied to the outbound ACL by default. Because of limited support of Cisco IOS access lists on the switch, the Filter-Id attribute is supported only for IP ACLs numbered 1 to 199 and 1300 to 2699 (IP standard and IP extended ACLs).

  • Page 273: Cisco Secure Acs And Attribute-Value Pairs For The Redirect Url

    ACL, this ACL takes precedence over the default ACL that is configured on the switch port. However, if the switch receives an host access policy from the Cisco Secure ACS but the default ACL is not configured, the authorization failure is declared.

  • Page 274: Vlan Id-Based Mac Authentication

    The feature also limits the number of VLANs monitored and handled by STP.The network can be managed as a fixed VLAN. This feature is not supported on Cisco ACS Server. (The ACS server ignores the sent VLAN-IDs for new Note hosts and only authenticates based on the MAC address.)

  • Page 275: X Authentication With Restricted Vlan

    VLAN or to a VLAN sent by the RADIUS server. You can disable re-authentication. If you do this, the only way to restart the authentication process is for the port to Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-21...

  • Page 276: X Authentication With Inaccessible Authentication Bypass

    VLAN. The authentication event server dead action reinitialize vlan vlan-id interface configuration command is supported on all host modes. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-22 OL-12247-04...

  • Page 277: Authentication Results

    RADIUS-configured or user-specified access VLAN and the voice VLAN must be different. Remote Switched Port Analyzer (RSPAN)—Do not configure an RSPAN VLAN as the • RADIUS-configured or user-specified access VLAN for inaccessible authentication bypass. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-23 OL-12247-04...

  • Page 278: X Authentication With Voice Vlan Ports

    If you enable 802.1x authentication on an access port on which a voice VLAN is configured and to which Note a Cisco IP Phone is connected, the Cisco IP phone loses connectivity to the switch for up to 30 seconds. For more information about voice VLANs, see Chapter 15, “Configuring Voice VLAN.”...

  • Page 279: X Authentication With Wake-On-Lan

    When you configure a port as bidirectional by using the dot1x control-direction both interface configuration command, the port is access-controlled in both directions. The port does not receive packets from or send packets to the host. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-25 OL-12247-04...

  • Page 280: X User Distribution

    After detecting a client on an 802.1x port, the switch waits for an Ethernet packet from the client. The switch sends the authentication server a RADIUS-access/request frame with Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-26...
  • Page 281 IEEE 802.1x port is authenticated with MAC authentication bypass, including hosts in the exception list. For more configuration information, see the “Authentication Manager” section on page 9-8. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-27 OL-12247-04...

  • Page 282: Network Admission Control Layer 2 802.1X Validation

    Multiple-authentication mode with open authentication–Similar to MDA, except multiple hosts can • be authenticated. For more information see the “Configuring the Host Mode” section on page 9-42. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-28 OL-12247-04...

  • Page 283: Multidomain Authentication

    The switch supports multidomain authentication (MDA), which allows both a data device and voice device, such as an IP phone (Cisco or non-Cisco), to authenticate on the same switch port. The port is divided into a data domain and a voice domain.

  • Page 284: Voice Aware 802.1X Security

    Auto enablement: Automatically enables trunk configuration on the authenticator switch, allowing • user traffic from multiple VLANs coming from supplicant switches. Configure the cisco-av-pair as device-traffic-class=switch at the ACS. (You can configure this under the group or the user settings.)

  • Page 285: Guidelines

    Configuring 802.1x Violation Modes, page 9-36 • Configuring Voice Aware 802.1x Security, page 9-40 • Configuring the Switch-to-RADIUS-Server Communication, page 9-41 (required) • Configuring the Host Mode, page 9-42 (optional) • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-31 OL-12247-04...

  • Page 286: Default 802.1X Authentication Configuration

    The port sends and receives normal traffic without 802.1x-based authentication of the client. Disabled. RADIUS server IP address None specified. • • UDP authentication port 1812. • • None specified. • • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-32 OL-12247-04...
  • Page 287 This setting is not configurable.) Guest VLAN None specified. Inaccessible authentication bypass Disabled. Restricted VLAN None specified. Authenticator (switch) mode None specified. MAC authentication bypass Disabled. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-33 OL-12247-04...

  • Page 288: 802.1X Authentication Configuration Guidelines

    802.1x authentication is disabled until the port is removed as a SPAN or RSPAN destination port. You can enable 802.1x authentication on a SPAN or RSPAN source port. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-34...

  • Page 289: Vlan Assignment, Guest Vlan, Restricted Vlan, And Inaccessible Authentication Bypass

    802.1x authentication and EtherChannel are configured. • If you are using a device running the Cisco Access Control Server (ACS) application for IEEE 802.1x authentication with EAP-Transparent LAN Services (TLS) and EAP-MD5, make sure that the device is running ACS Version 3.2.1 or later.

  • Page 290: Mac Authentication Bypass

    • In single-host mode, only one device is allowed on the access VLAN. If the port is also configured with a voice VLAN, an unlimited number of Cisco IP phones can send and receive traffic through the voice VLAN. In multidomain authentication (MDA) mode, one device is allowed for the access VLAN, and one •...

  • Page 291: Configuring 802.1X Authentication

    Step 3 VLAN assignment is enabled, as appropriate, based on the RADIUS server configuration. Step 4 The switch sends a start message to an accounting server. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-37 OL-12247-04...
  • Page 292 Step 11 Return to privileged EXEC mode. Step 12 show dot1x Verify your entries. Step 13 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-38 OL-12247-04...

  • Page 293: Configuring 802.1X Readiness Check

    802.1x-capable: switch# dot1x test eapol-capable interface gigabitethernet1/0/13 DOT1X_PORT_EAPOL_CAPABLE:DOT1X: MAC 00-01-02-4b-f1-a3 on gigabitethernet1/0/13 is EAPOL capable Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-39 OL-12247-04...

  • Page 294: Configuring Voice Aware 802.1X Security

    Return to privileged EXEC mode. Step 7 show errdisable detect Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-40 OL-12247-04...

  • Page 295: Configuring The Switch-To-Radius-Server Communication

    (Optional) Save your entries in the configuration file. To delete the specified RADIUS server, use the no radius-server host {hostname | ip-address} global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-41 OL-12247-04...

  • Page 296: Configuring The Host Mode

    IEEE 802.1x-authorized port that has the dot1x port-control interface configuration command set to auto. Use the multi-domain keyword to configure and enable multidomain authentication (MDA), which allows both a host and a voice device, such as an IP phone (Cisco or non-Cisco), on the same switch port. This procedure is optional.

  • Page 297: Configuring Periodic Re-Authentication

    Specify the port to be configured, and enter interface configuration mode. Step 3 authentication periodic Enable periodic re-authentication of the client, which is disabled by default. dot1x reauthentication Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-43 OL-12247-04...

  • Page 298: Manually Re-Authenticating A Client Connected To A Port

    “Configuring Periodic Re-Authentication” section on page 9-43. This example shows how to manually re-authenticate the client connected to a port: Switch# dot1x re-authenticate interface gigabitethernet2/0/1 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-44 OL-12247-04...

  • Page 299: Changing The Quiet Period

    This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the port to be configured, and enter interface configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-45 OL-12247-04...

  • Page 300: Setting The Switch-To-Client Frame-Retransmission Number

    (Optional) Save your entries in the configuration file. To return to the default retransmission number, use the no dot1x max-req interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-46 OL-12247-04...

  • Page 301: Setting The Re-Authentication Number

    Beginning in privileged EXEC mode, follow these steps to globally enable MAC move on the switch. This procedure is optional. Command Purpose configure terminal Enter global configuration mode. authentication mac-move permit Enable Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-47 OL-12247-04...

  • Page 302: Configuring 802.1X Accounting

    (Optional) Saves your entries in the configuration file. Use the show radius statistics privileged EXEC command to display the number of RADIUS messages that do not receive the accounting response message. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-48 OL-12247-04...

  • Page 303: Configuring A Guest Vlan

    The port returns to the unauthorized state. This example shows how to enable VLAN 2 as an 802.1x guest VLAN: Switch(config)# interface gigabitethernet2/0/2 Switch(config-if)# dot1x guest-vlan 2 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-49 OL-12247-04...

  • Page 304: Configuring A Restricted Vlan

    Step 7 show authentication interface-id (Optional) Verify your entries. show dot1x interface interface-id Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-50 OL-12247-04...
  • Page 305 This example shows how to set 2 as the number of authentication attempts allowed before the port moves to the restricted VLAN: Switch(config-if)# dot1x auth-fail max-attempts 2 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-51 OL-12247-04...

  • Page 306: Configuring The Inaccessible Authentication Bypass Feature

    (Optional) Set the number of minutes that a RADIUS server is not sent requests. The range is from 0 to 1440 minutes (24 hours). The default is 0 minutes. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-52 OL-12247-04...
  • Page 307 The range is from 1 to 10000 milliseconds. The default is 1000 milliseconds (a port can be re-initialized every second). Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-53 OL-12247-04...
  • Page 308 Switch(config)# dot1x critical recovery delay 2000 Switch(config)# interface gigabitethernet 1/0/1 Switch(config)# radius-server deadtime 60 Switch(config-if)# dot1x critical Switch(config-if)# dot1x critical recovery action reinitialize Switch(config-if)# dot1x critical vlan 20 Switch(config-if)# end Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-54 OL-12247-04...

  • Page 309: Configuring 802.1X User Distribution

    This example shows how to clear all the VLAN groups: switch(config)# no vlan group end-dept vlan-list all switch(config)# show vlan-group all For more information about these commands, see the Cisco IOS Security Command Reference. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-55...

  • Page 310: Configuring 802.1X Authentication With Wol

    For the supported port types, see the “802.1x Authentication Configuration Guidelines” section on page 9-34. Step 3 authentication port-control auto Enable 802.1x authentication on the port. dot1x port-control auto Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-56 OL-12247-04...

  • Page 311: Configuring Nac Layer 2 802.1X Validation

    Session-Timeout RADIUS attribute (Attribute[27]) and the Termination-Action RADIUS attribute (Attribute [29]). This command affects the behavior of the switch only if periodic re-authentication is enabled. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-57 OL-12247-04...

  • Page 312: Configuring An Authenticator And A Supplicant Switch With Neat

    “802.1x Supplicant and Authenticator Switches with Network Edge Access Topology (NEAT)” section on page 9-30. The cisco-av-pairs must be configured as device-traffic-class=switch on the ACS, which sets the Note interface as a trunk after the supplicant is successfully authenticated. Beginning in privileged EXEC mode, follow these steps to configure a switch as an authenticator:...
  • Page 313 Switch(config)# dot1x supplicant force-multicast Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# switchport trunk encapsulation dot1q Switch(config-if)# switchport mode trunk Switch(config-if)# dot1x pae supplicant Switch(config-if)# dot1x credentials test Switch(config-if)# end Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-59 OL-12247-04...

  • Page 314: Configuring 802.1X Authentication With Downloadable Acls And Redirect Urls

    The acl-id is an access list name or number. Step 8 show running-config interface interface-id Verify your configuration. Step 9 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-60 OL-12247-04...

  • Page 315: Configuring A Downloadable Policy

    Configures the network access server to recognize and use vendor-specific attributes. The downloadable ACL must be operational. Note Step 11 Returns to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-61 OL-12247-04...

  • Page 316: Configuring Vlan Id-Based Mac Authentication

    There is no show command to confirm the status of VLAN ID-based MAC authentication. You can use the debug radius accounting privileged EXEC command to confirm the RADIUS attribute 32. For more information about this command, see the Cisco IOS Debug Command Reference, Release 12.2 at this URL: http://www.cisco.com/en/US/docs/ios/debug/command/reference/db_q1.html#wp1123741...

  • Page 317: Configuring Open1X

    (Optional) Save your entries in the configuration file. This example shows how to configure open 1x on a port: Switch# configure terminal Switch(config)# interface gigabitethernet 1/0/1 Switch(config)# authentication control-direction both Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-63 OL-12247-04...

  • Page 318: Disabling 802.1X Authentication On The Port

    Enter interface configuration mode, and specify the port to be configured. Step 3 dot1x default Reset the 802.1x parameters to the default values. Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-64 OL-12247-04...

  • Page 319: Displaying 802.1X Statistics And Status

    EXEC command. For detailed information about the fields in these displays, see the command reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-65 OL-12247-04...
  • Page 320 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Displaying 802.1x Statistics and Status Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-66 OL-12247-04...

  • Page 321: Understanding Web-Based Authentication

    If the user exceeds the maximum number of attempts, web-based authentication forwards a Login-Expired HTML page to the host, and the user is placed on a watch list for a waiting period. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-1 OL-12247-04...

  • Page 322: C H A P T E R 10 Configuring Web-Based Authentication

    Figure 10-1 shows the roles of these devices in a network: Figure 10-1 Web-Based Authentication Device Roles Authentication Catalyst switch server (RADIUS) Cisco Router Workstations (clients) Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-2 OL-12247-04...

  • Page 323: Host Detection

    After the watch list times out, the user can retry the authentication process. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-3...

  • Page 324: Local Web Authentication Banner

    You create a banner by using the ip admission auth-proxy-banner http global configuration command. The default banner Cisco Systems and Switch host-name Authentication appear on the Login Page. Cisco Systems appears on the authentication result pop-up page, as shown in Figure 10-2.
  • Page 325 Login Screen With No Banner For more information, see the Cisco IOS Security Command Reference and the “Configuring a Web Authentication Local Banner” section on page 10-17. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-5 OL-12247-04...

  • Page 326: Web Authentication Customizable Web Pages

    You must include an HTML redirect command in the success page to access a specific URL. • The URL string must be a valid URL (for example, http://www.cisco.com). An incomplete URL • might cause page not found or similar errors on a web browser.

  • Page 327: Web-Based Authentication Interactions With Other Features

    You can then limit the number or group of clients that can access the network through the port. For more information about enabling port security, see the “Configuring Port Security” section on page 26-8 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-7 OL-12247-04...

  • Page 328: Gateway Ip

    ACLs If you configure a VLAN ACL or a Cisco IOS ACL on an interface, the ACL is applied to the host traffic only after the web-based authentication host policy is applied. For Layer 2 web-based authentication, you must configure a port ACL (PACL) as the default access policy for ingress traffic from hosts connected to the port.

  • Page 329: Configuring Web-Based Authentication

    You must configure the default ACL on the interface before configuring web-based authentication. • Configure a port ACL for a Layer 2 interface or a Cisco IOS ACL for a Layer 3 interface. You cannot authenticate hosts on Layer 2 interfaces with static ARP cache assignment. These hosts •...

  • Page 330: Web-Based Authentication Configuration Task List

    Switch(config)# ip device tracking This example shows how to verify the configuration: Switch# show ip admission configuration Authentication Proxy Banner not configured Authentication global cache time is 60 minutes Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-10 OL-12247-04...

  • Page 331: Configuring Aaa Authentication

    The RADIUS host entries are chosen in the order that they were configured. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-11...
  • Page 332 You need to configure some settings on the RADIUS server, including: the switch IP address, the key Note string to be shared by both the server and the switch, and the downloadable ACL (DACL). For more information, see the RADIUS server documentation. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-12 OL-12247-04...

  • Page 333: Configuring The Http Server

    Specify the location of the custom HTML file to use in device:expired-filename place of the default login expired page. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-13 OL-12247-04...
  • Page 334 Authentication global init state time is 2 minutes Authentication Proxy Session ratelimit is 100 Authentication Proxy Watch-list is disabled Authentication Proxy Auditing is disabled Max Login attempts per user is 5 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-14 OL-12247-04...

  • Page 335: Specifying A Redirection Url For Successful Login

    (Optional) Rate-limit the authentication attempts from hosts in the number_of_sessions AAA down state to avoid flooding the AAA server when it returns to service. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-15 OL-12247-04...

  • Page 336: Configuring The Web-Based Authentication Parameters

    (Optional) Save your entries in the configuration file. This example shows how to set the maximum number of failed login attempts to 10: Switch(config)# ip admission max-login-attempts 10 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-16 OL-12247-04...

  • Page 337: Configuring A Web Authentication Local Banner

    This example shows how to remove the web-based authentication session for the client at the IP address 209.165.201.1: Switch# clear ip auth-proxy cache 209.165.201.1 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-17 OL-12247-04...

  • Page 338: Displaying Web-Based Authentication Status

    This example shows how to view only the global web-based authentication status: Switch# show authentication sessions This example shows how to view the web-based authentication settings for gigabit interface 3/27: Switch# show authentication sessions interface gigabitethernet 3/27 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-18 OL-12247-04...

  • Page 339: Understanding Interface Types

    • For complete syntax and usage information for the commands used in this chapter, see the switch Note command reference for this release and the online Cisco IOS Interface Command Reference, Release 12.2. Understanding Interface Types This section describes the different types of interfaces supported by the switch with references to chapters that contain more detailed information about configuring these interface types.

  • Page 340: C H A P T E R 11 Configuring Interface Characteristics

    When you put an interface that is in Layer 3 mode into Layer 2 mode, the previous configuration information related to the affected interface might be lost, and the interface is returned to its default configuration. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-2 OL-12247-04...

  • Page 341: Access Ports

    Catalyst 6500 series switch; the switch cannot be a VMPS server. You can also configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and another VLAN for data traffic from a device attached to the phone. For more information about voice VLAN ports, see Chapter 15, “Configuring Voice VLAN.”...

  • Page 342: Tunnel Ports

    The IP base feature set supports static routing and the Routing Information Protocol (RIP). For full Note Layer 3 routing or for fallback bridging, you must enable the IP services feature set on the standalone switch, or the stack master. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-4 OL-12247-04...

  • Page 343: Switch Virtual Interfaces

    The protocol link state for VLAN interfaces come up when the first switchport belonging to the Note corresponding VLAN link comes up and is in STP forwarding state. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-5 OL-12247-04...

  • Page 344: Etherchannel Port Groups

    Most protocols operate over either single ports or aggregated switch ports and do not recognize the physical ports within the port group. Exceptions are the DTP, the Cisco Discovery Protocol (CDP), and the Port Aggregation Protocol (PAgP), which operate only on physical ports.

  • Page 345: Connecting Interfaces

    However, only IPv4 packets with Ethernet II encapsulation are routed in hardware. Non-IP traffic and traffic with other encapsulation methods are fallback-bridged by hardware. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-7 OL-12247-04...

  • Page 346: Using Interface Configuration Mode

    21 to 24 (for example, gigabitethernet1/0/23). On a switch with Cisco dual SFP X2 converter modules in the 10-Gigabit Ethernet module slots, the external 10/100/1000 ports are numbered from 17 to 20 (for example, gigabitethernet1/0/18), and the SFP module ports are numbered from 21 to 24 (for example, gigabitethernet1/0/22).

  • Page 347: Procedures For Configuring Interfaces

    After you configure an interface, verify its status by using the show privileged EXEC commands listed Step 4 in the “Monitoring and Maintaining the Interfaces” section on page 11-28. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-9 OL-12247-04...

  • Page 348: Configuring A Range Of Interfaces

    - {last port}, where the module is always 0 (for stacking-capable switches) port-channel port-channel-number - port-channel-number, where the port-channel-number – is 1 to 64 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-10 OL-12247-04...

  • Page 349: Configuring And Using Interface Range Macros

    The macro_name is a 32-character maximum character string. • A macro can contain up to five comma-separated interface ranges. • Each interface-range must consist of the same port type. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-11 OL-12247-04...
  • Page 350 1 and to verify the macro configuration: Switch# configure terminal Switch(config)# define interface-range enet_list gigabitethernet1/0/1 - 2 Switch(config)# end Switch# show running-config | include define define interface-range enet_list GigabitEthernet1/0/1 - 2 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-12 OL-12247-04...

  • Page 351: Using The Internal Ethernet Management Port

    In a switch stack, only the Ethernet management port on the stack master is enabled. The ports on the stack members are disabled. You cannot modify the IP address of stack member by using the Chassis Management Module. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-13 OL-12247-04...
  • Page 352 Module to the PC. In a stack that has members in multiple enclosures, the PC must be connected to the Chassis Management Module of the enclosure with the stack master. The PC should also be able to access the all of the enclosure OAs. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-14 OL-12247-04...

  • Page 353: Supported Features On The Ethernet Management Port

    Supported Features on the Ethernet Management Port The Ethernet management port supports only these features: Express Setup (only in switch stacks) • Network Assistant • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-15 OL-12247-04...

  • Page 354: Layer 3 Routing Configuration Guidelines

    VRF or configure static route to forward the packets to specific hosts and networks. Monitoring the Ethernet Management Port To display the link status, use the show interfaces fastethernet 0 privileged EXEC command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-16 OL-12247-04...

  • Page 355: Tftp And The Ethernet Management Port

    Layer 2 mode. This shuts down the interface and then re-enables it, which might generate messages on the device to which Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-17...
  • Page 356 Disabled (Layer 2 interfaces only). See the “Default Port Security Configuration” section on page 26-11. Port Fast Disabled. See the “Default Optional Spanning-Tree Configuration” section on page 20-12. Auto-MDIX Enabled. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-18 OL-12247-04...

  • Page 357: Configuring Interface Speed And Duplex Mode

    The port LED is amber while STP reconfigures. Changing the interface speed and duplex mode configuration might shut down and re-enable the Caution interface during the reconfiguration. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-19 OL-12247-04...

  • Page 358: Setting The Interface Speed And Duplex Parameters

    This example shows how to set the interface speed to 100 Mb/s and the duplex mode to half on an external 10/100/1000 Mb/s port: Switch# configure terminal Switch(config)# interface gigabitethernet1/0/17 Switch(config-if)# speed 10 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-20 OL-12247-04...

