Page 1 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide Cisco IOS Release 12.2(40)EX November 2007 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-12247-01...
Page 2 OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.;...
Page 3: Table Of Contents
C H A P T E R Understanding Command Modes Understanding the Help System Understanding Abbreviated Commands Understanding no and default Forms of Commands Understanding CLI Error Messages Using Configuration Logging Using Command History Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 4 3-13 Booting a Specific Software Image 3-14 Controlling Environment Variables 3-15 Scheduling a Reload of the Software Image 3-17 Configuring a Scheduled Reload 3-17 Displaying Scheduled Reload Information 3-18 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 5 5-11 Hardware Compatibility and SDM Mismatch Mode in Switch Stacks 5-11 Switch Stack Software Compatibility Recommendations 5-11 Stack Protocol Version Compatibility 5-12 Major Version Number Incompatibility Among Switches 5-12 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 6 Configuring Time and Date Manually 6-11 Setting the System Clock 6-11 Displaying the Time and Date Configuration 6-12 Configuring the Time Zone 6-12 Configuring Summer Time (Daylight Saving Time) 6-13 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 7 Configuring Username and Password Pairs Configuring Multiple Privilege Levels Setting the Privilege Level for a Command Changing the Default Privilege Level for Lines Logging into and Exiting a Privilege Level Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 8 Configuring the Switch for Local Authentication and Authorization 7-36 Configuring the Switch for Secure Shell 7-37 Understanding SSH 7-38 SSH Servers, Integrated Clients, and Supported Versions 7-38 Limitations 7-39 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide viii OL-12247-01...
Page 9 Authentication Initiation and Message Exchange Ports in Authorized and Unauthorized States IEEE 802.1x Authentication and Switch Stacks IEEE 802.1x Host Mode IEEE 802.1x Accounting IEEE 802.1x Accounting Attribute-Value Pairs Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 10 Configuring Web Authentication 9-42 Disabling IEEE 802.1x Authentication on the Port 9-44 Resetting the IEEE 802.1x Authentication Configuration to the Default Values 9-45 Displaying IEEE 802.1x Statistics and Status 9-45 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 11 Configuring the System MTU 10-23 Monitoring and Maintaining the Interfaces 10-25 Monitoring Interface Status 10-25 Clearing and Resetting Interfaces and Counters 10-26 Shutting Down and Restarting the Interface 10-26 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 12 Creating an Extended-Range VLAN with an Internal VLAN ID 12-15 Displaying VLANs 12-16 Configuring VLAN Trunks 12-16 Trunking Overview 12-16 Encapsulation Types 12-19 IEEE 802.1Q Configuration Considerations 12-19 Default Layer 2 Ethernet Interface VLAN Configuration 12-20 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 13 VTP and Switch Stacks 13-6 Configuring VTP 13-6 Default VTP Configuration 13-7 VTP Configuration Options 13-7 VTP Configuration in Global Configuration Mode 13-7 VTP Configuration in VLAN Database Configuration Mode 13-8 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide xiii OL-12247-01...
Page 14 Private VLANs and Unicast, Broadcast, and Multicast Traffic 15-5 Private VLANs and SVIs 15-5 Private VLANs and Switch Stacks 15-5 Configuring Private VLANs 15-6 Tasks for Configuring Private VLANs 15-6 Default Private-VLAN Configuration 15-6 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 15 STP Overview 17-2 Spanning-Tree Topology and BPDUs 17-3 Bridge ID, Switch Priority, and Extended System ID 17-4 Spanning-Tree Interface States 17-5 Blocking State 17-6 Listening State 17-7 Learning State 17-7 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 16 Multiple Spanning-Tree Regions 18-2 IST, CIST, and CST 18-3 Operations Within an MST Region 18-3 Operations Between MST Regions 18-4 IEEE 802.1s Terminology 18-5 Hop Count 18-5 Boundary Ports 18-6 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 17 C H A P T E R Understanding Optional Spanning-Tree Features 19-1 Understanding Port Fast 19-2 Understanding BPDU Guard 19-2 Understanding BPDU Filtering 19-3 Understanding UplinkFast 19-3 Understanding Cross-Stack UplinkFast 19-5 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide xvii OL-12247-01...
Page 18 Configuring DHCP Features and IP Source Guard 21-1 C H A P T E R Understanding DHCP Features 21-1 DHCP Server 21-2 DHCP Relay Agent 21-2 DHCP Snooping 21-2 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide xviii OL-12247-01...