  • Page 359: Configuring Ieee 802.3X Flow Control

    Verify the interface flow control settings. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To disable flow control, use the flowcontrol receive off interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-21 OL-12247-04...

  • Page 360: Configuring Auto-Mdix On An Interface

    Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. To disable auto-MDIX, use the no mdix auto interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-22 OL-12247-04...

  • Page 361: Adding A Description For An Interface

    Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# description Connects to Marketing Switch(config-if)# end Switch# show interfaces gigabitethernet1/0/2 description Interface Status Protocol Description Gi1/0/2 admin down down Connects to Marketing Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-23 OL-12247-04...

  • Page 362: Configuring Layer 3 Interfaces

    Furthermore, when you put an interface that is in Layer 2 mode into Layer 3 mode, the previous configuration information related to the affected interface might be lost, and the interface is returned to its default configuration Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-24 OL-12247-04...

  • Page 363: Configuring Svi Autostate Exclude

    Exclude the access or trunk port when defining the status of an SVI line state (up or down) Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-25 OL-12247-04...

  • Page 364: Configuring The System Mtu

    Cisco IOS configuration file, even if you enter the copy running-config startup-config privileged EXEC command. Therefore, if you use TFTP to configure a new switch by using a backup...
  • Page 365 This example shows the response when you try to set Gigabit Ethernet interfaces to an out-of-range number: Switch(config)# system mtu jumbo 25000 % Invalid input detected at '^' marker. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-27 OL-12247-04...

  • Page 366: Monitoring And Maintaining The Interfaces

    Display the hardware configuration, software version, the names and sources of configuration files, and the boot images. show controllers ethernet-controller interface-id Display the operational state of the auto-MDIX feature on the interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-28 OL-12247-04...

  • Page 367: Clearing And Resetting Interfaces And Counters

    Use the no shutdown interface configuration command to restart the interface. To verify that an interface is disabled, enter the show interfaces privileged EXEC command. A disabled interface is shown as administratively down in the display. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-29 OL-12247-04...
  • Page 368 Chapter 11 Configuring Interface Characteristics Monitoring and Maintaining the Interfaces Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-30 OL-12247-04...

  • Page 369: Understanding Smartports Macros

    Use this interface configuration macro for increased network security and reliability when connecting a desktop device, such as a PC, to a switch port. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 12-1 OL-12247-04...

  • Page 370: C H A P T E R 12 Configuring Smartports Macros

    Use this interface configuration macro when connecting a desktop device such as a PC with a Cisco IP Phone to a switch port. This macro is an extension of the cisco-desktop macro and provides the same security and resiliency features, but with the addition of dedicated voice VLANs to ensure proper treatment of delay-sensitive voice traffic.
  • Page 371 Cisco-default macro with the required values by using the parameter value keywords. The Cisco-default macros use the $ character to help identify required keywords. There is no restriction on using the $ character to define keywords when you create a macro.

  • Page 372: Creating Smartports Macros

    MAC addresses and also includes two help string keywords by using # macro keywords: Switch(config)# macro name test switchport access vlan $VLANID switchport port-security maximum $MAX #macro keywords $VLANID $MAX Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 12-4 OL-12247-04...

  • Page 373: Applying Smartports Macros

    You can delete a global macro-applied configuration on a switch only by entering the no version of each command that is in the macro. You can delete a macro-applied configuration on an interface by entering the default interface interface-id interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 12-5 OL-12247-04...

  • Page 374: Applying Cisco-Default Smartports Macros

    (Optional) Enter interface configuration mode, and specify the interface on which to apply the macro. Step 6 default interface interface-id (Optional) Clear all configuration from the specified interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 12-6 OL-12247-04...
  • Page 375 You can delete a macro-applied configuration on an interface by entering the default interface interface-id interface configuration command. This example shows how to display the cisco-desktop macro, how to apply the macro, and to set the access VLAN ID to 25 on an interface:...

  • Page 376: Displaying Smartports Macros

    Displays the configured macro names. show parser macro description [interface Displays the macro description for all interfaces or for a specified interface-id] interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 12-8 OL-12247-04...

  • Page 377: Understanding Vlans

    Before you create VLANs, you must decide whether to use VLAN Trunking Protocol (VTP) to maintain Note global VLAN configuration for your network. For more information on VTP, see Chapter 14, “Configuring VTP.” Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-1 OL-12247-04...

  • Page 378: Supported Vlans

    VTP transparent mode when you create VLAN IDs from 1006 to 4094. Cisco IOS Release 12.2(52)SE and later support VTP version 3. VTP version 3 supports the entire Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide...

  • Page 379: Chapter 13 Configuring Vlan

    For configuration information, see the “Configuring Dynamic-Access Ports on VMPS Clients” section on page 13-30. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-3 OL-12247-04...

  • Page 380: Configuring Normal-Range Vlans

    EXEC command. The vlan.dat file is stored in flash memory. Thevlan.dat file is stored in flash memory on the stack master. Stack members have a vlan.dat file that is consistent with the stack master. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-4 OL-12247-04...
  • Page 381 Default Ethernet VLAN Configuration, page 13-7 • Creating or Modifying an Ethernet VLAN, page 13-8 • Deleting a VLAN, page 13-9 • • Assigning Static-Access Ports to a VLAN, page 13-10 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-5 OL-12247-04...

  • Page 382: Token Ring Vlans

    IEEE 802.1s Multiple STP (MSTP) on your switch to map multiple VLANs to a single spanning-tree instance. For more information about MSTP, see Chapter 19, “Configuring MSTP.” Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-6 OL-12247-04...

  • Page 383: Configuring Normal-Range Vlans

    The switch supports Ethernet interfaces exclusively. Because FDDI and Token Ring VLANs are not Note locally supported, you only configure FDDI and Token Ring media-specific characteristics for VTP global advertisements to other switches. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-7 OL-12247-04...

  • Page 384: Creating Or Modifying An Ethernet Vlan

    The available VLAN ID range for this command is 1 to 4094. For information about adding VLAN IDs greater than 1005 (extended-range VLANs), see the “Configuring Extended-Range VLANs” section on page 13-11. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-8 OL-12247-04...

  • Page 385: Deleting A Vlan

    Enter global configuration mode. Step 2 no vlan vlan-id Remove the VLAN by entering the VLAN ID. Step 3 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-9 OL-12247-04...

  • Page 386: Assigning Static-Access Ports To A Vlan

    Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 2 Switch(config-if)# end Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-10 OL-12247-04...

  • Page 387: Configuring Extended-Range Vlans

    Otherwise, you lose the extended-range VLAN configuration if the switch resets. If you create extended-range VLANs in VTP version 3, you cannot convert to VTP version 1 or 2 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-11...

  • Page 388: Creating An Extended-Range Vlan

    Extended-Range VLAN with an Internal VLAN ID” section on page 13-13 before creating the extended-range VLAN. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-12 OL-12247-04...

  • Page 389: Creating An Extended-Range Vlan With An Internal Vlan Id

    VLAN is rejected. To manually free an internal VLAN ID, you must temporarily shut down the routed port that is using the internal VLAN ID. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-13...

  • Page 390: Displaying Vlans

    Display parameters for all VLANs or the specified VLAN on the switch. For more details about the show command options and explanations of output fields, see the command reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-14 OL-12247-04...

  • Page 391: Configuring Vlan Trunks

    Blade Blade switch switch VLAN1 VLAN3 VLAN2 VLAN2 VLAN1 VLAN3 Figure 13-3 shows a network of switches that are connected by IEEE 802.1Q trunks. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-15 OL-12247-04...
  • Page 392 The DTP supports autonegotiation of both ISL and IEEE 802.1Q trunks. DTP is not supported on private-VLAN ports or tunnel ports. Note Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-16 OL-12247-04...

  • Page 393: Encapsulation Types

    The trunking mode, the trunk encapsulation type, and the hardware capabilities of the two connected interfaces decide whether a link becomes an ISL or IEEE 802.1Q trunk. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-17...

  • Page 394: Ieee 802.1Q Configuration Considerations

    VLAN allowed on the trunks. Non-Cisco devices might support one spanning-tree instance for all VLANs. When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco switch combines the spanning-tree instance of the VLAN of the trunk with the spanning-tree instance of the non-Cisco IEEE 802.1Q switch.

  • Page 395: Interaction With Other Features

    Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the port to be configured for trunking, and enter interface configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-19 OL-12247-04...

  • Page 396: Defining The Allowed Vlans On A Trunk

    VLANs from passing over the trunk. To restrict the traffic a trunk carries, use the switchport trunk allowed vlan remove vlan-list interface configuration command to remove specific VLANs from the allowed list. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-20 OL-12247-04...
  • Page 397 Configuring VLANs Configuring VLAN Trunks VLAN 1 is the default VLAN on all trunk ports in all Cisco switches, and it has previously been a Note requirement that VLAN 1 always be enabled on every trunk link. You can use the VLAN 1 minimization feature to disable VLAN 1 on any individual VLAN trunk link so that no user traffic (including spanning-tree advertisements) is sent or received on VLAN 1.

  • Page 398: Changing The Pruning-Eligible List

    The native VLAN can be assigned any VLAN ID. For information about IEEE 802.1Q configuration issues, see the “IEEE 802.1Q Configuration Considerations” section on page 13-18. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-22 OL-12247-04...

  • Page 399: Configuring Trunk Ports For Load Sharing

    VLANs 3 through 6 are assigned a port priority of 16 on Trunk 2. • VLANs 8 through 10 retain the default port priority of 128 on Trunk 2. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-23 OL-12247-04...
  • Page 400 Configure the port as a trunk port. Step 11 Return to privileged EXEC mode. Step 12 show interfaces gigabitethernet1/ 0/1 Verify the VLAN configuration. switchport Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-24 OL-12247-04...

  • Page 401: Load Sharing Using Stp Path Cost

    VLANs 8 through 10 are assigned a path cost of 30 on Trunk port 2. • VLANs 2 through 4 retain the default 100BASE-T path cost on Trunk port 2 of 19. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-25 OL-12247-04...
  • Page 402 Verify your entries. In the display, verify that the path costs are set correctly for both trunk interfaces. Step 17 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-26 OL-12247-04...

  • Page 403: Configuring Vmps

    VMPS when it identifies a new host address. If the switch receives a port-shutdown response from the VMPS, it disables the port. The port must be manually re-enabled by using Network Assistant, the CLI, or SNMP. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-27 OL-12247-04...

  • Page 404: Dynamic-Access Port Vlan Membership

    When you configure a port as a dynamic-access port, the spanning-tree Port Fast feature is • automatically enabled for that port. The Port Fast mode accelerates the process of bringing the port into the forwarding state. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-28 OL-12247-04...

  • Page 405: Configuring The Vmps Client

    You must have IP connectivity to the VMPS for dynamic-access ports to work. You can test for IP Note connectivity by pinging the IP address of the VMPS and verifying that you get a response. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-29 OL-12247-04...

  • Page 406: Configuring Dynamic-Access Ports On Vmps Clients

    Changing the Reconfirmation Interval VMPS clients periodically reconfirm the VLAN membership information received from the VMPS.You can set the number of minutes after which reconfirmation occurs. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-30 OL-12247-04...

  • Page 407: Changing The Retry Count

    EXEC command or its Network Assistant or SNMP equivalent. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-31...

  • Page 408: Troubleshooting Dynamic-Access Port Vlan Membership

    End stations are connected to the clients, Switch B and Switch I. • The database configuration file is stored on the TFTP server with the IP address 172.20.22.7. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-32 OL-12247-04...
  • Page 409 172.20.26.156 Switch G 172.20.26.157 Switch H Client switch I Dynamic-access port Server 2 172.20.26.158 Trunk port 172.20.26.159 Catalyst 6500 series Secondary VMPS Switch J Server 3 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-33 OL-12247-04...
  • Page 410 Chapter 13 Configuring VLANs Configuring VMPS Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-34 OL-12247-04...

  • Page 411: Understanding Vtp

    When a switch joins the stack or when stacks merge, the new switches get VTP information from the stack master. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-1 OL-12247-04...

  • Page 412: Chapter 14 Configuring Vtp

    VLAN in a suspended state. VTP version 1 and version 2 support only normal-range VLANs (VLAN IDs 1 to 1005). Cisco IOS Release 12.2(52)SE and later support VTP version 3. VTP version 3 supports the entire VLAN range (VLANs 1 to 4094).

  • Page 413: Vtp Modes

    A switch in VTP off mode functions in the same manner as a VTP transparent switch, except that it does not forward VTP advertisements on trunks. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-3 OL-12247-04...

  • Page 414: Vtp Advertisements

    Because VTP version 2 supports only one domain, it forwards VTP messages in transparent mode without inspecting the version and domain name. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-4 OL-12247-04...

  • Page 415: Vtp Version 3

    For example, you can configure the switch as a VTP server for the VLAN database but with VTP off for the MST database. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-5...

  • Page 416: Vtp Pruning

    F have no ports in the Red VLAN. Figure 14-1 Flooding Traffic without VTP Pruning Switch D Port 2 Switch E Switch B VLAN Port 1 Switch F Switch C Switch A Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-6 OL-12247-04...
  • Page 417 You can set VLAN pruning-eligibility, whether or not VTP pruning is enabled for the VTP domain, whether or not any given VLAN exists, and whether or not the interface is currently trunking. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-7 OL-12247-04...

  • Page 418: Vtp And Switch Stacks

    VTP mode (VTP version 1 and version 2) Server. VTP mode (VTP version 3) The mode is the same as the mode in VTP version 1 or 2 before conversion to version 3. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-8 OL-12247-04...

  • Page 419: Vtp Configuration Guidelines

    VLAN configuration of that domain. Make sure that you configure at least one switch in the VTP domain for VTP server mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-9...

  • Page 420: Passwords

    2. If there is a version 1-only switch, it does not exchange VTP information with switches that have version 2 enabled. Cisco recommends placing VTP version 1 and 2 switches at the edge of the network because they •...

  • Page 421: Configuration Requirements

    However, a VTP transparent switch running VTP version 2 does forward received VTP advertisements on its trunk links. VTP off mode is the same as VTP transparent mode except that VTP advertisements are not • forwarded. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-11 OL-12247-04...
  • Page 422 (Optional) Configure the database: unknown} vlan—the VLAN database is the default if none are configured. • • mst—the multiple spanning tree (MST) database. unknown—an unknown database type. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-12 OL-12247-04...

  • Page 423: Configuring A Vtp Version 3 Password

    (Optional) secret—Enter secret to directly configure the password. • The secret password must contain 32 hexadecimal characters. Step 3 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-13 OL-12247-04...

  • Page 424: Configuring A Vtp Version 3 Primary Server

    VTP Database Conf Switch ID Primary Server Revision System Name ------------ ---- -------------- -------------- -------- -------------------- VLANDB 00d0.00b8.1400=00d0.00b8.1400 1 stp7 Do you want to continue (y/n) [n]? y Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-14 OL-12247-04...

  • Page 425: Enabling The Vtp Version

    Token Ring VLAN switching to function properly. For Token Ring and Token Ring-Net media, disable VTP version 2 must be disabled. VTP version 3 is supported on switches running Cisco IOS Release 12.2(52) SE or later. • In VTP version 3, both the primary and secondary servers can exist on an instance in the domain.

  • Page 426: Enabling Vtp Pruning

    Verify the change to the port. interface-id Step 6 show vtp status Verify the configuration. To disable VTP on the interface, use the no vtp interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-16 OL-12247-04...

  • Page 427: Adding A Vtp Client Switch To A Vtp Domain

    You can use the vtp mode transparent global configuration command to disable VTP on the switch and then to change its VLAN information without affecting the other switches in the VTP domain. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-17...

  • Page 428: Monitoring Vtp

    Display the VTP switch configuration information. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-18 OL-12247-04...

  • Page 429: Understanding Voice Vlan

    The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. When the switch is connected to a Cisco 7960 IP Phone, the phone sends voice traffic with Layer 3 IP precedence and Layer 2 class of service (CoS) values, which are both set to 5 by default. Because the sound quality of an IP phone call can deteriorate if the data is unevenly sent, the switch supports quality of service (QoS) based on IEEE 802.1p CoS.

  • Page 430: Chapter 15 Configuring Voice Vlan

    Cisco IP Phone Voice Traffic You can configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and another VLAN for data traffic from a device attached to the phone. You can configure access ports...

  • Page 431: Configuring Voice Vlan

    For more information, see Chapter 36, “Configuring QoS.” You must enable CDP on the switch port connected to the Cisco IP Phone to send the configuration • to the phone. (CDP is globally enabled by default on all switch interfaces.) The Port Fast feature is automatically enabled when voice VLAN is configured.

  • Page 432: Configuring A Port Connected To A Cisco 7960 Ip Phone

    Configuring Voice VLAN • If the Cisco IP Phone and a device attached to the phone are in the same VLAN, they must be in the same IP subnet. These conditions indicate that they are in the same VLAN: –...

  • Page 433: Configuring Cisco Ip Phone Voice Traffic

    Configuring Cisco IP Phone Voice Traffic You can configure a port connected to the Cisco IP Phone to send CDP packets to the phone to configure the way in which the phone sends voice traffic. The phone can carry voice traffic in IEEE 802.1Q frames for a specified voice VLAN with a Layer 2 CoS value.

  • Page 434: Configuring The Priority Of Incoming Data Frames

    Configuring the Priority of Incoming Data Frames You can connect a PC or other data device to a Cisco IP Phone port. To process tagged data traffic (in IEEE 802.1Q or IEEE 802.1p frames), you can configure the switch to send CDP packets to instruct the phone how to send data packets from the device attached to the access port on the Cisco IP Phone.

  • Page 435: Displaying Voice Vlan

    (Optional) Save your entries in the configuration file. startup-config This example shows how to configure a port connected to a Cisco IP Phone to not change the priority of frames received from the PC or the attached device: Switch# configure terminal Enter configuration commands, one per line.
  • Page 436 Chapter 15 Configuring Voice VLAN Displaying Voice VLAN Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 15-8 OL-12247-04...

  • Page 437: Understanding Private Vlans

    VLAN. A private VLAN can have multiple VLAN pairs, one pair for each subdomain. All VLAN pairs in a private VLAN share the same primary VLAN. The secondary VLAN ID differentiates one subdomain from another. See Figure 16-1. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-1 OL-12247-04...

  • Page 438: Chapter 16 Configuring Private Vlan

    These interfaces are isolated at Layer 2 from all other interfaces in other communities and from isolated ports within their private VLAN. Trunk ports carry traffic from regular VLANs and also from primary, isolated, and community VLANs. Note Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-2 OL-12247-04...

  • Page 439: Ip Addressing Scheme With Private Vlans

    VLANs, but in the same primary VLAN. When new devices are added, the DHCP server assigns them the next available address from a large pool of subnet addresses. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-3...

  • Page 440: Private Vlans Across Multiple Switches

    Private VLANs and Unicast, Broadcast, and Multicast Traffic, page 16-5 • Private VLANs and SVIs, page 16-5 • Private VLANs and Switch Stacks, page 16-5 • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-4 OL-12247-04...

  • Page 441: Private Vlans And Unicast, Broadcast, And Multicast Traffic

    VLAN that had its promiscuous port on the old stack master lose connectivity outside of the private VLAN. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-5...

  • Page 442: Configuring Private Vlans

    “Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface” section on page 16-14. Step 6 Verify private-VLAN configuration. Default Private-VLAN Configuration No private VLANs are configured. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-6 OL-12247-04...

  • Page 443: Private-Vlan Configuration Guidelines

    Sticky ARP entries are those learned on SVIs and Layer 3 interfaces. They entries do not age – out. The ip sticky-arp global configuration command is supported only on SVIs belonging to – private VLANs. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-7 OL-12247-04...

  • Page 444: Private-Vlan Port Configuration

    Private-VLAN ports can be on different network devices if the devices are trunk-connected and the primary and secondary VLANs have not been removed from the trunk. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-8 OL-12247-04...

  • Page 445: Limitations With Other Features

    VLAN. When the original dynamic MAC address is deleted or aged out, the replicated addresses are removed from the MAC address table. Configure Layer 3 VLAN interfaces (SVIs) only for primary VLANs. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-9 OL-12247-04...

  • Page 446: Configuring And Associating Vlans In A Private Vlan

    Otherwise, if the switch resets, it defaults to VTP server mode, which does not support private VLANs. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-10 OL-12247-04...

  • Page 447: Configuring A Layer 2 Interface As A Private-Vlan Host Port

    Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Enter interface configuration mode for the Layer 2 interface to be configured. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-11 OL-12247-04...

  • Page 448: Configuration File

    Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: 20 501 <output truncated> Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-12 OL-12247-04...

  • Page 449: Configuring A Layer 2 Interface As A Private-Vlan Promiscuous Port

    Switch(config-if)# end Use the show vlan private-vlan or the show interface status privileged EXEC command to display primary and secondary VLANs and private-VLAN ports on the switch. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-13 OL-12247-04...

  • Page 450: Mapping Secondary Vlans To A Primary Vlan Layer 3 Vlan Interface

    Switch(config)# interface vlan 10 Switch(config-if)# private-vlan mapping 501-502 Switch(config-if)# end Switch# show interfaces private-vlan mapping Interface Secondary VLAN Type --------- -------------- ----------------- vlan10 isolated vlan10 community Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-14 OL-12247-04...

  • Page 451: Monitoring Private Vlans

    This is an example of the output from the show vlan private-vlan command: Switch(config)# show vlan private-vlan Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ isolated Gi2/0/1, Gi3/0/1, Gi3/0/2 community Gi2/0/11, Gi3/0/1, Gi3/0/4 non-operational Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-15 OL-12247-04...
  • Page 452 Chapter 16 Configuring Private VLANs Monitoring Private VLANs Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-16 OL-12247-04...

  • Page 453: Understanding Ieee 802.1Q Tunneling

    VLAN ID that is dedicated to tunneling. Each customer requires a separate service-provider VLAN ID, but that VLAN ID supports all of the customer’s VLANs. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-1...

  • Page 454: C H A P T E R 17 Configuring Ieee 802.1Q And Layer 2 Protocol Tunneling

    When the packet exits another trunk port on the same core switch, the same metro tag is again added to the packet. Figure 17-2 shows the tag structures of the double-tagged packets. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-2 OL-12247-04...
  • Page 455 Because 802.1Q tunneling is configured on a per-port basis, it does not matter whether the switch is a standalone switch or a stack member. All configuration is done on the stack master. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-3...

  • Page 456: Configuring Ieee 802.1Q Tunneling

    (Switch C) and is misdirected through the egress switch tunnel port to Customer Y. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-4...

  • Page 457: System Mtu

    The switch has a system jumbo MTU value of 1500 bytes, and the switchport mode dot1q tunnel interface configuration command is configured on a 10-Gigabit or Gigabit Ethernet switch port. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-5...

  • Page 458: Ieee 802.1Q Tunneling And Other Features

    When a port is configured as an IEEE 802.1Q tunnel port, spanning-tree bridge protocol data unit • (BPDU) filtering is automatically enabled on the interface. Cisco Discovery Protocol (CDP) and the Layer Link Discovery Protocol (LLDP) are automatically disabled on the interface.

  • Page 459: Understanding Layer 2 Protocol Tunneling

    VLAN should build a proper spanning tree that includes the local site and all remote sites across the service-provider network. Cisco Discovery Protocol (CDP) must discover neighboring Cisco devices from local and remote sites. VLAN Trunking Protocol (VTP) must provide consistent VLAN configuration throughout all sites in the customer network.
  • Page 460 Users on each of a customer’s sites can properly run STP, and every VLAN can build a correct spanning tree based on parameters from all sites and not just from the local site. CDP discovers and shows information about the other Cisco devices connected through the •...
  • Page 461 When you enable protocol tunneling (PAgP or LACP) on the SP switch, remote customer switches receive the PDUs and can negotiate the automatic creation of EtherChannels. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-9 OL-12247-04...

  • Page 462: Configuring Layer 2 Protocol Tunneling

    VLAN. Therefore, the Layer 2 PDUs remain intact and are delivered across the service-provider infrastructure to the other side of the customer network. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-10 OL-12247-04...

  • Page 463: Default Layer 2 Protocol Tunneling Configuration

    CoS marking of L2 protocol tunneling BPDUs is 5. This does not apply to data traffic. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-11 OL-12247-04...

  • Page 464: Layer 2 Protocol Tunneling Configuration Guidelines

    PDUs higher priority within the service-provider network than data packets received from the same tunnel port. By default, the PDUs use the same CoS value as data packets. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-12 OL-12247-04...

  • Page 465: Configuring Layer 2 Protocol Tunneling

    Display the Layer 2 tunnel ports on the switch, including the protocols configured, the thresholds, and the counters. Step 12 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-13 OL-12247-04...

  • Page 466: Configuring Layer 2 Tunneling For Etherchannels

    To avoid a network failure, make sure that the network is a Caution point-to-point topology before you enable tunneling for PAgP, LACP, or UDLD packets. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-14 OL-12247-04...
  • Page 467 [point-to-point [pagp | lacp | udld]] and the no l2protocol-tunnel drop-threshold [[point-to-point [pagp | lacp | udld]] commands to return the shutdown and drop thresholds to the default settings. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-15 OL-12247-04...

  • Page 468: Configuring The Customer Switch

    Switch(config-if)# l2protocol-tunnel drop-threshold point-to-point pagp 1000 Switch(config-if)# exit Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# switchport access vlan 18 Switch(config-if)# switchport mode dot1q-tunnel Switch(config-if)# l2protocol-tunnel point-to-point pagp Switch(config-if)# l2protocol-tunnel point-to-point udld Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-16 OL-12247-04...
  • Page 469 Switch(config-if)# switchport trunk encapsulation dot1q Switch(config-if)# switchport mode trunk Switch(config-if)# udld enable Switch(config-if)# channel-group 1 mode desirable Switch(config-if)# exit Switch(config)# interface port-channel 1 Switch(config-if)# shutdown Switch(config-if)# no shutdown Switch(config-if)# exit Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-17 OL-12247-04...

  • Page 470: Monitoring And Maintaining Tunneling Status

    Display the status of native VLAN tagging on the switch. For detailed information about these displays, see the command reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-18 OL-12247-04...

  • Page 471: Understanding Spanning-Tree Features

    The switch can use either the per-VLAN spanning-tree plus (PVST+) protocol based on the IEEE 802.1D standard and Cisco proprietary extensions, or the rapid per-VLAN spanning-tree plus (rapid-PVST+) protocol based on the IEEE 802.1w standard. A switch stack appears as a single spanning-tree node to the rest of the network, and all stack members use the same bridge ID.

  • Page 472: Chapter 18 Configuring Stp

    (SFP) modules. You can change the default for an interface by entering the [no] keepalive interface configuration command with no keywords. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-2...

  • Page 473: Spanning-Tree Topology And Bpdus

    Selects the lowest path cost to the root switch – Selects the lowest designated bridge ID – Selects the lowest designated path cost – Selects the lowest port ID – Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-3 OL-12247-04...

  • Page 474: Bridge Id, Switch Priority, And Extended System Id

    VLAN. Each VLAN on the switch has a unique 8-byte bridge ID. The 2 most-significant bytes are used for the switch priority, and the remaining 6 bytes are derived from the switch MAC address. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-4...

  • Page 475: Spanning-Tree Interface States

    An interface moves through these states: From initialization to blocking • From blocking to listening or to disabled • • From listening to learning or to disabled Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-5 OL-12247-04...

  • Page 476: Blocking State

    An interface in the blocking state performs these functions: • Discards frames received on the interface Discards frames switched from another interface for forwarding • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-6 OL-12247-04...

  • Page 477: Listening State

    Discards frames received on the interface • • Discards frames switched from another interface for forwarding • Does not learn addresses • Does not receive BPDUs Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-7 OL-12247-04...

  • Page 478: How A Switch Or Port Becomes The Root Switch Or Root Port

    If the speeds are the same, the port priority and port ID are added together, and spanning tree disables the link with the lowest value. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-8...

  • Page 479: Spanning-Tree Address Management

    VLAN to be subject to accelerated aging. Dynamic addresses on other VLANs can be unaffected and remain subject to the aging interval entered for the switch. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-9 OL-12247-04...

  • Page 480: Spanning-Tree Modes And Protocols

    Spanning-Tree Modes and Protocols The switch supports these spanning-tree modes and protocols: PVST+—This spanning-tree mode is based on the IEEE 802.1D standard and Cisco proprietary • extensions. It is the default spanning-tree mode used on all Ethernet port-based VLANs. The PVST+ runs on each VLAN on the switch up to the maximum supported, ensuring that each has a loop-free path through the network.

  • Page 481: Spanning-Tree Interoperability And Backward Compatibility

    VLAN allowed on the trunks. When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco switch uses PVST+ to provide spanning-tree interoperability. If rapid PVST+ is enabled, the switch uses it instead of PVST+.

  • Page 482: Spanning Tree And Switch Stacks

    Configuring the Root Switch, page 18-16 (optional) Configuring a Secondary Root Switch, page 18-18 (optional) • • Configuring Port Priority, page 18-18 (optional) Configuring Path Cost, page 18-20 (optional) • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-12 OL-12247-04...

  • Page 483: Default Spanning-Tree Configuration

    VLAN, and use the spanning-tree vlan vlan-id global configuration command to enable spanning tree on the desired VLAN. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-13...
  • Page 484 20-12. Caution Loop guard works only on point-to-point links. We recommend that each end of the link has a directly connected device that is running STP. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-14 OL-12247-04...

  • Page 485: Changing The Spanning-Tree Mode

    To return to the default setting, use the no spanning-tree mode global configuration command. To return the port to its default setting, use the no spanning-tree link-type interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-15 OL-12247-04...

  • Page 486: Disabling Spanning Tree

    ID support will become the root switch. The extended system ID increases the switch priority value every time the VLAN number is greater than the priority of the connected switches running older software. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-16 OL-12247-04...
  • Page 487 (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id root global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-17 OL-12247-04...

  • Page 488: Configuring A Secondary Root Switch

    (higher numerical values) that you want selected last. If all interfaces have the same priority value, spanning tree puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-18 OL-12247-04...
  • Page 489 The show spanning-tree interface interface-id privileged EXEC command displays information only Note if the port is in a link-up operative state. Otherwise, you can use the show running-config interface privileged EXEC command to confirm the configuration. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-19 OL-12247-04...

  • Page 490: Configuring Path Cost

    Step 6 show spanning-tree interface interface-id Verify your entries. show spanning-tree vlan vlan-id Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-20 OL-12247-04...

  • Page 491: Configuring The Switch Priority Of A Vlan

    (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id priority global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-21 OL-12247-04...

  • Page 492: Configuring Spanning-Tree Timers

    (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id hello-time global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-22 OL-12247-04...

  • Page 493: Configuring The Forwarding-Delay Time For A Vlan

    (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id max-age global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-23 OL-12247-04...

  • Page 494: Configuring The Transmit Hold-Count

    You can clear spanning-tree counters by using the clear spanning-tree [interface interface-id] privileged EXEC command. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-24 OL-12247-04...

  • Page 495: Configuring Mstp

    Both MSTP and RSTP improve the spanning-tree operation and maintain backward compatibility with equipment that is based on the (original) IEEE 802.1D spanning tree, with existing Cisco-proprietary Multiple Instance STP (MISTP), and with existing Cisco per-VLAN spanning-tree plus (PVST+) and rapid per-VLAN spanning-tree plus (rapid PVST+).

  • Page 496: Chapter 19 Configuring Mstp

    Within each MST region, the MSTP maintains multiple spanning-tree instances. Instance 0 is a special instance for a region, known as the internal spanning tree (IST). All other MST instances are numbered from 1 to 4094. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-2 OL-12247-04...

  • Page 497: Operations Within An Mst Region

    CST, which includes all MST regions and all legacy STP switches in the network. The MST instances combine with the IST at the boundary of the region to become the CST. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-3...
  • Page 498 MSTP switches use Version 3 RSTP BPDUs or IEEE 802.1D STP BPDUs to communicate with legacy IEEE 802.1D switches. MSTP switches use MSTP BPDUs to communicate with MSTP switches. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-4...

  • Page 499: Ieee 802.1S Terminology

    Understanding MSTP IEEE 802.1s Terminology Some MST naming conventions used in Cisco’s prestandard implementation have been changed to identify some internal or regional parameters. These parameters are significant only within an MST region, as opposed to external parameters that are relevant to the whole network. Because the CIST is the only spanning-tree instance that spans the whole network, only the CIST parameters require the external rather than the internal or regional qualifiers.

  • Page 500: Boundary Ports

    The primary change from the Cisco prestandard implementation is that a designated port is not defined as boundary, unless it is running in an STP-compatible mode.

  • Page 501: Interoperation Between Legacy And Standard Switches

    Detecting Unidirectional Link Failure This feature is not yet present in the IEEE MST standard, but it is included in this Cisco IOS release. The software checks the consistency of the port role and state in the received BPDUs to detect unidirectional link failures that could cause bridging loops.

  • Page 502: Mstp And Switch Stacks

    IEEE 802.1D BPDUs because it cannot detect whether the legacy switch has been removed from the link unless the legacy switch is the designated switch. A switch might also continue to assign a boundary role Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-8...

  • Page 503: Understanding Rstp

    A port with the root or a designated port role is included in the active topology. A port with the alternate or backup port role is excluded from the active topology. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-9...

  • Page 504: Rapid Convergence

    Disabled Disabled Discarding To be consistent with Cisco STP implementations, this guide defines the port state as blocking instead of discarding. Designated ports start in the listening state. Rapid Convergence The RSTP provides for rapid recovery of connectivity following the failure of a switch, a switch port, or a LAN.

  • Page 505: Synchronization Of Port Roles

    RSTP forces a port to synchronize with root information and the port does not satisfy any of the above conditions, its port state is set to blocking. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-11...

  • Page 506: Bridge Protocol Data Unit Format And Processing

    Table 19-3 RSTP BPDU Flags Function Topology change (TC) Proposal 2–3: Port role: Unknown Alternate port Root port Designated port Learning Forwarding Agreement Topology change acknowledgement (TCA) Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-12 OL-12247-04...

  • Page 507: Processing Superior Bpdu Information

    TC-while timer is reset. This behavior is only required to support IEEE 802.1D switches. The RSTP BPDUs never have the TCA bit set. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-13 OL-12247-04...

  • Page 508: Configuring Mstp Features

    Table 19-4 Default MSTP Configuration Feature Default Setting Spanning-tree mode PVST+ (Rapid PVST+ and MSTP are disabled). Switch priority (configurable on a per-CIST port basis) 32768. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-14 OL-12247-04...

  • Page 509: Mstp Configuration Guidelines

    • assignments must match; otherwise, all traffic flows on a single link. You can achieve load-balancing across a switch stack by manually configuring the path cost. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-15 OL-12247-04...

  • Page 510: Specifying The Mst Region Configuration And Enabling Mstp

    Specify the configuration revision number. The range is 0 to 65535. Step 6 show pending Verify your configuration by displaying the pending configuration. Step 7 exit Apply all changes, and return to global configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-16 OL-12247-04...

  • Page 511: Configuring The Root Switch

    ID support, the switch sets its own priority for the specified instance to 24576 if this value will cause this switch to become the root for the specified spanning-tree instance. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-17...
  • Page 512 (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst instance-id root global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-18 OL-12247-04...

  • Page 513: Configuring A Secondary Root Switch

    (higher numerical values) that you want selected last. If all interfaces have the same priority value, the MSTP puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-19 OL-12247-04...
  • Page 514 Otherwise, you can use the show running-config interface privileged EXEC command to confirm the configuration. To return the interface to its default setting, use the no spanning-tree mst instance-id port-priority interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-20 OL-12247-04...

  • Page 515: Configuring Path Cost

    You can configure the switch priority and make it more likely that a standalone switch or a switch in the stack will be chosen as the root switch. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-21...

  • Page 516: Configuring The Hello Time

    These messages mean that the switch is alive. For seconds, the range is 1 to 10; the default is 2. Step 3 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-22 OL-12247-04...

  • Page 517: Configuring The Forwarding-Delay Time

    Return to privileged EXEC mode. Step 4 show spanning-tree mst Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-23 OL-12247-04...

  • Page 518: Configuring The Maximum-Hop Count

    1 to 4094. The port-channel range is 1 to 64. Step 3 spanning-tree link-type point-to-point Specify that the link type of a port is point-to-point. Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-24 OL-12247-04...

  • Page 519: Designating The Neighbor Type

    To restart the protocol migration process (force the renegotiation with neighboring switches) on the switch, use the clear spanning-tree detected-protocols privileged EXEC command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-25 OL-12247-04...

  • Page 520: Displaying The Mst Configuration And Status

    Displays MST information for the specified interface. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-26 OL-12247-04...

  • Page 521: Understanding Optional Spanning-Tree Features

    Understanding Cross-Stack UplinkFast, page 20-5 • Understanding BackboneFast, page 20-7 • Understanding EtherChannel Guard, page 20-10 • Understanding Root Guard, page 20-10 • • Understanding Loop Guard, page 20-11 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-1 OL-12247-04...

  • Page 522: C H A P T E R 20 Configuring Optional Spanning-Tree Features

    To prevent the port from shutting down, you can use the errdisable detect cause bpduguard shutdown vlan global configuration command to shut down just the offending VLAN on the port where the violation occurred. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-2 OL-12247-04...

  • Page 523: Understanding Bpdu Filtering

    Figure 20-2 shows a complex network where distribution switches and access switches each have at least one redundant link that spanning tree blocks to prevent loops. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-3 OL-12247-04...
  • Page 524 Switch B over link L1 and to Switch C over link L2. The Layer 2 interface on Switch C that is connected directly to Switch B is in a blocking state. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-4...

  • Page 525: Understanding Cross-Stack Uplinkfast

    CSUF might not provide a fast transition all the time; in these cases, the normal spanning-tree transition occurs, completing in 30 to 40 seconds. For more information, see the “Events that Cause Fast Convergence” section on page 20-7. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-5 OL-12247-04...

  • Page 526: How Csuf Works

    The switch sending the fast-transition request needs to do a fast transition to the forwarding state of a port that it has chosen as the root port, and it must obtain an acknowledgement from each stack switch before performing the fast transition. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-6 OL-12247-04...

  • Page 527: Events That Cause Fast Convergence

    BPDU is a signal that the other switch might have lost its path to the root, and BackboneFast tries to find an alternate path to the root. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-7...
  • Page 528 Switch B is in the blocking state. Figure 20-6 BackboneFast Example Before Indirect Link Failure Switch A (Root) Switch B Blocked port Switch C Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-8 OL-12247-04...
  • Page 529 Switch A, the root switch. Figure 20-8 Adding a Switch in a Shared-Medium Topology Switch A (Root) Switch B Switch C (Designated bridge) Blocked port Added switch Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-9 OL-12247-04...

  • Page 530: Understanding Etherchannel Guard

    You can enable this feature by using the spanning-tree guard root interface configuration command. Caution Misuse of the root-guard feature can cause a loss of connectivity. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-10 OL-12247-04...

  • Page 531: Understanding Loop Guard

    • Enabling BPDU Filtering, page 20-14 (optional) • Enabling UplinkFast for Use with Redundant Links, page 20-15 (optional) • Enabling Cross-Stack UplinkFast, page 20-16 (optional) • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-11 OL-12247-04...

  • Page 532: Default Optional Spanning-Tree Configuration

    VLAN, the Port Fast feature is not automatically disabled. For more information, see Chapter 15, “Configuring Voice VLAN.” You can enable this feature if your switch is running PVST+, rapid PVST+, or MSTP. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-12 OL-12247-04...

  • Page 533: Enabling Bpdu Guard

    To prevent the port from shutting down, you can use the errdisable detect cause bpduguard shutdown vlan global configuration command to shut down just the offending VLAN on the port where the violation occurred. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-13 OL-12247-04...

  • Page 534: Enabling Bpdu Filtering

    Configure Port Fast only on interfaces that connect to end stations; otherwise, an accidental topology Caution loop could cause a data packet loop and disrupt switch and network operation. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-14 OL-12247-04...

  • Page 535: Enabling Uplinkfast For Use With Redundant Links

    You can configure the UplinkFast or the CSUF feature for rapid PVST+ or for the MSTP, but the feature remains disabled (inactive) until you change the spanning-tree mode to PVST+. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-15...

  • Page 536: Enabling Cross-Stack Uplinkfast

    To disable UplinkFast on the switch and all its VLANs, use the no spanning-tree uplinkfast global configuration command. Enabling BackboneFast You can enable BackboneFast to detect indirect link failures and to start the spanning-tree reconfiguration sooner. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-16 OL-12247-04...

  • Page 537: Enabling Etherchannel Guard

    EXEC command to verify the EtherChannel configuration. After the configuration is corrected, enter the shutdown and no shutdown interface configuration commands on the port-channel interfaces that were misconfigured. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-17 OL-12247-04...

  • Page 538: Enabling Root Guard

    Command Purpose Step 1 show spanning-tree active Verify which interfaces are alternate or root ports. show spanning-tree mst Step 2 configure terminal Enter global configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-18 OL-12247-04...

  • Page 539: Displaying The Spanning-Tree Status

    You can clear spanning-tree counters by using the clear spanning-tree [interface interface-id] privileged EXEC command. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-19 OL-12247-04...
  • Page 540 Chapter 20 Configuring Optional Spanning-Tree Features Displaying the Spanning-Tree Status Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-20 OL-12247-04...

  • Page 541: Understanding Flex Links And The Mac Address-Table Move Update

    The feature provides an alternative solution to the Spanning Tree Protocol (STP). Users can disable STP and still retain basic link redundancy. Flex Links are Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-1...

  • Page 542: Vlan Flex Link Load Balancing And Support

    Flex Link pair can be used for load balancing. Also, Flex Link VLAN load-balancing does not impose any restrictions on uplink switches. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-2 OL-12247-04...

  • Page 543: C H A P T E R 21 Configuring Flex Links And The Mac Address-Table Move Update Feature

    When the backup link starts forwarding, to achieve faster convergence of multicast data, the downstream switch immediately sends proxy reports for all the learned groups on this port without waiting for a general query. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-3 OL-12247-04...

  • Page 544: Leaking Igmp Reports

    This is output for the show ip igmp snooping mrouter command for VLANs 1 and 401: Switch# show ip igmp snooping mrouter Vlan ports ---- ----- Gi1/0/11(dynamic), Gi1/0/12(dynamic) Gi1/0/11(dynamic), Gi1/0/12(dynamic) Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-4 OL-12247-04...
  • Page 545 VLAN 1, which is interested in two multicast groups: Switch# show ip igmp snooping groups Vlan Group Type Version Port List ----------------------------------------------------------------------- 228.1.5.1 igmp Gi1/0/11, Gi1/0/12, Gi2/0/11 228.1.5.2 igmp Gi1/0/11, Gi1/0/12, Gi2/0/11 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-5 OL-12247-04...