Page 19 Configuring Dynamic ARP Inspection in DHCP Environments 22-7 Configuring ARP ACLs for Non-DHCP Environments 22-8 Limiting the Rate of Incoming ARP Packets 22-11 Performing Validation Checks 22-12 Configuring the Log Buffer 22-13 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 20 Configuring MVR Interfaces 23-22 Displaying MVR Information 23-23 Configuring IGMP Filtering and Throttling 23-24 Default IGMP Filtering and Throttling Configuration 23-25 Configuring IGMP Profiles 23-25 Applying IGMP Profiles 23-26 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 21 Default Protected Port Configuration 25-5 Protected Port Configuration Guidelines 25-6 Configuring a Protected Port 25-6 Configuring Port Blocking 25-6 Default Port Blocking Configuration 25-7 Blocking Flooded Traffic on an Interface 25-7 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 22 Monitoring and Maintaining LLDP and LLDP-MED 27-7 Configuring UDLD 28-1 C H A P T E R Understanding UDLD 28-1 Modes of Operation 28-1 Methods to Detect Unidirectional Links 28-2 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide xxii OL-12247-01...
Page 23 29-19 Specifying VLANs to Filter 29-20 Creating an RSPAN Destination Session 29-21 Creating an RSPAN Destination Session and Configuring Incoming Traffic 29-22 Displaying SPAN and RSPAN Status 29-24 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide xxiii OL-12247-01...
Page 24 SNMP Manager Functions 32-3 SNMP Agent Functions 32-4 SNMP Community Strings 32-4 Using SNMP to Access MIB Variables 32-4 SNMP Notifications 32-5 SNMP ifIndex MIB Object Values 32-5 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide xxiv OL-12247-01...
Page 25 34-8 ACL Logging 34-9 Creating a Numbered Standard ACL 34-10 Creating a Numbered Extended ACL 34-11 Resequencing ACEs in an ACL 34-15 Creating Named Standard and Extended ACLs 34-15 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 26 Supported ACL Features 35-3 IPv6 ACL Limitations 35-3 IPv6 ACLs and Switch Stacks 35-3 Configuring IPv6 ACLs 35-4 Default IPv6 ACL Configuration 35-4 Interaction with Other Features and Switches 35-4 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide xxvi OL-12247-01...
Page 27 36-32 QoS ACL Guidelines 36-32 Applying QoS on Interfaces 36-32 Policing Guidelines 36-33 General QoS Guidelines 36-33 Enabling QoS Globally 36-34 Enabling VLAN-Based QoS on Physical Ports 36-34 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide xxvii OL-12247-01...
Page 28 36-77 Displaying Standard QoS Information 36-78 Configuring EtherChannels and Link-State Tracking 37-1 C H A P T E R Understanding EtherChannels 37-1 EtherChannel Overview 37-2 Port-Channel Interfaces 37-4 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide xxviii OL-12247-01...
Page 29 Steps for Configuring Routing 38-5 Configuring IP Addressing 38-5 Default Addressing Configuration 38-6 Assigning IP Addresses to Network Interfaces 38-7 Use of Subnet Zero 38-7 Classless Routing 38-8 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide xxix OL-12247-01...
Page 30 Default EIGRP Configuration 38-38 EIGRP Nonstop Forwarding 38-39 Configuring Basic EIGRP Parameters 38-40 Configuring EIGRP Interfaces 38-41 Configuring EIGRP Route Authentication 38-42 EIGRP Stub Routing 38-43 Monitoring and Maintaining EIGRP 38-44 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 31 Displaying Multi-VRF CE Status 38-80 Configuring Unicast Reverse Path Forwarding 38-80 Configuring Protocol-Independent Features 38-81 Configuring Distributed Cisco Express Forwarding 38-81 Configuring the Number of Equal-Cost Routing Paths 38-82 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide xxxi OL-12247-01...
Page 32 Configuring IPv6 ICMP Rate Limiting 39-17 Configuring CEF and dCEF for IPv6 39-17 Configuring Static Routing for IPv6 39-18 Configuring RIP for IPv6 39-20 Configuring OSPF for IPv6 39-22 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide xxxii OL-12247-01...
Page 33 C H A P T E R Understanding Enhanced Object Tracking 42-1 Configuring Enhanced Object Tracking Features 42-2 Default Configuration 42-2 Tracking Interface Line-Protocol or IP Routing State 42-2 Configuring a Tracked List 42-3 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide xxxiii OL-12247-01...