  • Page 546: Mac Address-Table Move Update

    100 milliseconds (ms). The PC is directly connected to switch A, and the connection status does not change. Switch A does not need to update the PC entry in the MAC address table. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-6...

  • Page 547: Configuring Flex Links And Mac Address-Table Move Update

    Configuring Flex Links, page 21-9 • Configuring VLAN Load Balancing on Flex Links, page 21-11 • Configuring the MAC Address-Table Move Update Feature, page 21-12 • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-7 OL-12247-04...

  • Page 548: Configuration Guidelines

    The Flex Links are not configured, and there are no backup interfaces defined. The preemption mode is off. The preemption delay is 35 seconds. The MAC address-table move update feature is not configured on the switch. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-8 OL-12247-04...

  • Page 549: Configuring Flex Links

    Configure a physical Layer 2 interface (or port channel) as part of a Flex Links pair with the interface. When one link is forwarding traffic, the other interface is in standby mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-9 OL-12247-04...
  • Page 550 Interface Pair : Gi1/0/1, Gi1/0/2 Preemption Mode : forced Preemption Delay : 50 seconds Bandwidth : 100000 Kbit (Gi1/0/1), 100000 Kbit (Gi1/0/2) Mac Address Move Update Vlan : auto Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-10 OL-12247-04...

  • Page 551: Configuring Vlan Load Balancing On Flex Links

    Switch Backup Interface Pairs: Active Interface Backup Interface State ------------------------------------------------------------------------ GigabitEthernet2/0/6 GigabitEthernet2/0/8 Active Down/Backup Up Vlans Preferred on Active Interface: 1-50 Vlans Preferred on Backup Interface: 60, 100-120 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-11 OL-12247-04...

  • Page 552: Configuring The Mac Address-Table Move Update Feature

    VLAN ID on the interface, which is used for sending the MAC address-table move update. When one link is forwarding traffic, the other interface is in standby mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-12 OL-12247-04...
  • Page 553 Step 1 configure terminal Enter global configuration mode. Step 2 mac address-table move update receive Enable the switch to get and process the MAC address-table move updates. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-13 OL-12247-04...

  • Page 554: Monitoring Flex Links And The Mac Address-Table Move Update Information

    Flex Links and the state of each active and backup backup interface (up or standby mode). show mac address-table Displays the MAC address-table move update information on the move update switch. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-14 OL-12247-04...

  • Page 555: Understanding Dhcp Features

    For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release, and see the “DHCP Commands” section in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2.

  • Page 556: C H A P T E R 22 Configuring Dhcp Features And Ip Source Guard

    In a service-provider network, a trusted interface is connected to a port on a device in the same network. An untrusted interface is connected to an untrusted interface in the network or to an interface on a device that is not in the network. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-2 OL-12247-04...

  • Page 557: Option-82 Data Insertion

    The DHCP option-82 feature is supported only when DHCP snooping is globally enabled and on the Note VLANs to which subscriber devices using this feature are assigned. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-3 OL-12247-04...
  • Page 558 Figure 22-2 do not change: Circuit-ID suboption fields • Suboption type – Length of the suboption type – Circuit-ID type – Length of the circuit-ID type – Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-4 OL-12247-04...
  • Page 559 In the port field of the circuit ID suboption, the port numbers start at 1. For example, on a switch with Cisco dual SFP X2 converter modules in the 10-Gigabit Ethernet module slots, port 1 is the internal Gigabit Ethernet 1/0/1 port, port 2 is the internal Gigabit Ethernet1/0/2 port, and so on. For the external uplink ports (port 17 to port 20), port 17 is the Gigabit Ethernet 1/0/17 port, port 18 is the Gigabit Ethernet 1/0/18 port, and so on.

  • Page 560: Cisco Ios Dhcp Server Database

    An address binding is a mapping between an IP address and a MAC address of a host in the Cisco IOS DHCP server database. You can manually assign the client IP address, or the DHCP server can allocate an IP address from a DHCP address pool.

  • Page 561: Dhcp Snooping And Switch Stacks

    DHCP snooping is managed on the stack master. When a new switch joins the stack, the switch receives the DHCP snooping configuration from the stack master. When a member leaves the stack, all DHCP snooping address bindings associated with the switch age out. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-7 OL-12247-04...

  • Page 562: Configuring Dhcp Features

    DHCP snooping information option Enabled DHCP snooping option to accept packets on Disabled untrusted input interfaces DHCP snooping limit rate None configured DHCP snooping trust Untrusted Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-8 OL-12247-04...

  • Page 563: Dhcp Snooping Configuration Guidelines

    DHCP server and the DHCP relay agent are configured and enabled. • When you globally enable DHCP snooping on the switch, these Cisco IOS commands are not available until snooping is disabled. If you enter these commands, the switch returns an error message, and the configuration is not applied.

  • Page 564: Configuring The Dhcp Server

    Configuring the DHCP Server The switch can act as a DHCP server. By default, the Cisco IOS DHCP server and relay agent features are enabled on your switch but are not configured. These features are not operational. For procedures to configure the switch as a DHCP server, see the “Configuring DHCP” section of the “IP addressing and Services”...

  • Page 565: Configuring The Dhcp Relay Agent

    To disable the DHCP server and relay agent, use the no service dhcp global configuration command. See the “Configuring DHCP” section of the “IP Addressing and Services” section of the Cisco IOS IP Configuration Guide, Release 12.2 for these procedures: Checking (validating) the relay agent information •...

  • Page 566: Enabling Dhcp Snooping And Option 82

    If the hostname is longer than 63 characters, it is truncated to 63 Note characters in the remote-ID configuration. The default remote ID is the switch MAC address. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-12 OL-12247-04...
  • Page 567 To configure an aggregation switch to drop incoming DHCP snooping packets with option-82 information from an edge switch, use the no ip dhcp snooping information option allow-untrusted global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-13 OL-12247-04...

  • Page 568: Enabling Dhcp Snooping On Private Vlans

    VLANs, on which DHCP snooping is enabled. Enabling the Cisco IOS DHCP Server Database For procedures to enable and configure the Cisco IOS DHCP server database, see the “DHCP Configuration Task List” section in the “Configuring DHCP” chapter of the Cisco IOS IP Configuration Guide, Release 12.2.

  • Page 569: Enabling The Dhcp Snooping Binding Database Agent

    To clear the statistics of the DHCP snooping binding database agent, use the clear ip dhcp snooping database statistics privileged EXEC command. To renew the database, use the renew ip dhcp snooping database privileged EXEC command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-15 OL-12247-04...

  • Page 570: Displaying Dhcp Snooping Information

    IP address filtering or with source IP and MAC address filtering. Source IP Address Filtering, page 22-17 • Source IP and MAC Address Filtering, page 22-17 • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-16 OL-12247-04...

  • Page 571: Source Ip Address Filtering

    When you enter the show ip device tracking all EXEC command, the IP device tracking table displays the entries as ACTIVE. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-17...

  • Page 572: Configuring Ip Source Guard

    If IP source guard is enabled and you enable or disable DHCP snooping on a VLAN on the Note trunk interface, the switch might not properly filter traffic. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-18 OL-12247-04...

  • Page 573: Enabling Ip Source Guard

    The MAC address of the DHCP client is learned as a secure address only when the switch receives non-DHCP data traffic. Step 4 exit Return to global configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-19 OL-12247-04...

  • Page 574: Configuring Ip Source Guard For Static Hosts

    IP device tracking globally or by setting an IP device tracking maximum on that interface, IPSG with static hosts rejects all the IP traffic from that interface. This requirement also applies to IPSG with static hosts on a private VLAN host port. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-20 OL-12247-04...
  • Page 575 This example shows how to stop IPSG with static hosts on an interface. Switch(config-if)# no ip verify source Switch(config-if)# no ip device tracking max Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-21 OL-12247-04...
  • Page 576 Switch# show ip device tracking all IP Device Tracking = Enabled IP Device Tracking Probe Count = 3 IP Device Tracking Probe Interval = 30 --------------------------------------------------------------------- Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-22 OL-12247-04...
  • Page 577 This example displays the count of all IP device tracking host entries for all interfaces: Switch# show ip device tracking all count Total IP Device Tracking Host entries: 5 --------------------------------------------------------------------- Interface Maximum Limit Number of Entries --------------------------------------------------------------------- Gi1/0/3 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-23 OL-12247-04...

  • Page 578: Configuring Ip Source Guard For Static Hosts On A Private Vlan Host Port

    Verify the configuration. Step 18 show ip verify source interface interface-id Verify the IP source guard configuration. Display IPSG permit ACLs for static hosts. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-24 OL-12247-04...

  • Page 579: Displaying Ip Source Guard Information

    The output shows that the five valid IP-MAC bindings are on both the primary and secondary VLAN. Displaying IP Source Guard Information To display the IP source guard information, use one or more of the privileged EXEC commands in Table 22-3: Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-25 OL-12247-04...

  • Page 580: Understanding Dhcp Server Port-Based Address Allocation

    In all cases, by connecting the Ethernet cable to the same port, the same IP address is allocated through DHCP to the attached device. The DHCP server port-based address allocation feature is only supported on a Cisco IOS DHCP server and not a third-party server.

  • Page 581: Enabling Dhcp Server Port-Based Address Allocation

    By entering this command, users can configure a group of switches with DHCP pools that share a common IP subnet and that ignore requests from clients of other switches. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-27 OL-12247-04...
  • Page 582 10.1.1.1 10.1.1.3 ip dhcp pool dhcppool Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-28 OL-12247-04...

  • Page 583: Displaying Dhcp Server Port-Based Address Allocation

    For more information about configuring the DHCP server port-based address allocation feature, go to Cisco.com, and enter Cisco IOS IP Addressing Services in the Search field to locate the Cisco IOS software documentation. You can also locate the documentation at this URL: http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_book.html...
  • Page 584 Chapter 22 Configuring DHCP Features and IP Source Guard Displaying DHCP Server Port-Based Address Allocation Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-30 OL-12247-04...

  • Page 585: Understanding Dynamic Arp Inspection

    ARP caches of systems connected to the subnet and by intercepting traffic intended for other hosts on the subnet. Figure 23-1 shows an example of ARP cache poisoning. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-1 OL-12247-04...

  • Page 586: C H A P T E R 23 Configuring Dynamic Arp Inspection

    “Configuring ARP ACLs for Non-DHCP Environments” section on page 23-8. The switch logs dropped packets. For more information about the log buffer, see the “Logging of Dropped Packets” section on page 23-5. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-2 OL-12247-04...

  • Page 587: Interface Trust States And Network Security

    Switch B (and Host 2, if the link between the switches is configured as trusted). This condition can occur even though Switch B is running dynamic ARP inspection. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-3...

  • Page 588: Rate Limiting Of Arp Packets

    The switch first compares ARP packets to user-configured ARP ACLs. If the ARP ACL denies the ARP packet, the switch also denies the packet even if a valid binding exists in the database populated by DHCP snooping. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-4 OL-12247-04...

  • Page 589: Logging Of Dropped Packets

    The rate is unlimited on all trusted interfaces. The burst interval is 1 second. ARP ACLs for non-DHCP environments No ARP ACLs are defined. Validation checks No checks are performed. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-5 OL-12247-04...

  • Page 590: Dynamic Arp Inspection Configuration Guidelines

    EtherChannel ports is equal to the sum of the incoming rate of packets from all the channel members. Configure the rate limit for EtherChannel ports only after examining the rate of incoming ARP packets on the channel-port members. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-6 OL-12247-04...

  • Page 591: Configuring Dynamic Arp Inspection In Dhcp Environments

    VLANs separated by a comma. The range is 1 to 4094. Specify the same VLAN ID for both switches. Step 4 interface interface-id Specify the interface connected to the other switch, and enter interface configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-7 OL-12247-04...

  • Page 592: Configuring Arp Acls For Non-Dhcp Environments

    VLAN 1. If the IP address of Host 2 is not static (it is impossible to apply the ACL configuration on Switch A) you must separate Switch A from Switch B at Layer 3 and use a router to route packets between them. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-8 OL-12247-04...
  • Page 593 Step 6 interface interface-id Specify the Switch A interface that is connected to Switch B, and enter interface configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-9 OL-12247-04...

  • Page 594: Limiting The Rate Of Incoming Arp Packets

    If you enter the no ip arp inspection limit interface configuration command, the interface reverts to its default rate limit. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-10...

  • Page 595: Performing Validation Checks

    You can configure the switch to perform additional checks on the destination MAC address, the sender and target IP addresses, and the source MAC address. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-11 OL-12247-04...

  • Page 596: Configuring The Log Buffer

    VLAN with the same ARP parameters, the switch combines the packets as one entry in the log buffer and generates a single system message for the entry. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-12...
  • Page 597 Y, X divided by Y (X/Y) system messages are sent every second. Otherwise, one system message is sent every Y divided by X (Y/X) seconds. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-13 OL-12247-04...

  • Page 598: Displaying Dynamic Arp Inspection Information

    ARP inspection for the specified VLAN. If no VLANs are specified or if a range is specified, displays information only for VLANs with dynamic ARP inspection enabled (active). Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-14 OL-12247-04...
  • Page 599 Displays the configuration and contents of the dynamic ARP inspection log buffer. For more information about these commands, see the command reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-15 OL-12247-04...
  • Page 600 Chapter 23 Configuring Dynamic ARP Inspection Displaying Dynamic ARP Inspection Information Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-16 OL-12247-04...
  • Page 601 For complete syntax and usage information for the commands used in this chapter, see the switch command reference for this release and the “IP Multicast Routing Commands” section in the Cisco IOS IP Command Reference, Volume 3 of 3:Multicast, Release 12.2.

  • Page 602: Chapter 24 Configuring Igmp Snooping And Mvr

    • Immediate Leave, page 24-6 • IGMP Configurable-Leave Timer, page 24-6 • IGMP Report Suppression, page 24-6 • IGMP Snooping and Switch Stacks, page 24-7 • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-2 OL-12247-04...

  • Page 603: Igmp Versions

    VLAN. IGMP Version 1 or Version 2 blade servers wanting to join the multicast group respond by sending a join message to the switch. The switch CPU creates a multicast forwarding-table entry for Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-3...
  • Page 604 The information in the table tells the switching engine to send frames addressed to the 224.1.2.3 multicast IP address that are not IGMP packets to the router and to the host that has joined the group. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-4...

  • Page 605: Leaving A Multicast Group

    If the router receives no reports from a VLAN, it removes the group for the VLAN from its IGMP cache. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-5...

  • Page 606: Immediate Leave

    If you disable IGMP report suppression, all IGMP reports are forwarded to the multicast routers. For configuration steps, see the “Disabling IGMP Report Suppression” section on page 24-16. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-6 OL-12247-04...

  • Page 607: Igmp Snooping And Switch Stacks

    Multicast routers None configured Multicast router learning (snooping) method PIM-DVMRP IGMP snooping Immediate Leave Disabled Static groups None configured flood query count TCN query solicitation Disabled Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-7 OL-12247-04...

  • Page 608: Enabling Or Disabling Igmp Snooping

    (Optional) Save your entries in the configuration file. To disable IGMP snooping on a VLAN interface, use the no ip igmp snooping vlan vlan-id global configuration command for the specified VLAN number. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-8 OL-12247-04...

  • Page 609: Setting The Snooping Method

    This example shows how to configure IGMP snooping to use CGMP packets as the learning method: Switch# configure terminal Switch(config)# ip igmp snooping vlan 1 mrouter learn cgmp Switch(config)# end Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-9 OL-12247-04...

  • Page 610: Configuring A Multicast Router Port

    Blade servers that are connected to Layer 2 ports normally join multicast groups dynamically. You can also statically configure a Layer 2 port, to which a blade server is connected, so that the port joins a multicast group. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-10 OL-12247-04...

  • Page 611: Enabling Igmp Immediate Leave

    Verify that Immediate Leave is enabled on the VLAN interface. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-11 OL-12247-04...

  • Page 612: Configuring The Igmp Leave Timer

    Controlling the Multicast Flooding Time After a TCN Event, page 24-13 • Recovering from Flood Mode, page 24-13 • Disabling Multicast Flooding During a TCN Event, page 24-14 • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-12 OL-12247-04...

  • Page 613: Controlling The Multicast Flooding Time After A Tcn Event

    Return to privileged EXEC mode. Step 4 show ip igmp snooping Verify the TCN settings. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-13 OL-12247-04...

  • Page 614: Disabling Multicast Flooding During A Tcn Event

    • When administratively enabled, the IGMP snooping querier moves to the nonquerier state if it • detects the presence of a multicast router in the network. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-14 OL-12247-04...
  • Page 615 This example shows how to set the IGMP snooping querier timeout to 60 seconds: Switch# configure terminal Switch(config)# ip igmp snooping querier timeout expiry 60 Switch(config)# end Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-15 OL-12247-04...

  • Page 616: Disabling Igmp Report Suppression

    You can display IGMP snooping information for dynamically learned and statically configured router ports and VLAN interfaces. You can also display MAC address multicast entries for a VLAN configured for IGMP snooping. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-16 OL-12247-04...
  • Page 617 IGMP snooping querier in the VLAN. For more information about the keywords and options in these commands, see the command reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-17 OL-12247-04...

  • Page 618: Understanding Multicast Vlan Registration

    DHCP assigns an IP address to the server. When a subscriber on the server selects a channel, the server sends an IGMP report to the blade Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-18...
  • Page 619 VLAN trunk once—only on the multicast VLAN. The IGMP leave and join messages are in the VLAN to which the subscriber port is assigned. These messages Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-19...

  • Page 620: Configuring Mvr

    Catalyst 3550 or Catalyst 3500 XL switches, you should not configure IP addresses that alias between themselves or with the reserved IP multicast addresses (in the range 224.0.0.xxx). Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-20...

  • Page 621: Configuring Mvr Global Parameters

    Catalyst 3500 XL and Catalyst 2900 XL switches and does not support IGMP dynamic joins on source ports. The default is compatible mode. Step 7 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-21 OL-12247-04...

  • Page 622: Configuring Mvr Interfaces

    IGMP leave and join messages. Receiver ports cannot belong to the multicast VLAN. The default configuration is as a non-MVR port. If you attempt to configure a non-MVR port with MVR characteristics, the operation fails. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-22 OL-12247-04...
  • Page 623 Switch(config-if)# mvr vlan 22 group 228.1.23.4 Switch(config-if)# mvr immediate Switch(config)# end Switch# show mvr interface Port Type Status Immediate Leave ---- ---- ------- --------------- Gi1/0/2 RECEIVER ACTIVE/DOWN ENABLED Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-23 OL-12247-04...

  • Page 624: Displaying Mvr Information

    IP multicast traffic. The filtering feature operates in the same manner whether CGMP or MVR is used to forward the multicast traffic. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-24...

  • Page 625: Default Igmp Filtering And Throttling Configuration

    Specifies that matching addresses are denied; this is the default. exit: Exits from igmp-profile configuration mode. • no: Negates a command or returns to its defaults. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-25 OL-12247-04...
  • Page 626 Switch(config)# ip igmp profile 4 Switch(config-igmp-profile)# permit Switch(config-igmp-profile)# range 229.9.9.0 Switch(config-igmp-profile)# end Switch# show ip igmp profile 4 IGMP Profile 4 permit range 229.9.9.0 229.9.9.0 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-26 OL-12247-04...

  • Page 627: Applying Igmp Profiles

    Specify the interface to be configured, and enter interface configuration mode. The interface can be a Layer 2 port that does not belong to an EtherChannel group or a EtherChannel interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-27 OL-12247-04...

  • Page 628: Configuring The Igmp Throttling Action

    IGMP report. To prevent the switch from removing the forwarding-table entries, you can configure the IGMP throttling action before an interface adds entries to the forwarding table. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-28 OL-12247-04...

  • Page 629: Displaying Igmp Filtering And Throttling Configuration

    (if configured) the maximum number of IGMP groups to which an interface can belong and the IGMP profile applied to the interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-29 OL-12247-04...
  • Page 630 Chapter 24 Configuring IGMP Snooping and MVR Displaying IGMP Filtering and Throttling Configuration Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-30 OL-12247-04...

  • Page 631: Understanding Mld Snooping

    For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release or the Cisco IOS documentation referenced in the procedures. This chapter includes these sections: “Understanding MLD Snooping” section on page 25-1 •...

  • Page 632: Chapter 25 Configuring Ipv6 Mld Snooping

    Listener Queries are the equivalent of IGMPv2 queries and are either General Queries or Multicast-Address-Specific Queries (MASQs). Multicast Listener Reports are the equivalent of IGMPv2 reports • Multicast Listener Done messages are the equivalent of IGMPv2 leave messages. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-2 OL-12247-04...

  • Page 633: Mld Queries

    If there are multiple routers on the same Layer 2 interface, MLD snooping tracks a single multicast • router on the port (the router that most recently sent a router control packet). Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-3 OL-12247-04...

  • Page 634: Mld Reports

    MASQ was sent is deleted from the IPv6 multicast address database. The maximum response time is the time configured by using the ipv6 mld snooping Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-4...

  • Page 635: Topology Change Notification Processing

    Configuring MLD Snooping Queries, page 25-10 • Disabling MLD Listener Message Suppression, page 25-11 • Default MLD Snooping Configuration Table 25-1 shows the default MLD snooping configuration. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-5 OL-12247-04...

  • Page 636: Mld Snooping Configuration Guidelines

    The maximum number of multicast entries allowed on the switch or switch stack is determined by • the configured SDM template. The maximum number of address entries allowed for the switch or switch stack is 1000. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-6 OL-12247-04...

  • Page 637: Enabling Or Disabling Mld Snooping

    (Optional) Save your entries in the configuration file. To disable MLD snooping on a VLAN interface, use the no ipv6 mld snooping vlan vlan-id global configuration command for the specified VLAN number. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-7 OL-12247-04...

  • Page 638: Configuring A Static Multicast Group

    Static connections to multicast routers are supported only on switch ports. Note Beginning in privileged EXEC mode, follow these steps to add a multicast router port to a VLAN: Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-8 OL-12247-04...

  • Page 639: Enabling Mld Immediate Leave

    This example shows how to enable MLD Immediate Leave on VLAN 130: Switch# configure terminal Switch(config)# ipv6 mld snooping vlan 130 immediate-leave Switch(config)# exit Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-9 OL-12247-04...

  • Page 640: Configuring Mld Snooping Queries

    (Optional) Verify that the MLD snooping querier information for the vlan-id] switch or for the VLAN. Step 12 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-10 OL-12247-04...

  • Page 641: Disabling Mld Listener Message Suppression

    VLAN interfaces. You can also display MAC address multicast entries for a VLAN configured for MLD snooping. To display MLD snooping information, use one or more of the privileged EXEC commands in Table 25-2. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-11 OL-12247-04...
  • Page 642 VLAN. show ipv6 mld snooping multicast-address vlan Display MLD snooping for the specified VLAN and IPv6 multicast vlan-id [ipv6-multicast-address] address. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-12 OL-12247-04...

  • Page 643: Configuring Storm Control

    The switch counts the number of packets of a specified type received within the 1-second time interval and compares the measurement with a predefined suppression-level threshold. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-1 OL-12247-04...
  • Page 644 Traffic rate in packets per second and for small frames. This feature is enabled globally. The • threshold for small frames is configured for each interface. (Cisco IOS Release 12.2(44)SE or later) With each method, the port blocks traffic when the rising threshold is reached. The port remains blocked until the traffic rate drops below the falling threshold (if one is specified) and then resumes normal forwarding.

  • Page 645: C H A P T E R 26 Configuring Port-Based Traffic Control

    Beginning in privileged EXEC mode, follow these steps to storm control and threshold levels: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the interface to be configured, and enter interface configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-3 OL-12247-04...
  • Page 646 Select the shutdown keyword to error-disable the port during a storm. Select the trap keyword to generate an SNMP trap when a • storm is detected. Step 5 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-4 OL-12247-04...

  • Page 647: Configuring Small-Frame Arrival Rate

    Incoming VLAN-tagged packets smaller than 67 bytes are considered small frames. They are forwarded by the switch, but they do not cause the switch storm-control counters to increment. In Cisco IOS Release 12.2(44)SE and later, you can configure a port to be error disabled if small frames arrive at a specified rate (threshold).

  • Page 648: Configuring Protected Ports

    Protected Port Configuration Guidelines, page 26-7 Configuring a Protected Port, page 26-7 • Default Protected Port Configuration The default is to have no protected ports defined. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-6 OL-12247-04...

  • Page 649: Protected Port Configuration Guidelines

    IPv4 or IPv6 information in the header are not blocked. These sections contain this configuration information: Default Port Blocking Configuration, page 26-8 • Blocking Flooded Traffic on an Interface, page 26-8 • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-7 OL-12247-04...

  • Page 650: Default Port Blocking Configuration

    If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the workstation attached to that port is assured the full bandwidth of the port. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-8...

  • Page 651: Understanding Port Security

    MAC addresses, including those that were dynamically learned before sticky learning was enabled, to sticky secure MAC addresses. All sticky secure MAC addresses are added to the running configuration. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-9 OL-12247-04...

  • Page 652: Security Violations

    In this mode, the VLAN is error • disabled instead of the entire port when a violation occurs Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-10 OL-12247-04...

  • Page 653: Default Port Security Configuration

    A secure port cannot belong to a Gigabit EtherChannel port group. • Note Voice VLAN is only supported on access ports and not on trunk ports, even though the configuration is allowed. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-11 OL-12247-04...
  • Page 654 IP phone requires one MAC address. The Cisco IP phone address is learned on the voice VLAN, but is not learned on the access VLAN. If you connect a single PC to the Cisco IP phone, no additional MAC addresses are required. If you connect more than one PC to the Cisco IP phone, you must configure enough secure addresses to allow one for each PC and one for the phone.

  • Page 655: Enabling And Configuring Port Security

    VLAN. If an interface is configured for voice VLAN, configure a maximum of two secure MAC addresses. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-13 OL-12247-04...
  • Page 656 You can manually re-enable it by entering the shutdown and no shutdown interface configuration commands or by using the clear errdisable interface vlan privileged EXEC command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-14 OL-12247-04...
  • Page 657 Step 11 Return to privileged EXEC mode. Step 12 show port-security Verify your entries. Step 13 copy running-config (Optional) Save your entries in the configuration file. startup-config Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-15 OL-12247-04...
  • Page 658 Switch(config-if)# switchport voice vlan 22 Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security maximum 20 Switch(config-if)# switchport port-security violation restrict Switch(config-if)# switchport port-security mac-address sticky Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0002 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-16 OL-12247-04...

  • Page 659: Enabling And Configuring Port Security Aging

    Return to privileged EXEC mode. Step 5 show port-security [interface interface-id] Verify your entries. [address] Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-17 OL-12247-04...

  • Page 660: Port Security And Switch Stacks

    Return to privileged EXEC mode. Step 6 show port-security [interface interface-id] Verify your entries. [address] Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-18 OL-12247-04...

  • Page 661: Displaying Port-Based Traffic Control Settings

    Displays the number of secure MAC addresses configured per VLAN on the specified interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-19 OL-12247-04...
  • Page 662 Chapter 26 Configuring Port-Based Traffic Control Displaying Port-Based Traffic Control Settings Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-20 OL-12247-04...

  • Page 663: Understanding Cdp

    • Understanding CDP CDP is a device discovery protocol that runs over Layer 2 (the data link layer) on all Cisco-manufactured devices (routers, bridges, access servers, and switches) and allows network management applications to discover Cisco devices that are neighbors of already known devices. With CDP, network management applications can learn the device type and the Simple Network Management Protocol (SNMP) agent address of neighboring devices running lower-layer, transparent protocols.

  • Page 664: Cdp And Switch Stacks

    Step 2 cdp timer seconds (Optional) Set the transmission frequency of CDP updates in seconds. The range is 5 to 254; the default is 60 seconds. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 27-2 OL-12247-04...

  • Page 665: Chapter 27 Configuring Cdp

    Step 3 Return to privileged EXEC mode. This example shows how to enable CDP if it has been disabled. Switch# configure terminal Switch(config)# cdp run Switch(config)# end Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 27-3 OL-12247-04...

  • Page 666: Disabling And Enabling Cdp On An Interface

    This example shows how to enable CDP on a port when it has been disabled. Switch# configure terminal Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# cdp enable Switch(config-if)# end Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 27-4 OL-12247-04...

  • Page 667: Monitoring And Maintaining Cdp

    You can limit the display to neighbors of a specific interface or expand the display to provide more detailed information. show cdp traffic Display CDP counters, including the number of packets sent and received and checksum errors. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 27-5 OL-12247-04...
  • Page 668 Chapter 27 Configuring CDP Monitoring and Maintaining CDP Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 27-6 OL-12247-04...

  • Page 669: Understanding Udld

    A unidirectional link occurs whenever traffic sent by a local device is received by its neighbor but traffic from the neighbor is not received by the local device. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 28-1...

  • Page 670: Chapter 28 Configuring Udld

    Because this behavior is the same on all UDLD neighbors, the sender of the echoes expects to receive an echo in reply. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 28-2 OL-12247-04...

  • Page 671: Configuring Udld

    Configuration Guidelines, page 28-4 • • Enabling UDLD Globally, page 28-5 • Enabling UDLD on an Interface, page 28-6 • Resetting an Interface Disabled by UDLD, page 28-6 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 28-3 OL-12247-04...

  • Page 672: Default Udld Configuration

    Loop guard works only on point-to-point links. We recommend that each end of the link has a directly Caution connected device that is running STP. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 28-4 OL-12247-04...

  • Page 673: Enabling Udld Globally

    To disable UDLD globally, use the no udld enable global configuration command to disable normal mode UDLD on all fiber-optic ports. Use the no udld aggressive global configuration command to disable aggressive mode UDLD on all fiber-optic ports. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 28-5 OL-12247-04...

  • Page 674: Enabling Udld On An Interface

    UDLD error-disabled state, and the errdisable recovery interval interval global configuration command specifies the time to recover from the UDLD error-disabled state. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 28-6 OL-12247-04...

  • Page 675: Displaying Udld Status

    To display the UDLD status for the specified port or for all ports, use the show udld [interface-id] privileged EXEC command. For detailed information about the fields in the command output, see the command reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 28-7 OL-12247-04...
  • Page 676 Chapter 28 Configuring UDLD Displaying UDLD Status Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 28-8 OL-12247-04...
  • Page 677 Understanding LLDP, LLDP-MED, and Wired Location Service LLDP The Cisco Discovery Protocol (CDP) is a device discovery protocol that runs over Layer 2 (the data link layer) on all Cisco-manufactured devices (routers, bridges, access servers, and switches). CDP allows network management applications to automatically discover and learn about other Cisco devices connected to the network.

  • Page 678: C H A P T E R 29 Configuring Lldp, Lldp-Med, And Wired Location Service

    Allows an endpoint to send detailed inventory information about itself to the switch, including information hardware revision, firmware version, software version, serial number, manufacturer name, model name, and asset ID TLV. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 29-2 OL-12247-04...

  • Page 679: Lldp-Med

    The switch uses the wired location service feature to send location and attachment tracking information for its connected devices to a Cisco Mobility Services Engine (MSE). The tracked device can be a wireless endpoint, a wired endpoint, or a wired switch or controller. The switch notifies the MSE of device link up and link down events through the Network Mobility Services Protocol (NMSP) location and attachment notifications.

  • Page 680: Wired Location Service

    LLDP transmit Disabled LLDP med-tlv-select Disabled to send all LLDP-MED TLVs Configuration Guidelines If the interface is configured as a tunnel port, LLDP is automatically disabled. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 29-4 OL-12247-04...

  • Page 681: Configuring Lldp, Lldp-Med, And Wired Location Service

    You can configure the frequency of LLDP updates, the amount of time to hold the information before discarding it, and the initialization delay time. You can also select the LLDP and LLDP-MED TLVs to send and receive. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 29-5 OL-12247-04...
  • Page 682 By default, the switch only sends LLDP packets until it receives LLDP-MED packets from the end device. It then sends LLDP packets with MED TLVs, as well. When the LLDP-MED entry has been aged out, it again only sends LLDP packets. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 29-6 OL-12247-04...
  • Page 683 Enter global configuration mode. Step 2 network-policy profile profile number Specify the network-policy profile number, and enter network-policy configuration mode. The range is 1 to 4294967295. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 29-7 OL-12247-04...
  • Page 684 This example shows how to configure the voice application type for the native VLAN with priority tagging: Switch(config-network-policy)# voice vlan dot1p cos 4 Switch(config-network-policy)# voice vlan dot1p dscp 34 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 29-8 OL-12247-04...

  • Page 685: Configuring Location Tlv And Wired Location Service

    Switch(config-civic)# primary-road-name "Cisco Way" Switch(config-civic)# city "San Jose" Switch(config-civic)# state CA Switch(config-civic)# building 19 Switch(config-civic)# room C6 Switch(config-civic)# county "Santa Clara" Switch(config-civic)# country US Switch(config-civic)# end Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 29-9 OL-12247-04...
  • Page 686 You can enter an asterisk (*) to display all neighbors, or you can enter the neighbor name. show lldp interface [interface-id] Display information about interfaces with LLDP enabled. You can limit the display to a specific interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 29-10 OL-12247-04...

  • Page 687: Monitoring And Maintaining Lldp, Lldp-Med, And Wired Location Service

    TLVs. show location Display the location information for an endpoint. show network-policy profile Display the configured network-policy profiles. show nmsp Display the NMSP information. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 29-11 OL-12247-04...
  • Page 688 Chapter 29 Configuring LLDP, LLDP-MED, and Wired Location Service Monitoring and Maintaining LLDP, LLDP-MED, and Wired Location Service Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 29-12 OL-12247-04...

  • Page 689: Understanding Span And Rspan

    You can use the SPAN or RSPAN destination port to inject traffic from a network security device. For example, if you connect a Cisco Intrusion Detection System (IDS) sensor appliance to a destination port, the IDS device can send TCP reset packets to close down the TCP session of a suspected attacker.

  • Page 690: Chapter 30 Configuring Span And Rspan

    Network analyzer Figure 30-2 is an example of a local SPAN in a switch stack, where the source and destination ports reside on different stack members. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-2 OL-12247-04...

  • Page 691: Remote Span

    RSPAN source switch must have either ports or VLANs as RSPAN sources. The destination is always a physical port, as shown on Switch C in the figure. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-3...

  • Page 692: Span And Rspan Concepts And Terminology

    RSPAN VLAN. The destination session collects all RSPAN VLAN traffic and sends it out the RSPAN destination port. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-4 OL-12247-04...

  • Page 693: Monitored Traffic

    SPAN session. Packets that are modified because of routing or quality of service (QoS)—for example, modified Differentiated Services Code Point (DSCP)—are copied before modification. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-5 OL-12247-04...

  • Page 694: Source Ports

    The default configuration for local SPAN session ports is to send all packets untagged. SPAN also does not normally monitor bridge protocol data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol (PAgP).

  • Page 695: Source Vlans

    • allowed on other ports. VLAN filtering affects only traffic forwarded to the destination SPAN port and does not affect the • switching of normal traffic. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-7 OL-12247-04...

  • Page 696: Destination Port

    For RSPAN, the original VLAN ID is lost because it is overwritten by the RSPAN VLAN • identification. Therefore, all packets appear on the destination port as untagged. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-8 OL-12247-04...

  • Page 697: Rspan Vlan

    If a physical port is added to a monitored EtherChannel group, the new port is added to the SPAN source port list. If a port is removed from a monitored EtherChannel group, it is automatically removed from the source port list. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-9 OL-12247-04...

  • Page 698: Span And Rspan And Switch Stacks

    VLAN, and router ACLs do not have any effect on the traffic monitoring. If a security input ACL denies a packet and it is not forwarded, the packet is still copied to the SPAN destination ports if the FSPAN Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-10...

  • Page 699: Configuring Span And Rspan

    Table 30-1 Default SPAN and RSPAN Configuration Feature Default Setting SPAN state (SPAN and RSPAN) Disabled. Source port traffic to monitor Both received and sent traffic (both). Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-11 OL-12247-04...

  • Page 700: Configuration Guidelines

    VLANs specified with this keyword is monitored. By default, all VLANs are monitored on a trunk port. You cannot mix source VLANs and filter VLANs within a single SPAN session. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-12 OL-12247-04...

  • Page 701: Creating A Local Span Session

    • tx—Monitor sent traffic. • You can use the monitor session session_number source Note command multiple times to configure multiple source ports. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-13 OL-12247-04...
  • Page 702 Switch(config)# no monitor session 1 source interface gigabitethernet1/0/1 rx The monitoring of traffic received on port 1 is disabled, but traffic sent from this port continues to be monitored. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-14 OL-12247-04...

  • Page 703: Creating A Local Span Session And Configuring Incoming Traffic

    ISL encapsulation. • untagged vlan vlan-id or vlan vlan-id—Accept incoming • packets with untagged encapsulation type with the specified VLAN as the default VLAN. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-15 OL-12247-04...

  • Page 704: Specifying Vlans To Filter

    (Optional) Use a comma (,) to specify a series of VLANs, or use a hyphen (-) to specify a range of VLANs. Enter a space before and after the comma; enter a space before and after the hyphen. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-16 OL-12247-04...

  • Page 705: Configuring Rspan

    As RSPAN VLANs have special properties, you should reserve a few VLANs across your network for use as RSPAN VLANs; do not assign access ports to these VLANs. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-17...

  • Page 706: Configuring A Vlan As An Rspan Vlan

    Configure the VLAN as an RSPAN VLAN. Step 4 Return to privileged EXEC mode. Step 5 copy running-config startup-config (Optional) Save the configuration in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-18 OL-12247-04...

  • Page 707: Creating An Rspan Source Session

    For session_number, enter the number defined in Step 3. For vlan-id, specify the source RSPAN VLAN to monitor. Step 5 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-19 OL-12247-04...

  • Page 708: Specifying Vlans To Filter

    (Optional) Use a comma (,) to specify a series of VLANs or use a hyphen (-) to specify a range of VLANs. Enter a space before and after the comma; enter a space before and after the hyphen. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-20 OL-12247-04...

  • Page 709: Creating An Rspan Destination Session

    For session_number, the range is 1 to 66. Specify all to remove all RSPAN sessions, local to remove all local sessions, or remote to remove all remote SPAN sessions. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-21 OL-12247-04...

  • Page 710: Creating An Rspan Destination Session And Configuring Incoming Traffic

    RSPAN VLAN and the destination port, and to enable incoming traffic on the destination port for a network security device (such as a Cisco IDS Sensor Appliance). For details about the keywords not related to incoming traffic, see the “Creating an RSPAN Destination...
  • Page 711 VLAN 6 as the default receiving VLAN. Switch(config)# monitor session 2 source remote vlan 901 Switch(config)# monitor session 2 destination interface gigabitethernet1/0/2 ingress vlan 6 Switch(config)# end Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-23 OL-12247-04...

  • Page 712: Configuring Fspan And Frspan

    FSPAN ACL when running an IPv6 enabled SDM template, but later configure a non-IPv6 SDM template and reboot the switch, you lose the IPv6 FSPAN ACL configuration. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-24...

  • Page 713: Configuring An Fspan Session

    • rx—Monitor received traffic. • tx—Monitor sent traffic. You can use the monitor session session_number source Note command multiple times to configure multiple source ports. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-25 OL-12247-04...

  • Page 714: Configuring An Frspan Session

    For session_number, the range is 1 to 66. Specify all to remove all RSPAN sessions, local to remove all local sessions, or remote to remove all remote SPAN sessions. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-26 OL-12247-04...
  • Page 715 Return to privileged EXEC mode. Step 10 show monitor [session session_number] Verify the configuration. show running-config Step 11 copy running-config startup-config (Optional) Save the configuration in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-27 OL-12247-04...

  • Page 716: Displaying Span And Rspan Status

    To display the current SPAN or RSPAN configuration, use the show monitor user EXEC command. You can also use the show running-config privileged EXEC command to display configured SPAN or RSPAN sessions. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-28 OL-12247-04...

  • Page 717: Understanding Rmon

    For complete syntax and usage information for the commands used in this chapter, see the “System Note Management Commands” section in the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References. This chapter consists of these sections: •...

  • Page 718: Chapter 31 Configuring Rmon

    64-bit counters are not supported for RMON alarms. Configuring RMON These sections contain this configuration information: • Default RMON Configuration, page 31-3 Configuring RMON Alarms and Events, page 31-3 (required) • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 31-2 OL-12247-04...

  • Page 719: Default Rmon Configuration

    (Optional) For event-number, specify the event number to trigger when the rising or falling threshold exceeds its limit. (Optional) For owner string, specify the owner • of the alarm. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 31-3 OL-12247-04...
  • Page 720 This example also generates an SNMP trap when the event is triggered. Switch(config)# rmon event 1 log trap eventtrap description "High ifOutErrors" owner jjones Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 31-4 OL-12247-04...

  • Page 721: Collecting Group History Statistics On An Interface

    Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the interface on which to collect statistics, and enter interface configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 31-5 OL-12247-04...

  • Page 722: Displaying Rmon Status

    For information about the fields in these displays, see the “System Management Commands” section in the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References.

  • Page 723: Understanding System Message Logging

    This chapter describes how to configure system message logging on the switch. Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Note Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under...

  • Page 724: Configuring System Message Logging

    The part of the message preceding the percent sign depends on the setting of the service sequence-numbers, service timestamps log datetime, service timestamps log datetime [localtime] [msec] [show-timezone], or service timestamps log uptime global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 32-2 OL-12247-04...

  • Page 725: C H A P T E R 32 Configuring System Message Logging

    00:00:47: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to up 00:00:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down 00:00:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down 2 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 32-3 OL-12247-04...

  • Page 726: Default System Message Logging Configuration

    Return to privileged EXEC mode. Step 4 show running-config Verify your entries. show logging Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 32-4 OL-12247-04...

  • Page 727: Setting The Message Display Destination Device

    To build a list of syslog servers that receive logging messages, enter this command more than once. For complete syslog server configuration steps, see the “Configuring UNIX Syslog Servers” section on page 32-12. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 32-5 OL-12247-04...

  • Page 728: Synchronizing Log Messages

    Therefore, unsolicited messages and debug command output are not interspersed with solicited device output and prompts. After the unsolicited messages appear, the console again displays the user prompt. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 32-6 OL-12247-04...
  • Page 729 (Optional) Save your entries in the configuration file. To disable synchronization of unsolicited messages and debug output, use the no logging synchronous [level severity-level | all] [limit number-of-buffers] line configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 32-7 OL-12247-04...

  • Page 730: Enabling And Disabling Time Stamps On Log Messages

    This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 service sequence-numbers Enable sequence numbers. Step 3 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 32-8 OL-12247-04...

  • Page 731: Defining The Message Severity Level

    To disable logging to syslog servers, use the no logging trap global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 32-9...

  • Page 732: Limiting Syslog Messages Sent To The History Table And To Snmp

    By default, one message of the level warning and numerically lower levels (see Table 32-3 on page 32-10) are stored in the history table even if syslog traps are not enabled. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 32-10 OL-12247-04...

  • Page 733: Enabling The Configuration-Change Logger

    [end-number] | statistics} [provisioning] privileged EXEC command to display the complete configuration log or the log for specified parameters. The default is that configuration logging is disabled. For information about the commands, see the Cisco IOS Configuration Fundamentals and Network Management Command Reference, Release 12.3 T at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_command_reference_chapter0918 6a00801a8086.html#wp1114989...

  • Page 734: Configuring Unix Syslog Servers

    | exit Configuring UNIX Syslog Servers The next sections describe how to configure the UNIX server syslog daemon and how to define the UNIX system logging facility. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 32-12 OL-12247-04...

  • Page 735: Logging Messages To A Unix Syslog Daemon

    Limit messages logged to the syslog servers. Be default, syslog servers receive informational messages and lower. See Table 32-3 on page 32-10 for level keywords. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 32-13 OL-12247-04...

  • Page 736: Displaying The Logging Configuration

    To display the logging configuration and the contents of the log buffer, use the show logging privileged EXEC command. For information about the fields in this display, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12. 12.2 from the Cisco.com page under Documentation >...

  • Page 737: Understanding Snmp

    Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release and the Cisco IOS Network Management Command Reference, Release 12.4 from the Cisco.com page at this URL: http://www.cisco.com/en/US/docs/ios/netmgmt/command/reference/nm_book.html...

  • Page 738: Chapter 33 Configuring Snmp

    A combination of the security level and the security model determine which security mechanism is used when handling an SNMP packet. Available security models are SNMPv1, SNMPv2C, and SNMPv3. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-2 OL-12247-04...

  • Page 739: Snmp Manager Functions

    1. With this operation, an SNMP manager does not need to know the exact variable name. A sequential search is performed to find the needed variable from within a table. 2. The get-bulk command only works with SNMPv2 or later. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-3 OL-12247-04...

  • Page 740: Snmp Agent Functions

    Get-request, Get-next-request, Network device Get-bulk, Set-request Get-response, traps SNMP Agent SNMP Manager For information on supported MIBs and how to access them, see Appendix A, “Supported MIBs.” Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-4 OL-12247-04...

  • Page 741: Snmp Notifications

    10000–14500 Null 14501 1. SVI = switch virtual interface 2. SFP = small form-factor pluggable The switch might not use sequential values within a range. Note Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-5 OL-12247-04...

  • Page 742: Configuring Snmp

    SNMP group. An SNMP host is the recipient of an SNMP trap operation. An SNMP engine ID is a name for the local or remote SNMP engine. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-6...

  • Page 743: Disabling The Snmp Agent

    The no snmp-server global configuration command disables all running versions (Version 1, Version 2C, and Version 3) on the device. No specific Cisco IOS command exists to enable SNMP. The first snmp-server global configuration command that you enter enables all versions of SNMP.

  • Page 744: Configuring Community Strings

    Recall that the access list is always terminated by an implicit deny statement for everything. Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-8 OL-12247-04...

  • Page 745: Configuring Snmp Groups And Users

    If you select remote, specify the ip-address of the device that • contains the remote copy of SNMP and the optional User Datagram Protocol (UDP) port on the remote device. The default is 162. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-9 OL-12247-04...
  • Page 746 • (Optional) Enter access access-list with a string (not to exceed 64 characters) that is the name of the access list. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-10 OL-12247-04...

  • Page 747: Configuring Snmp Notifications

    By default, no trap manager is defined, and no traps are sent. Switches running this Cisco IOS release can have an unlimited number of trap managers. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide...
  • Page 748 Generates a trap for Protocol-Independent Multicast (PIM) changes. You can enable any or all of these traps: invalid PIM messages, neighbor changes, and rendezvous point (RP)-mapping changes. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-12 OL-12247-04...
  • Page 749 Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 snmp-server engineID remote Specify the engine ID for the remote host. ip-address engineid-string Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-13 OL-12247-04...
  • Page 750 Step 8 snmp-server queue-length length (Optional) Establish the message queue length for each trap host. The range is 1 to 1000; the default is 10. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-14 OL-12247-04...

  • Page 751: Setting The Cpu Threshold Notification Types And Values

    This value must be equal to or less than the rising percentage value. If not specified, the falling fall-percentage value is the same as the rising percentage value. Step 3 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-15 OL-12247-04...

  • Page 752: Setting The Agent Contact And Location Information

    SNMP to the servers in the access list. For access-list-number, enter an IP standard access list numbered from 1 to 99 and 1300 to 1999. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-16 OL-12247-04...

  • Page 753: Snmp Examples

    This example shows how to allow read-only access for all objects to members of access list 4 that use the comaccess community string. No other SNMP managers have access to any objects. SNMP Authentication Failure traps are sent by SNMPv2C to the host cisco.com using the community string public.

  • Page 754: Displaying Snmp Status

    Switch(config)# snmp-server enable traps entity Switch(config)# snmp-server host cisco.com restricted entity This example shows how to enable the switch to send all traps to the host myhost.cisco.com using the community string public: Switch(config)# snmp-server enable traps Switch(config)# snmp-server host myhost.cisco.com public...

  • Page 755: Configuring Embedded Event Manager

    For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release and the Cisco IOS Network Management Command Reference. For complete configuration information, see the Cisco IOS Network Management Configuration Guide, Release 12.4T.

  • Page 756: Event Detectors

    The stack member switch does not generate events and does not support memory threshold notifications Note or IOSWdSysmon event detectors. EEM allows these event detectors: Application-specific event detector– Allows any EEM policy to publish an event. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-2 OL-12247-04...

  • Page 757: C H A P T E R 33 Configuring Embedded Event Manager

    Counter event detector–Publishes an event when a named counter crosses a specified threshold. • Interface counter event detector– Publishes an event when a generic Cisco IOS interface counter for • a specified interface crosses a defined threshold. A threshold can be specified as an absolute value or an incremental value.For example, if the incremental value is set to 50 an event would be...

  • Page 758: Embedded Event Manager Actions

    TCL scripts policies continue to work. Cisco enhancements to TCL in the form of keyword extensions facilitate the development of EEM policies. These keywords identify the detected event, the subsequent action, utility information, counter values, and system information.

  • Page 759: Event Detectors

    Cisco built-in variables (available in EEM applets) • Defined by Cisco and can be read-only or read-write. The read-only variables are set by the system before an applet starts to execute. The single read-write variable, _exit_status, allows you to set the exit status for policies triggered from synchronous events.

  • Page 760: Registering And Defining An Embedded Event Manager Tcl Script

    This example shows the sample output for the show event manager environment command: Switch# show event manager environment all Name Value _cron_entry 0-59/2 0-23/1 * * 0-6 _show_cmd show ver _syslog_pattern .*UPDOWN.*Ethernet1/0.* Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-6 OL-12247-04...

  • Page 761: Displaying Embedded Event Manager Information

    Switch(config)# event manager environment_cron_entry 0-59/2 0-23/1 * * 0-6 This example shows the sample EEM policy named tm_cli_cmd.tcl registered as a system policy. The system policies are part of the Cisco IOS image. User-defined TCL scripts must first be copied to flash memory.
  • Page 762 Chapter 33 Configuring Embedded Event Manager Displaying Embedded Event Manager Information Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-8 OL-12247-04...

  • Page 763: Understanding Acls

    “Configuring IP Services” section in the “IP Addressing and Services” chapter of the Cisco IOS IP Configuration Guide, Release 12.2, and the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2.

  • Page 764: C H A P T E R 34 Configuring Network Security With Acls

    ACL is applied are filtered by the port ACL. Incoming routed IP packets received on other ports are filtered by the router ACL. Other packets are not filtered. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-2 OL-12247-04...

  • Page 765: Port Acls

    Blade Server A to access the Human Resources network, but prevent Blade Server B from accessing the same network. Port ACLs can only be applied to Layer 2 interfaces in the inbound direction. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-3 OL-12247-04...

  • Page 766: Router Acls

    Standard IP access lists use source addresses for matching operations. • Extended IP access lists use source and destination addresses and optional protocol type information • for matching operations. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-4 OL-12247-04...

  • Page 767: Vlan Maps

    Permit ACEs that check the Layer 3 information in the fragment (including protocol type, such as TCP, UDP, and so on) are considered to match the fragment regardless of what the missing Layer 4 information might have been. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-5 OL-12247-04...

  • Page 768: Acls And Switch Stacks

    If packets must be forwarded by software for any reason (for example, not enough hardware resources), the master switch forwards the packets only after applying ACLs on the packets. It programs its hardware with the ACL information it processes. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-6 OL-12247-04...

  • Page 769: Configuring Ipv4 Acls

    ACL information to all switches in the stack. Configuring IPv4 ACLs Configuring IP v4ACLs on the switch is the same as configuring IPv4 ACLs on other Cisco switches and routers. The process is briefly described here. For more detailed information on configuring ACLs, see the “Configuring IP Services”...

  • Page 770: Creating Standard And Extended Ipv4 Acls

    48-bit MAC address access list 800–899 IPX standard access list 900–999 IPX extended access list 1000–1099 IPX SAP access list 1100–1199 Extended 48-bit MAC address access list Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-8 OL-12247-04...

  • Page 771: Acl Logging

    IP address of the packet, and the number of packets from that source permitted or denied in the prior 5-minute interval. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-9...

  • Page 772: Creating A Numbered Standard Acl

    Switch (config)# access-list 2 deny host 171.69.198.102 Switch (config)# access-list 2 permit any Switch(config)# end Switch# show access-lists Standard IP access list 2 10 deny 171.69.198.102 20 permit any Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-10 OL-12247-04...

  • Page 773: Creating A Numbered Extended Acl

    For more details on the specific keywords for each protocol, see these command references: • Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2 • Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2 Cisco IOS IP Command Reference, Volume 3 of 3: Multicast, Release 12.2...
  • Page 774 DSCP value specified by a number • from 0 to 63, or use the question mark (?) to see a list of available values. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-12 OL-12247-04...
  • Page 775 TCP port. To see TCP port names, use the ? or see the “Configuring IP Services” section in the “IP Addressing and Services” chapter of the Cisco IOS IP Configuration Guide, Release 12.2. Use only TCP port numbers or names when filtering TCP.
  • Page 776 When you are creating an ACL, remember that, by default, the end of the access list contains an implicit deny statement for all packets if it did not find a match before reaching the end. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-14...

  • Page 777: Resequencing Aces In An Acl

    The ACL must be an extended named ACL. – match input-interface interface-id-list match ip dscp dscp-list – – match ip precedence ip-precedence-list You cannot enter the match access-group acl-index command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-15 OL-12247-04...
  • Page 778 (Optional) Save your entries in the configuration file. To remove a named extended ACL, use the no ip access-list extended name global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-16 OL-12247-04...

  • Page 779: Using Time Ranges With Acls

    Network Time Protocol (NTP) to synchronize the switch clock. For more information, see the “Managing the System Time and Date” section on page 6-1. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-17 OL-12247-04...
  • Page 780 Switch(config)# end Switch# show access-lists Extended IP access list 188 10 deny tcp any any time-range new_year_day_2006 (inactive) 20 permit tcp any any time-range workhours (inactive) Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-18 OL-12247-04...

  • Page 781: Including Comments In Acls

    For procedures for applying ACLs to interfaces, see the “Applying an IPv4 ACL to an Interface” section on page 34-20. For applying ACLs to VLANs, see the “Configuring VLAN Maps” section on page 34-30. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-19 OL-12247-04...

  • Page 782: Applying An Ipv4 Acl To An Interface

    These access-group denied packets are not dropped in hardware but are bridged to the switch CPU so that it can generate the ICMP-unreachable message. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-20...
  • Page 783 When you apply an undefined ACL to an interface, the switch acts as if the ACL has not been applied to the interface and permits all packets. Remember this behavior if you use undefined ACLs for network security. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-21 OL-12247-04...

  • Page 784: Hardware And Software Treatment Of Ip Acls

    Logical operation units are needed for a TCP flag match or a test other than eq (ne, gt, lt, or range) on TCP, UDP, or SCTP port numbers. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-22...

  • Page 785: Ipv4 Acl Configuration Examples

    This section provides examples of configuring and applying IPv4 ACLs. For detailed information about compiling ACLs, see the Cisco IOS Security Configuration Guide, Release 12.2 and to the Configuring IP Services” section in the “IP Addressing and Services” chapter of the Cisco IOS IP Configuration Guide, Release 12.2.
  • Page 786 Switch(config)# access-list 106 permit ip any 172.20.128.64 0.0.0.31 Switch(config)# end Switch# show access-lists Extended IP access list 106 10 permit ip any 172.20.128.64 0.0.0.31 Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# ip access-group 106 in Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-24 OL-12247-04...

  • Page 787: Numbered Acls

    Switch(config)# access-list 102 permit tcp any 128.88.0.0 0.0.255.255 established Switch(config)# access-list 102 permit tcp any host 128.88.1.2 eq 25 Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# ip access-group 102 in Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-25 OL-12247-04...

  • Page 788: Named Acls

    Switch(config-ext-nacl)# deny tcp any any eq www time-range no-http Switch(config-ext-nacl)# permit udp any any time-range udp-yes Switch(config-ext-nacl)# exit Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# ip access-group strict in Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-26 OL-12247-04...

  • Page 789: Commented Ip Acl Entries

    00:00:48: NTP: authentication delay calculation problems <output truncated> 00:09:34:%SEC-6-IPACCESSLOGS:list stan1 permitted 0.0.0.0 1 packet 00:09:59:%SEC-6-IPACCESSLOGS:list stan1 denied 10.1.1.15 1 packet 00:10:11:%SEC-6-IPACCESSLOGS:list stan1 permitted 0.0.0.0 1 packet Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-27 OL-12247-04...

  • Page 790: Creating Named Mac Extended Acls

    Beginning in privileged EXEC mode, follow these steps to create a named MAC extended ACL: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 mac access-list extended name Define an extended MAC access list using a name. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-28 OL-12247-04...

  • Page 791: Applying A Mac Acl To A Layer 2 Interface

    You can apply no more than one IP access list and one MAC access list to the same Layer 2 • interface. The IP access list filters only IP packets, and the MAC access list filters non-IP packets. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-29 OL-12247-04...

  • Page 792: Configuring Vlan Maps

    For complete syntax and usage information for the commands used in this section, see the command reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-30 OL-12247-04...

  • Page 793: Vlan Map Configuration Guidelines

    You can configure VLAN maps on primary and secondary VLANs. However, we recommend that • you configure the same VLAN maps on private-VLAN primary and secondary VLANs. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-31 OL-12247-04...

  • Page 794: Creating A Vlan Map

    ACL that would match the packet, and set the action to drop. A permit in the ACL counts as a match. A deny in the ACL means no match. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-32...

  • Page 795: Examples Of Acls And Vlan Maps

    Switch(config)# vlan access-map drop-ip-default 20 Switch(config-access-map)# match ip address igmp-match Switch(config-access-map)# action drop Switch(config-access-map)# exit Switch(config)# vlan access-map drop-ip-default 30 Switch(config-access-map)# match ip address tcp-match Switch(config-access-map)# action forward Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-33 OL-12247-04...
  • Page 796 Switch(config)# vlan access-map drop-all-default 10 Switch(config-access-map)# match ip address tcp-match Switch(config-access-map)# action forward Switch(config-access-map)# exit Switch(config)# vlan access-map drop-all-default 20 Switch(config-access-map)# match mac address good-hosts Switch(config-access-map)# action forward Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-34 OL-12247-04...

  • Page 797: Applying A Vlan Map To A Vlan

    Deny Access to a Server on Another VLAN VLAN map 10.1.1.100 Subnet 10.1.2.0/8 Server (VLAN 10) 10.1.1.4 Host (VLAN 20) Layer 3 switch Host (VLAN 10) 10.1.1.8 Packet Host (VLAN 10) Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-35 OL-12247-04...

  • Page 798: Using Vlan Maps With Router Acls

    These guidelines are for configurations where you need to have an router ACL and a VLAN map on the same VLAN. These guidelines do not apply to configurations where you are mapping router ACLs and VLAN maps on different VLANs. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-36 OL-12247-04...

  • Page 799: Examples Of Router Acls And Vlan Maps Applied To Vlans

    ACL is applied on packets that are switched within a VLAN. Packets switched within the VLAN without being routed or forwarded by fallback bridging are only subject to the VLAN map of the input VLAN. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-37 OL-12247-04...

  • Page 800: Acls And Bridged Packets

    Applying ACLs on Bridged Packets VLAN 10 VLAN 20 Frame Blade server A Blade server B (VLAN 10) (VLAN 20) Fallback bridge VLAN 10 VLAN 20 Packet Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-38 OL-12247-04...

  • Page 801: Acls And Routed Packets

    However, if the input VLAN map (VLAN 10 map in Figure 34-8) drops the packet, no destination receives a copy of the packet. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-39 OL-12247-04...

  • Page 802: Displaying Ipv4 Acl Configuration

    [interface interface-id] Displays MAC access lists applied to all Layer 2 interfaces or the specified Layer 2 interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-40 OL-12247-04...
  • Page 803 [access-map name | vlan vlan-id] Show information about all VLAN filters or about a specified VLAN or VLAN access map. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-41 OL-12247-04...
  • Page 804 Chapter 34 Configuring Network Security with ACLs Displaying IPv4 ACL Configuration Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-42 OL-12247-04...

  • Page 805: Understanding Ipv6 Acls

    Note For complete syntax and usage information for the commands used in this chapter, see the command reference for this release or the Cisco IOS documentation referenced in the procedures. This chapter contains these sections: Understanding IPv6 ACLs, page 35-1 •...

  • Page 806: Chapter 35 Configuring Ipv6 Acl

    With IPv4, you can configure standard and extended numbered IP ACLs, named IP ACLs, and MAC ACLs. IPv6 supports only named ACLs. The switch supports most Cisco IOS-supported IPv6 ACLs with these exceptions: Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-2 OL-12247-04...

  • Page 807: Ipv6 Acls And Switch Stacks

    Apply the IPv6 ACL to an interface. For router ACLs, you must also configure an IPv6 address on the Step 3 Layer 3 interface to which the ACL is applied. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-3 OL-12247-04...

  • Page 808: Default Ipv6 Acl Configuration

    Step 1 configure terminal Enter global configuration mode. Step 2 ipv6 access-list access-list-name Define an IPv6 access list using a name, and enter IPv6 access-list configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-4 OL-12247-04...
  • Page 809 The range is from 1 to 4294967295. (Optional) Enter time-range name to specify the time range that applies to • the deny or permit statement. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-5 OL-12247-04...
  • Page 810 The range is from 1 to 4294967295. (Optional) Enter time-range name to specify the time range that applies to • the deny or permit statement. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-6 OL-12247-04...
  • Page 811 Return to privileged EXEC mode. Step 5 show ipv6 access-list Verify the access list configuration. Step 6 copy running-config (Optional) Save your entries in the configuration file. startup-config Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-7 OL-12247-04...

  • Page 812: Applying An Ipv6 Acl To An Interface

    This example configures the IPv6 access list named CISCO. The first deny entry in the list denies all packets that have a destination TCP port number greater than 5000. The second deny entry denies packets that have a source UDP port number less than 5000.

  • Page 813: Displaying Ipv6 Acls

    Chapter 35 Configuring IPv6 ACLs Displaying IPv6 ACLs This example shows how to apply the access list Cisco to outbound traffic on a Layer 3 interface: Switch(config)# interface gigabitethernet 1/0/3 Switch(config-if)# no switchport Switch(config-if)# ipv6 address 2001::/64 eui-64 Switch(config-if)# ipv6 traffic-filter CISCO out...
  • Page 814 Chapter 35 Configuring IPv6 ACLs Displaying IPv6 ACLs Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-10 OL-12247-04...

  • Page 815: Configuring Qos

    Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. Cisco IOS release 12.2(52)SE and later supports QoS for both IPv4and IPv6 traffic when a dual IPv4 and IPv6 SDM template is configured.

  • Page 816: Understanding Qos

    IP precedence values range from 0 to 7. DSCP values range from 0 to 63. Beginning with Cisco IOS Release 12.2(52)SE, you can use the dual IPv4 and IPv6 SDM templates to Note enable IPv6 QoS globally on the switch or switch stack. You must reload the switch after configuring the dual IPv4 and IPv6 templates.

  • Page 817: Chapter 36 Configuring Qo

    Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-3 OL-12247-04...

  • Page 818: Basic Qos Model

    Scheduling services the four egress queues based on their configured SRR shared or shaped weights. • One of the queues (queue 1) can be the expedited queue, which is serviced until empty before the other queues are serviced. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-4 OL-12247-04...

  • Page 819: Classification

    0 as the DSCP and CoS values, which means best-effort traffic. Otherwise, the policy-map action specifies a DSCP or CoS value to assign to the incoming frame. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-5...
  • Page 820 • IPv6 packets, the DSCP value is rewritten by using the CoS-to-DSCP map and by using the default CoS of the port. In Cisco IOS Release 12.2(52)SE and later, you can do this for both IPv4 and IPv6 traffic. Perform the classification based on a configured IP standard or an extended ACL, which examines •...
  • Page 821 Assign the DSCP or CoS as specified Assign the default Generate the DSCP by using by ACL action to generate the QoS label. DSCP (0). the CoS-to-DSCP map. Done Done Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-7 OL-12247-04...

  • Page 822: Classification Based On Qos Acls

    You can use IP standard, IP extended, or Layer 2 MAC ACLs to define a group of packets with the same characteristics (class). Beginning with Cisco IOS Release 12.2(52)SE, you can classify IP traffic based on IPv6 ACLs. In the QoS context, the permit and deny actions in the access control entries (ACEs) have...

  • Page 823: Policing And Marking

    “Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps” section on page 36-58, and the “Classifying, Policing, and Marking Traffic by Using Aggregate Policers” section on page 36-65. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-9 OL-12247-04...

  • Page 824: Policing On Physical Ports

    A nonhierarchical policy map on a physical port. • The interface level of a hierarchical policy map attached to an SVI. The physical ports are specified • in this secondary policy map. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-10 OL-12247-04...

  • Page 825: Policing On Svis

    SVI. The second level, the interface level, specifies the actions to be taken against the traffic on the physical ports that belong to the SVI and are specified in the interface-level policy map. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-11 OL-12247-04...
  • Page 826 Drop Verify the out-of-profile action Drop packet. configured for this policer. Mark Modify DSCP according to the policed-DSCP map. Generate a new QoS label. Done Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-12 OL-12247-04...

  • Page 827: Mapping Tables

    Scheduling on Ingress Queues” section on page 36-16. For information about the DSCP and CoS output queue threshold maps, see the “Queueing and Scheduling on Egress Queues” section on page 36-18. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-13 OL-12247-04...

  • Page 828: Queueing And Scheduling Overview

    5 and is subjected to the 60-percent threshold. If this frame is added to the queue, the threshold will be exceeded, so the switch drops it. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-14...

  • Page 829: Srr Shaping And Sharing

    36-75, the “Configuring SRR Shaped Weights on Egress Queues” section on page 36-82, and the “Configuring SRR Shared Weights on Egress Queues” section on page 36-83. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-15 OL-12247-04...

  • Page 830: Queueing And Scheduling On Ingress Queues

    The expedite queue has guaranteed bandwidth. 1. The switch uses two nonconfigurable queues for traffic that is essential for proper network and stack operation. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-16 OL-12247-04...
  • Page 831 For configuration information, see the “Configuring Ingress Queue Characteristics” section on page 36-73. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-17 OL-12247-04...

  • Page 832: Queueing And Scheduling On Egress Queues

    All traffic exiting the switch flows through one of these four queues and is subjected to a threshold based on the QoS label assigned to the packet. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-18...
  • Page 833 The switch can allocate the needed buffers from the common pool if the common pool is not empty. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-19...

  • Page 834: Packet Modification

    DSCP to the CPU where it is again processed through software. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-20...

  • Page 835: Configuring Auto-Qos

    IPv4 and IPv6 SDM template is configured. You use auto-QoS commands to identify ports connected to Cisco IP Phones and to devices running the Cisco SoftPhone application. You also use the commands to identify ports that receive trusted traffic through an uplink.

  • Page 836: Generated Auto-Qos Configuration

    When you enter the auto qos voip cisco-softphone interface configuration command on a port at • the edge of the network that is connected to a device running the Cisco SoftPhone, the switch uses policing to determine whether a packet is in or out of profile and to specify the action on the packet.
  • Page 837 Ensure Port Security” section on page 36-39. When you enable auto-QoS by using the auto qos voip cisco-phone, the auto qos voip cisco-softphone, or the auto qos voip trust interface configuration command, the switch automatically generates a QoS configuration based on the traffic type and ingress packet label and applies the commands listed in Table 36-5 to the port.
  • Page 838 Switch(config)# mls qos srr-queue input bandwidth 90 Switch(config)# mls qos srr-queue input threshold 1 8 16 Switch(config)# mls qos srr-queue input threshold 2 34 66 Switch(config)# mls qos srr-queue input buffers 67 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-24 OL-12247-04...
  • Page 839 After creating the class maps and policy maps, the switch Switch(config-if)# service-policy input AutoQoS-Police-SoftPhone automatically applies the policy map called AutoQoS-Police-SoftPhone to an ingress interface on which auto-QoS with the Cisco SoftPhone feature is enabled. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-25 OL-12247-04...

  • Page 840: Effects Of Auto-Qos On The Configuration

    By default, the CDP is enabled on all ports. For auto-QoS to function properly, do not disable the • CDP. When enabling auto-QoS with a Cisco IP Phone on a routed port, you must assign a static IP address • to the IP phone.

  • Page 841: Enabling Auto-Qos For Voip

    Step 2 interface interface-id Specify the port that is connected to a Cisco IP Phone, the port that is connected to a device running the Cisco SoftPhone feature, or the uplink port that is connected to another trusted switch or router in the interior of the network, and enter interface configuration mode.

  • Page 842: Auto-Qos Configuration Example

    VoIP traffic is prioritized over all other traffic. Auto-QoS is enabled on the switches in the wiring closets at the edge of the QoS domain. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-28...
  • Page 843 Step 6 exit Return to global configuration mode. Step 7 Repeat Steps 4 to 6 for as many ports as are connected to the Cisco IP Phone. Step 8 interface interface-id Specify the switch port identified as connected to a trusted switch or router, and enter interface configuration mode.

  • Page 844: Displaying Auto-Qos Information

    (optional, unless you need to use the DSCP-to-DSCP-mutation map or the policed-DSCP map) • Configuring Ingress Queue Characteristics, page 36-73 (optional) • Configuring Egress Queue Characteristics, page 36-77 (optional) Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-30 OL-12247-04...

  • Page 845: Default Standard Qos Configuration

    DSCP input queue threshold map when QoS is enabled. Table 36-8 Default DSCP Input Queue Threshold Map DSCP Value Queue ID–Threshold ID 0–39 1–1 40–47 2–1 48–63 1–1 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-31 OL-12247-04...

  • Page 846: Default Egress Queue Configuration

    DSCP output queue threshold map when QoS is enabled. Table 36-11 Default DSCP Output Queue Threshold Map DSCP Value Queue ID–Threshold ID 0–15 2–1 16–31 3–1 32–39 4–1 40–47 1–1 48–63 4–1 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-32 OL-12247-04...

  • Page 847: Default Mapping Table Configuration

    Chapter 35, “Configuring IPv6 ACLs.”. Applying QoS on Interfaces These are the guidelines with for configuring QoS on physical ports. This section also applies to SVIs (Layer 3 interfaces): Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-33 OL-12247-04...

  • Page 848: Configuring Ipv6 Qos On Switch Stacks

    Beginning with Cisco IOS Release 12.2(52)SE, you can enable IPv6 QoS on a switch or a switch stack. If the stack includes only Cisco 3560E and Cisco 3750E switches, the QoS configuration applies to all traffic. These are the guidelines for IPv6 QoS in a stack that includes one or more Cisco Catalyst 3750 switches: Any switch can be the stack master.

  • Page 849: Policing Guidelines

    You cannot apply QoS DSCP mutation maps and PBR route maps to the same interface. You cannot configure DSCP transparency and PBR DSCP route maps on the same switch. – Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-35 OL-12247-04...

  • Page 850: Enabling Qos Globally

    Configuring Standard QoS Enabling QoS Globally By default, QoS is disabled on the switch. Cisco IOS Release 12.2(52)SE and later supports IPv6 QoS. To enable IPv6 QoS on the switch, you must first configure the dual-IP SDM template and reload the switch.

  • Page 851: Configuring Classification Using Port Trust States

    QoS domain. Figure 36-12 shows a sample network topology. Figure 36-12 Port Trusted States within the QoS Domain Trusted interface Trunk Traffic classification performed here Trusted boundary Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-37 OL-12247-04...

  • Page 852: Configuring The Cos Value For An Interface

    Configuring the CoS Value for an Interface QoS assigns the CoS value specified with the mls qos cos interface configuration command to untagged frames received on trusted and untrusted ports. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-38 OL-12247-04...

  • Page 853: Configuring A Trusted Boundary To Ensure Port Security

    To return to the default setting, use the no mls qos cos {default-cos | override} interface configuration command. Configuring a Trusted Boundary to Ensure Port Security In a typical network, you connect a Cisco IP Phone to a switch port, as shown in Figure 36-12 on page 36-37, and cascade devices that generate data packets from the back of the telephone.

  • Page 854: Enabling Dscp Transparency Mode

    CoS setting). By contrast, trusted boundary uses CDP to detect the presence of a Cisco IP Phone (such as the Cisco IP Phone 7910, 7935, 7940, and 7960) on a switch port. If the telephone is not detected, the trusted boundary feature disables the trusted setting on the switch port and prevents misuse of a high-priority queue.

  • Page 855: Configuring The Dscp Trust State On A Port Bordering Another Qos Domain

    QoS. If the two domains use different DSCP values, you can configure the DSCP-to-DSCP-mutation map to translate a set of DSCP values to match the definition in the other domain. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-41 OL-12247-04...
  • Page 856 Return to privileged EXEC mode. Step 7 show mls qos maps dscp-mutation Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-42 OL-12247-04...

  • Page 857: Configuring A Qos Policy

    Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps, page 36-58 • Classifying, Policing, and Marking Traffic by Using Aggregate Policers, page 36-65 • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-43 OL-12247-04...

  • Page 858: Classifying Traffic By Using Acls

    Classifying Traffic by Using ACLs You can classify IP traffic by using IP standard or IP extended ACLs; in Cisco IOS Release 12.2(52)SE and later, you can use IPv6 ACLs. You can classify non-IP traffic by using Layer 2 MAC ACLs.
  • Page 859 This example shows how to create an ACL that permits PIM traffic from any source to a destination group address of 224.0.0.2 with a DSCP set to 32: Switch(config)# access-list 102 permit pim any 224.0.0.2 dscp 32 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-45 OL-12247-04...
  • Page 860 Create an IPv6 ACL, and enter IPv6 access-list configuration mode. Access list names cannot contain a space or quotation mark or begin with a numeric. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-46 OL-12247-04...
  • Page 861 The acceptable range is from 1 to 4294967295. (Optional) Enter time-range name to specify the time range that • applies to the deny or permit statement. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-47 OL-12247-04...
  • Page 862 Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-48 OL-12247-04...

  • Page 863: Classifying Traffic By Using Class Maps

    Using Policy Maps” section on page 36-54 and the “Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps” section on page 36-58. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-49 OL-12247-04...
  • Page 864 [dscp value] [fragments] [log] [log-input] [routing] [sequence value] [time-range name] mac access-list extended name {permit | deny} {host src-MAC-addr mask | any | host dst-MAC-addr | dst-MAC-addr mask} [type mask] Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-50 OL-12247-04...
  • Page 865 For ip precedence ip-precedence-list, enter a list of up to eight • IP-precedence values to match against incoming packets. Separate each value with a space. The range is 0 to 7. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-51 OL-12247-04...

  • Page 866: Classifying Traffic By Using Class Maps And Filtering Ipv6 Traffic

    Classifying Traffic by Using Class Maps and Filtering IPv6 Traffic In Cisco IOS Release 12.2(52)SE and later, the switch supports both IPv4 and IPv6 QoS when the dual IPv4 and IPv6 SDM template is configured. When the dual IP SDM template is configured, the match ip dscp and match ip precedence classifications match both IPv4 and IPv6 traffic.
  • Page 867 Switch(config)# Class-map cm-1 Switch(config-cmap)# match ip dscp 10 Switch(config-cmap)# match protocol ipv6 Switch(config-cmap)# exit Switch(config)# Class-map cm-2 Switch(config-cmap)# match ip dscp 20 Switch(config-cmap)# match protocol ip Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-53 OL-12247-04...

  • Page 868: Classifying, Policing, And Marking Traffic On Physical Ports By Using Policy Maps

    DSCP value is not affected by the IP-precedence-to-DSCP map. If you want the egress DSCP value to be different than the ingress value, use the set dscp new-dscp policy-map class configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-54 OL-12247-04...
  • Page 869 By default, no policy map class-maps are defined. If a traffic class has already been defined by using the class-map global configuration command, specify its name for class-map-name in this command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-55 OL-12247-04...
  • Page 870 DSCP value (by using the policed-DSCP map) and to send the packet. For more information, see the “Configuring the Policed-DSCP Map” section on page 36-70. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-56 OL-12247-04...
  • Page 871 Switch(config-ext-mac)# permit 0001.0000.0002 0.0.0 0002.0000.0002 0.0.0 xns-idp Switch(config-ext-mac)# exit Switch(config)# mac access-list extended maclist2 Switch(config-ext-mac)# permit 0001.0000.0003 0.0.0 0002.0000.0003 0.0.0 Switch(config-ext-mac)# permit 0001.0000.0004 0.0.0 0002.0000.0004 0.0.0 aarp Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-57 OL-12247-04...

  • Page 872: Classifying, Policing, And Marking Traffic On Svis By Using Hierarchical Policy Maps

    Use the interface-level policy map to specify the physical ports that are affected by individual policers. Beginning with Cisco IOS Release 12.2(52)SE, you can configure hierarchical policy maps that filter IPv4 and IPv6 traffic. Follow these guidelines when configuring hierarchical policy maps: Before configuring a hierarchical policy map, you must enable VLAN-based QoS on the physical •...
  • Page 873 When the switch stack divides into two or more switch stacks, the stack master in each switch – stack re-enables and reconfigures these features on all applicable interfaces on the stack members, including the stack master. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-59 OL-12247-04...
  • Page 874 For ip precedence ip-precedence-list, enter a list of up to eight • IP-precedence values to match against incoming packets. Separate each value with a space. The range is 0 to 7. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-60 OL-12247-04...
  • Page 875 Step 9 exit Return to class-map configuration mode. Step 10 exit Return to global configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-61 OL-12247-04...
  • Page 876 By default, no policy-map class-maps are defined. If a traffic class has already been defined by using the class-map global configuration command, specify its name for class-map-name in this command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-62 OL-12247-04...
  • Page 877 Return to global configuration mode. Step 23 interface interface-id Specify the SVI to which to attach the hierarchical policy map, and enter interface configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-63 OL-12247-04...
  • Page 878 Switch(config-pmap)# class-map cm-interface-1 Switch(config-pmap-c)# police 900000 9000 exc policed-dscp-transmit Switch(config-pmap-c)# exit Switch(config-pmap)# exit Switch(config)# policy-map vlan-plcmap Switch(config-pmap)# class-map cm-1 Switch(config-pmap-c)# set dscp 7 Switch(config-pmap-c)# service-policy port-plcmap-1 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-64 OL-12247-04...

  • Page 879: Classifying, Policing, And Marking Traffic By Using Aggregate Policers

    However, you cannot use the aggregate policer across different policy maps or ports. You can configure aggregate policers only in nonhierarchical policy maps on physical ports. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-65 OL-12247-04...
  • Page 880 Valid interfaces include physical ports. Step 9 service-policy input policy-map-name Specify the policy-map name, and apply it to an ingress port. Only one policy map per ingress port is supported. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-66 OL-12247-04...

  • Page 881: Configuring Dscp Maps

    Configuring the DSCP-to-CoS Map, page 36-71 (optional) • Configuring the DSCP-to-DSCP-Mutation Map, page 36-72 (optional, unless the null settings in the • map are not appropriate) Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-67 OL-12247-04...

  • Page 882: Configuring The Cos-To-Dscp Map

    Switch(config)# mls qos map cos-dscp 10 15 20 25 30 35 40 45 Switch(config)# end Switch# show mls qos maps cos-dscp Cos-dscp map: cos: -------------------------------- dscp: 10 15 20 25 30 35 40 45 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-68 OL-12247-04...

  • Page 883: Configuring The Ip-Precedence-To-Dscp Map

    Switch(config)# mls qos map ip-prec-dscp 10 15 20 25 30 35 40 45 Switch(config)# end Switch# show mls qos maps ip-prec-dscp IpPrecedence-dscp map: ipprec: -------------------------------- dscp: 10 15 20 25 30 35 40 45 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-69 OL-12247-04...

  • Page 884: Configuring The Policed-Dscp Map

    DSCP. The intersection of the d1 and d2 values provides the marked-down value. For example, an original DSCP value of 53 corresponds to a marked-down DSCP value of 0. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-70 OL-12247-04...

  • Page 885: Configuring The Dscp-To-Cos Map

    00 00 00 00 00 00 00 00 00 01 01 01 01 01 01 01 00 02 02 02 02 02 02 02 00 03 03 03 03 03 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-71 OL-12247-04...

  • Page 886: Configuring The Dscp-To-Dscp-Mutation Map

    Return to privileged EXEC mode. Step 7 show mls qos maps dscp-mutation Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-72 OL-12247-04...

  • Page 887: Configuring Ingress Queue Characteristics

    Allocating Buffer Space Between the Ingress Queues, page 36-75 (optional) • • Allocating Bandwidth Between the Ingress Queues, page 36-75 (optional) Configuring the Ingress Priority Queue, page 36-76 (optional) • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-73 OL-12247-04...

  • Page 888: Mapping Dscp Or Cos Values To An Ingress Queue And Setting Wtd Thresholds

    To return to the default WTD threshold percentages, use the no mls qos srr-queue input threshold queue-id global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-74 OL-12247-04...

  • Page 889: Allocating Buffer Space Between The Ingress Queues

    The bandwidth and the buffer allocation control how much data can be buffered before packets are dropped. On ingress queues, SRR operates only in shared mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-75...

  • Page 890: Configuring The Ingress Priority Queue

    Then, SRR shares the remaining bandwidth with both ingress queues and services them as specified by the weights configured with the mls qos srr-queue input bandwidth weight1 weight2 global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-76 OL-12247-04...

  • Page 891: Configuring Egress Queue Characteristics

    Does the bandwidth of the port need to be rate limited? • How often should the egress queues be serviced and which technique (shaped, shared, or both) • should be used? Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-77 OL-12247-04...

  • Page 892: Configuration Guidelines

    The egress queue default settings are suitable for most situations. You should change them only when Note you have a thorough understanding of the egress queues and if these settings do not meet your QoS solution. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-78 OL-12247-04...
  • Page 893 For qset-id, enter the ID of the queue-set specified in Step 2. The range is 1 to 2. The default is 1. Step 6 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-79 OL-12247-04...

  • Page 894: Mapping Dscp Or Cos Values To An Egress Queue And To A Threshold Id

    The egress queue default settings are suitable for most situations. You should change them only when Note you have a thorough understanding of the egress queues and if these settings do not meet your QoS solution. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-80 OL-12247-04...
  • Page 895 This example shows how to map DSCP values 10 and 11 to egress queue 1 and to threshold 2: Switch(config)# mls qos srr-queue output dscp-map queue 1 threshold 2 10 11 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-81...

  • Page 896: Configuring Srr Shaped Weights On Egress Queues

    2, 3, and 4 are set to 0, these queues operate in shared mode. The bandwidth weight for queue 1 is 1/8, which is 12.5 percent: Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# srr-queue bandwidth shape 8 0 0 0 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-82 OL-12247-04...

  • Page 897: Configuring Srr Shared Weights On Egress Queues

    You can ensure that certain packets have priority over all others by queuing them in the egress expedite queue. SRR services this queue until it is empty before servicing the other queues. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-83...

  • Page 898: Limiting The Bandwidth On An Egress Interface

    The range is 10 to 90. By default, the port is not rate limited and is set to 100 percent. Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-84 OL-12247-04...

  • Page 899: Displaying Standard Qos Information

    [qset-id] Display QoS settings for the egress queues. show mls qos vlan vlan-id Display the policy maps attached to the specified SVI. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-85 OL-12247-04...
  • Page 900 The control-plane and interface keywords are not supported, and the statistics shown in the display should be ignored. show running-config | include rewrite Display the DSCP transparency setting. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-86 OL-12247-04...

  • Page 901: Understanding Etherchannels

    Link Aggregation Control Protocol, page 37-6 • • EtherChannel On Mode, page 37-7 • Load-Balancing and Forwarding Methods, page 37-8 • EtherChannel and Switch Stacks, page 37-9 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-1 OL-12247-04...

  • Page 902: C H A P T E R 37 Configuring Etherchannels And Link-State Tracking

    EtherChannel, and the failed link. Inbound broadcast and multicast packets on one link in an EtherChannel are blocked from returning on any other link of the EtherChannel. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-2...
  • Page 903 2 Switch 3 Figure 37-3 Cross-Stack EtherChannel Blade switch stack Switch 1 StackWise Plus port connections Switch A Switch 2 Channel group 1 Switch 3 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-3 OL-12247-04...

  • Page 904: Port-Channel Interfaces

    EtherChannel, apply configuration commands to the port-channel interface, for example, spanning-tree commands or commands to configure a Layer 2 EtherChannel as a trunk. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-4 OL-12247-04...

  • Page 905: Port Aggregation Protocol

    Understanding EtherChannels Port Aggregation Protocol The Port Aggregation Protocol (PAgP) is a Cisco-proprietary protocol that can be run only on Cisco switches and on those switches licensed by vendors to support PAgP. PAgP facilitates the automatic creation of EtherChannels by exchanging PAgP packets between Ethernet ports. You can use PAgP only in single-switch EtherChannel configurations;...

  • Page 906: Pagp Interaction With Virtual Switches And Dual-Active Detection

    Link Aggregation Control Protocol The LACP is defined in IEEE 802.3ad and enables Cisco switches to manage Ethernet channels between switches that conform to the IEEE 802.3ad protocol. LACP facilitates the automatic creation of EtherChannels by exchanging LACP packets between Ethernet ports.

  • Page 907: Lacp Modes

    Ports that are configured in the on mode in the same channel group must have compatible port characteristics, such as speed and duplex. Ports that are not compatible are suspended, even though they are configured in the on mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-7 OL-12247-04...

  • Page 908: Load-Balancing And Forwarding Methods

    In Figure 37-5, an EtherChannel of sixteen blade servers communicates with a router. Because the router is a single-MAC-address device, source-based Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-8 OL-12247-04...

  • Page 909: Etherchannel And Switch Stacks

    Spanning tree detects this condition and acts accordingly. Any PAgP or LACP configuration on a winning switch stack is not affected, but the PAgP or LACP configuration on the losing switch stack is lost after the stack reboots. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-9 OL-12247-04...

  • Page 910: Configuring Etherchannels

    Channel groups None assigned. Port-channel logical interface None defined. PAgP mode No default. PAgP learn method Aggregate-port learning on all ports. PAgP priority 128 on all ports. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-10 OL-12247-04...

  • Page 911: Etherchannel Configuration Guidelines

    Do not configure a port that is an active or a not-yet-active member of an EtherChannel as an IEEE 802.1x port. If you try to enable IEEE 802.1x on an EtherChannel port, an error message appears, and IEEE 802.1x is not enabled. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-11 OL-12247-04...

  • Page 912: Configuring Layer 2 Etherchannels

    For a LACP EtherChannel, you can configure up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in standby mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-12 OL-12247-04...
  • Page 913 Step 5 Return to privileged EXEC mode. Step 6 show running-config Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-13 OL-12247-04...

  • Page 914: Configuring Layer 3 Etherchannels

    To move an IP address from a physical port to an EtherChannel, you must delete the IP address from the Note physical port before configuring it on the port-channel interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-14 OL-12247-04...

  • Page 915: Configuring The Physical Interfaces

    Ensure that there is no IP address assigned to the physical port. Step 4 no switchport Put the port into Layer 3 mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-15 OL-12247-04...
  • Page 916 Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-16 OL-12247-04...

  • Page 917: Configuring Etherchannel Load-Balancing

    IP • address. src-mac—Load distribution is based on the source-MAC • address of the incoming packet. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-17 OL-12247-04...

  • Page 918: Configuring The Pagp Learn Method And Priority

    Catalyst 1900 switch using the same port in the EtherChannel from which it learned the source address. Only use the pagp learn-method command in this situation. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-18...

  • Page 919: Configuring Lacp Hot-Standby Ports

    If one of the active links becomes inactive, a link that is in the hot-standby mode becomes active in its place. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-19...

  • Page 920: Configuring The Lacp System Priority

    (Optional) Save your entries in the configuration file. To return the LACP system priority to the default value, use the no lacp system-priority global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-20 OL-12247-04...

  • Page 921: Configuring The Lacp Port Priority

    (Optional) Save your entries in the configuration file. To return the LACP port priority to the default value, use the no lacp port-priority interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-21 OL-12247-04...

  • Page 922: Displaying Etherchannel, Pagp, And Lacp Status

    Interfaces connected to servers are referred to as downstream interfaces, and interfaces connected to distribution switches and network devices are referred to as upstream interfaces. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-22 OL-12247-04...
  • Page 923 Traffic from half of the active Ethernet interfaces flows through blade switch 1 to distribution • switch 1. Traffic from the remaining active Ethernet interfaces flows through blade switch 2 to distribution • switch 2. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-23 OL-12247-04...

  • Page 924: Configuring Link-State Tracking

    An interface cannot be a member of more than one link-state group. • You can configure only two link-state groups per nonstacking-capable switch. • You can configure only ten link-state groups per stacking-capable switch. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-24 OL-12247-04...

  • Page 925: Configuring Link-State Tracking

    If the interfaces are part of an EtherChannel, you must specify the port channel name as part of the link-state group, not the individual port members. To disable a link-state group, use the no link state track number global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-25 OL-12247-04...

  • Page 926: Displaying Link-State Tracking Status

    Downstream Interfaces : Gi0/3(Up) Gi0/4(Up) (Up):Interface up (Dwn):Interface Down (Dis):Interface disabled For detailed information about the fields in the display, see the command reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-26 OL-12247-04...

  • Page 927: Configuring Ip Unicast Routing

    For more detailed IP unicast configuration information, see the Cisco IOS IP Configuration Guide, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Configuration Guides. For complete syntax and usage information for the commands used in this chapter, see these command references from the Cisco.com page under Documentation >...

  • Page 928: Understanding Ip Routing

    Types of Routing Routers and Layer 3 switches can route packets in these ways: By using default routing • • By using preprogrammed static routes for the traffic Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-2 OL-12247-04...

  • Page 929: Chapter 38 Configuring Ip Unicast Routing

    IP packets to the stack. • All IP packets that require software forwarding or processing go through the CPU of the stack master. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-3 OL-12247-04...
  • Page 930 Caution Partitioning on the switch stack into two or more stacks might lead to undesirable behavior in the network. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-4 OL-12247-04...

  • Page 931: Steps For Configuring Routing

    By default, IP routing is disabled on the switch, and you must enable it before routing can take place. For detailed IP routing configuration information, see the Cisco IOS IP Configuration Guide, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Configuration Guides.

  • Page 932: Default Addressing Configuration

    Maximum interval between advertisements: 600 seconds. • Minimum interval between advertisements: 0.75 times maximum • interval Preference: 0. • IP proxy ARP Enabled. IP routing Disabled. IP subnet-zero Disabled. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-6 OL-12247-04...

  • Page 933: Assigning Ip Addresses To Network Interfaces

    (Optional) Save your entry in the configuration file. Use the no ip subnet-zero global configuration command to restore the default and to disable the use of subnet zero. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-7 OL-12247-04...

  • Page 934: Classless Routing

    38-3, the router in network 128.20.0.0 is connected to subnets 128.20.1.0, 128.20.2.0, and 128.20.3.0. If the host sends a packet to 120.20.4.1, because there is no network default route, the router discards the packet. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-8 OL-12247-04...

  • Page 935: Configuring Address Resolution Methods

    MAC address from an IP address is called address resolution. The process of learning the IP address from the MAC address is called reverse address resolution. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-9...

  • Page 936: Define A Static Arp Cache

    For more information on RARP, see the Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.2 under Documentation > Cisco IOS Software > 12.2 Mainline > Configuration Guides from the Cisco.com page.

  • Page 937: Set Arp Encapsulation

    (Optional) Save your entries in the configuration file. To disable an encapsulation type, use the no arp arpa or no arp snap interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-11 OL-12247-04...

  • Page 938: Enable Proxy Arp

    (ICMP) redirect message, identifying the local router that the host should use. The switch caches the redirect messages and forwards each packet as efficiently as possible. This method cannot detect when the default router has failed or is unavailable. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-12 OL-12247-04...

  • Page 939: Icmp Router Discovery Protocol (Irdp)

    It must be greater than maxadvertinterval and cannot be greater than 9000 seconds. If you change the maxadvertinterval value, this value also changes. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-13 OL-12247-04...

  • Page 940: Configuring Broadcast Packet Handling

    Enabling Directed Broadcast-to-Physical Broadcast Translation, page 38-15 • Forwarding UDP Broadcast Packets and Protocols, page 38-16 • Establishing an IP Broadcast Address, page 38-16 Flooding IP Broadcasts, page 38-17 • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-14 OL-12247-04...

  • Page 941: Enabling Directed Broadcast-To-Physical Broadcast Translation

    Use the no ip directed-broadcast interface configuration command to disable translation of directed broadcasts to physical broadcasts. Use the no ip forward-protocol global configuration command to remove a protocol or a port. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-15 OL-12247-04...

  • Page 942: Forwarding Udp Broadcast Packets And Protocols

    By default, both UDP and NDP forwarding are enabled if a helper address has been defined for an interface. The description for the ip forward-protocol interface configuration command in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2 lists the ports that are forwarded by default if you do not specify any UDP ports.

  • Page 943: Flooding Ip Broadcasts

    When a flooded UDP datagram is sent on an interface (and the destination address is possibly changed), the datagram is processed by the normal IP output routines and is, therefore, subject to ACLs, if they are present on the output interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-17 OL-12247-04...

  • Page 944: Monitoring And Maintaining Ip Addressing

    Remove one or all entries from the hostname and the address cache. clear ip route {network [mask] |*} Remove one or more routes from the IP routing table. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-18 OL-12247-04...

  • Page 945: Enabling Ip Unicast Routing

    Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no ip routing global configuration command to disable routing. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-19 OL-12247-04...

  • Page 946: Configuring Rip

    Default RIP Configuration, page 38-21 • Configuring Basic RIP Parameters, page 38-21 • Configuring RIP Authentication, page 38-24 • Configuring Summary Addresses and Split Horizon, page 38-24 • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-20 OL-12247-04...

  • Page 947: Default Rip Configuration

    Enable IP routing. (Required only if IP routing is disabled.) Step 3 router rip Enable a RIP routing process, and enter router configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-21 OL-12247-04...
  • Page 948 If you are sending packets to a lower-speed device, you can add an interpacket delay in the range of 8 to 50 milliseconds. Step 12 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-22 OL-12247-04...
  • Page 949 If you are sending packets to a lower-speed device, you can add an interpacket delay in the range of 8 to 50 milliseconds. Step 12 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-23 OL-12247-04...

  • Page 950: Configuring Rip Authentication

    This feature usually optimizes communication among multiple routers, especially when links are broken. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-24 OL-12247-04...
  • Page 951 Switch(config-if)# ip address 10.1.5.1 255.255.255.0 Switch(config-if)# ip summary-address rip 10.2.0.0 255.255.0.0 Switch(config-if)# no ip split-horizon Switch(config-if)# exit Switch(config)# router rip Switch(config-router)# network 10.0.0.0 Switch(config-router)# neighbor 2.2.2.2 peer-group mygroup Switch(config-router)# end Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-25 OL-12247-04...

  • Page 952: Configuring Split Horizon

    This section briefly describes how to configure Open Shortest Path First (OSPF). For a complete description of the OSPF commands, see the “OSPF Commands” chapter of the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2.
  • Page 953 Configuring a Loopback Interface, page 38-35 • Monitoring OSPF, page 38-36 • To enable OSPF, the switch or stack master must be running the IP services feature set. Note Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-27 OL-12247-04...

  • Page 954: Default Ospf Configuration

    . Allows Layer 3 switches to continue forwarding packets from a neighboring NSF-capable router during hardware or software changes. NSF capability Disabled. Note The switch stack supports OSPF NSF-capable routing for IPv4. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-28 OL-12247-04...

  • Page 955: Ospf Nonstop Forwarding

    This feature cannot be disabled. For more information on this feature, see the “OSPF Nonstop Forwarding (NSF) Awareness” section of the Cisco IOS IP Routing Protocols Configuration Guide, Release 12.4 at this URL: http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804557 a8.html...

  • Page 956: Configuring Basic Ospf Parameters

    Use the nsf OSPF routing configuration command to enable OSPF NSF routing. Use the show ip ospf privileged EXEC command to verify that it is enabled. For more information about this feature, see the Cisco Nonstop Forwarding Feature Overview at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00800ab7fc.

  • Page 957: Configuring Ospf Interfaces

    The password can be any string of keyboard-entered characters up to 8 bytes in length. All neighboring routers on the same network must have the same password to exchange OSPF information. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-31 OL-12247-04...

  • Page 958: Configuring Ospf Area Parameters

    Beginning in privileged EXEC mode, follow these steps to configure area parameters: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 router ospf process-id Enable OSPF routing, and enter router configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-32 OL-12247-04...

  • Page 959: Configuring Other Ospf Parameters

    Configuration information includes the identity of the other virtual endpoint (the other ABR) and the nonbackbone link that the two routers have in common (the transit area). Virtual links cannot be configured through a stub area. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-33 OL-12247-04...
  • Page 960 The default distance for each type of route is 110. Step 9 passive-interface type number (Optional) Suppress the sending of hello packets through the specified interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-34 OL-12247-04...

  • Page 961: Changing Lsa Group Pacing

    OSPF process must recalculate a new router ID and resend all its routing information through its interfaces. If a loopback interface is configured with an IP address, OSPF uses this IP address Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-35...

  • Page 962: Monitoring Ospf

    EXEC commands for displaying statistics. For more show ip ospf database privileged EXEC command options and for explanations of fields in the resulting display, see the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2. Table 38-6...

  • Page 963: Configuring Eigrp

    Neighbor discovery and recovery is achieved by periodically sending small hello packets. As long as hello packets are received, the Cisco IOS software learns that a neighbor is alive and functioning. When this status is determined, the neighboring routers can exchange routing information.

  • Page 964: Default Eigrp Configuration

    Enabled. Subprefixes are summarized to the classful network boundary when crossing classful network boundaries. Default-information Exterior routes are accepted, and default information is passed between EIGRP processes during redistribution. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-38 OL-12247-04...
  • Page 965 Distributed proportionately to the ratios of the metrics. Variance 1 (equal-cost load-balancing). 1. NSF = nonstop forwarding 2. EIGRP NSF awareness is enabled for IPv4 on switches running the IP services feature set. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-39 OL-12247-04...

  • Page 966: Eigrp Nonstop Forwarding

    This feature cannot be disabled. For more information on this feature, see the “EIGRP Nonstop Forwarding (NSF) Awareness” section of the Cisco IOS IP Routing Protocols Configuration Guide, Release 12.4 at this URL: http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804529...

  • Page 967: Configuring Basic Eigrp Parameters

    (Optional) Save your entries in the configuration file. Use the no forms of these commands to disable the feature or to return the setting to the default value. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-41...

  • Page 968: Configuring Eigrp Interfaces

    EIGRP route authentication provides MD5 authentication of routing updates from the EIGRP routing protocol to prevent the introduction of unauthorized or false routing messages from unapproved sources. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-42...

  • Page 969: Eigrp Stub Routing

    The switch uses EIGRP stub routing at the access layer to eliminate the need for other types of routing advertisements. For enhanced Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-43...

  • Page 970: Monitoring And Maintaining Eigrp

    You can delete neighbors from the neighbor table. You can also display various EIGRP routing statistics. Table 38-8 lists the privileged EXEC commands for deleting neighbors and displaying statistics. For explanations of fields in the resulting display, see the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2. Table 38-8...
  • Page 971 Display the EIGRP topology table for a given process. [[ip-address] mask]] show ip eigrp traffic [autonomous-system-number] Display the number of packets sent and received for all or a specified EIGRP process. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-45 OL-12247-04...

  • Page 972: Configuring Bgp

    Internet. You can find detailed information about BGP in Internet Routing Architectures, published by Cisco Press, and in the “Configuring BGP” chapter in the Cisco IP and IP Routing Configuration Guide. For details about BGP commands and keywords, see the “IP Routing Protocols” part of the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2.
  • Page 973 A router or switch running Cisco IOS does not select or use an IBGP route unless it has a route available to the next-hop router and it has received synchronization from an IGP (unless IGP synchronization is disabled).

  • Page 974: Default Bgp Configuration

    Protocols” part of the Cisco IOS IP Configuration Guide, Release 12.2. For details about specific commands, see the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2. For a list of BGP commands that are visible but not supported by the switch, see Appendix C, “Unsupported Commands in Cisco IOS Release 12.2(52)SE.”...
  • Page 975 . Allows Layer 3 switches to continue forwarding packets from a neighboring NSF-capable router during hardware or software changes. Route reflector None configured. Synchronization (BGP and IGP) Enabled. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-49 OL-12247-04...

  • Page 976: Nonstop Forwarding Awareness

    For more information, see the “BGP Nonstop Forwarding (NSF) Awareness” section of the Cisco IOS IP Routing Protocols Configuration Guide, Release 12.4 at this URL: http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804556...
  • Page 977 Step 10 bgp graceful-restart (Optional) Enable NSF awareness on switch. By default, NSF awareness is disabled. Step 11 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-51 OL-12247-04...
  • Page 978 Last read 0:00:29, hold time is 180, keepalive interval is 60 seconds Minimum time between advertisement runs is 30 seconds Received 2828 messages, 0 notifications, 0 in queue Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-52 OL-12247-04...

  • Page 979: Managing Routing Policy Changes

    BGP sessions so that the configuration changes take effect. There are two types of reset, hard reset and soft reset. Cisco IOS Releases 12.1 and later support a soft reset without any prior configuration. To use a soft reset without preconfiguration, both BGP peers must support the soft-route refresh capability, which is advertised in the OPEN message sent when the peers establish a TCP session.

  • Page 980: Configuring Bgp Decision Attributes

    You can disable next-hop processing by using route maps or the neighbor next-hop-self router configuration command. Prefer the path with the largest weight (a Cisco-proprietary parameter). The weight attribute is local to the router and not propagated in routing updates. By default, the weight attribute is 32768 for paths that the router originates and zero for other paths.
  • Page 981 All routes without a MED are also set to this value. The range is 1 to 4294967295. The lowest value is the most desirable. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-55 OL-12247-04...

  • Page 982: Configuring Bgp Filtering With Route Maps

    Step 1 configure terminal Enter global configuration mode. Step 2 route-map map-tag [[permit | deny] | Create a route map, and enter route-map configuration mode. sequence-number]] Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-56 OL-12247-04...

  • Page 983: Configuring Bgp Filtering By Neighbor

    {ip-address | peer-group name} (Optional) Apply a route map to filter an incoming or outgoing route-map map-tag {in | out} route. Step 5 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-57 OL-12247-04...

  • Page 984: Configuring Prefix Lists For Bgp Filtering

    BGP autonomous system paths. Each filter is an access list based on regular expressions. (See the “Regular Expressions” appendix in the Cisco IOS Dial Technologies Command Reference, Release 12.2 for more information on forming regular expressions.) To use this method, define an autonomous-system-path access list, and apply it to updates to and from particular neighbors.

  • Page 985: Configuring Bgp Community Filtering

    COMMUNITIES attribute. The attribute groups destinations into communities and applies routing decisions based on the communities. This method simplifies the configuration of a BGP speaker to control distribution of routing information. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-59 OL-12247-04...
  • Page 986 BGP, a community takes the form AA:NN, where the first part is the autonomous-system number and the second part is a 2-byte number. Step 8 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-60 OL-12247-04...

  • Page 987: Configuring Bgp Neighbors And Peer Groups

    (Optional) Allow BGP sessions, even when the neighbor is not ebgp-multihop on a directly connected segment. The multihop session is not established if the only route to the multihop-peer address is the default route (0.0.0.0). Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-61 OL-12247-04...
  • Page 988 To disable an existing BGP neighbor or neighbor peer group, use the neighbor shutdown router configuration command. To enable a previously existing neighbor or neighbor peer group that had been disabled, use the no neighbor shutdown router configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-62 OL-12247-04...

  • Page 989: Configuring Aggregate Addresses

    IBGP peers. Specifically, the next hop, MED, and local-preference information is preserved. You can then use a single IGP for all of the autonomous systems. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-63 OL-12247-04...

  • Page 990: Configuring Bgp Route Reflectors

    ID so that a route reflector recognizes updates from route reflectors in the same cluster. All the route reflectors serving a cluster should be fully meshed and should have identical sets of client and nonclient peers. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-64 OL-12247-04...

  • Page 991: Configuring Route Dampening

    Step 7 show ip bgp dampened-paths (Optional) Display the dampened routes, including the time remaining before they are suppressed. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-65 OL-12247-04...

  • Page 992: Monitoring And Maintaining Bgp

    Table 38-8 lists the privileged EXEC commands for clearing and displaying BGP. For explanations of the display fields, see the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2. Table 38-11 IP BGP Clear and Show Commands...

  • Page 993: Configuring Iso Clns Routing

    DECnet, ISO CLNS and XNS Configuration Guide, Release 12.2. For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Apollo Domain, Banyan VINES, DECnet, ISO CLNS and XNS Command Reference, Release 12.2, use the IOS command reference master index, or search online.

  • Page 994: Configuring Is-Is Dynamic Routing

    For IS-IS multiarea routing, you can configure only one process to perform Level 2 routing, although you can define up to 29 Level 1 areas for each Cisco unit. If Level 2 routing is configured on any process, all additional processes are automatically configured as Level 1. You can configure this process to perform Level 1 routing at the same time.

  • Page 995: Default Is-Is Configuration

    Disabled. 1. NSF = Nonstop Forwarding 2. IS-IS NSF awareness is enabled for IPv4 on switches running Cisco IOS Release 12.2(25)SEG or later. Nonstop Forwarding Awareness The integrated IS-IS NSF Awareness feature is supported for IPv4, beginning with Cisco IOS Release 12.2(25)SEG.

  • Page 996: Enabling Is-Is Routing

    Return to privileged EXEC mode. Step 12 show isis [area tag] database detail Verify your entries. Step 13 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-70 OL-12247-04...

  • Page 997: Configuring Is-Is Global Parameters

    (route-summarization). Routes learned from other routing protocols can also be summarized. The metric used to advertise the summary is the smallest metric of all the specific routes. You can set an overload bit. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-71 OL-12247-04...
  • Page 998 BGP has converged. If BGP does not signal IS-IS that it is converged, IS-IS will turn off the overload bit after 10 minutes. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-72 OL-12247-04...
  • Page 999 Level 1 area prefix into the Level 2 backbone when full connectivity is lost among the border router, all adjacent level 1 routers, and end hosts. Step 18 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-73 OL-12247-04...

  • Page 1000: Configuring Is-Is Interface Parameters

    • The interface circuit type, which is the type of adjacency desired for neighbors on the specified interface Password authentication for the interface • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-74 OL-12247-04...

This manual is also suitable for:

3130

Table of Contents