Page 34 44-5 IGMP Helper 44-6 Auto-RP 44-6 Bootstrap Router 44-7 Multicast Forwarding and Reverse Path Check 44-7 Understanding DVMRP 44-9 Understanding CGMP 44-9 Multicast Routing and Switch Stacks 44-9 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide xxxiv OL-12247-01...
Page 35 Limiting How Long an sdr Cache Entry Exists 44-38 Configuring an IP Multicast Boundary 44-39 Configuring Basic DVMRP Interoperability Features 44-40 Configuring DVMRP Interoperability 44-41 Configuring a DVMRP Tunnel 44-43 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide xxxv OL-12247-01...
Page 36 Shutting Down an MSDP Peer 45-16 Including a Bordering PIM Dense-Mode Region in MSDP 45-17 Configuring an Originating Address other than the RP Address 45-18 Monitoring and Maintaining MSDP 45-19 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide xxxvi OL-12247-01...
Page 37 Using Layer 2 Traceroute 47-12 Understanding Layer 2 Traceroute 47-12 Usage Guidelines 47-12 Displaying the Physical Path 47-13 Using IP Traceroute 47-13 Understanding IP Traceroute 47-14 Executing IP Traceroute 47-14 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide xxxvii OL-12247-01...
Page 38 A P P E N D I X MIB List Using FTP to Access the MIB Files Working with the Cisco IOS File System, Configuration Files, and Software Images A P P E N D I X Working with the Flash File System...
Page 39 Preparing to Download or Upload an Image File By Using FTP B-30 Downloading an Image File By Using FTP B-31 Uploading an Image File By Using FTP B-33 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide xxxix OL-12247-01...
Page 40 Unsupported Global Configuration Commands Unsupported Interface Configuration Commands IGMP Snooping Commands Unsupported Global Configuration Commands Interface Commands Unsupported Privileged EXEC Commands Unsupported Global Configuration Commands Unsupported Interface Configuration Commands Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 41 Unsupported Global Configuration Commands C-12 Spanning Tree C-13 Unsupported Global Configuration Command C-13 Unsupported Interface Configuration Command C-13 VLAN C-13 Unsupported Global Configuration Command C-13 Unsupported User EXEC Commands C-13 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 42 Contents C-13 Unsupported Privileged EXEC Command C-13 N D E X Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide xlii OL-12247-01...
Page 43 Preface Audience This guide is for the networking professional managing the standalone Cisco Catalyst Blade Switch 3120 for HP or blade switch stack, referred to as the switch. Before using this guide, you should have experience working with the Cisco IOS software and be familiar with the concepts and terminology of Ethernet and local area networking.
Page 44: Related Publications
Obtaining Documentation and Submitting a Service Request section. • Release Notes for the Cisco Catalyst Blade Switch 3120 for HP (not orderable but available on Cisco.com) • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide (not orderable but available on Cisco.com)
Page 45: Obtaining Documentation And Submitting A Service Request
Preface Related Publications • Cisco Catalyst Blade Switch 3120 for HP System Message Guide (not orderable but available on Cisco.com) • Cisco Software Activation Document for HP • Device manager online help (available on the switch) • Cisco Catalyst Blade Switch 3120 for HP Hardware Installation Guide (not orderable but available on Cisco.com)
Page 46 Preface Related Publications Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide xlvi OL-12247-01...
Page 47: Features
IP services feature sets. The noncryptographic universal software image supports only the IP base and IP services feature sets. You must have a Cisco IOS software license for a specific feature set to enable it. For more information about the software license, see the Cisco Software Activation for HP document on Cisco.com.
Page 48: Chapter 1 Overview
Telnet passwords, and Simple Network Management Protocol (SNMP) information through a browser-based program. For more information about Express Setup, see the getting started guide. User-defined and Cisco-default Smartports macros for creating custom switch configurations for • simplified deployment across the network.
Page 49: Performance Features
Using a single IP address and configuration file to manage the entire switch stack. – Automatic Cisco IOS version-check of new stack members with the option to automatically load – images from the stack master or from a TFTP server.
Page 50 Port blocking on forwarding unknown Layer 2 unknown unicast, multicast, and bridged broadcast • traffic Cisco Group Management Protocol (CGMP) server support and Internet Group Management • Protocol (IGMP) snooping for IGMP Versions 1, 2, and 3: (For CGMP devices) CGMP for limiting multicast traffic to specified end stations and reducing –...
Page 51: Management Options
Network Assistant—Network Assistant is a network management application that can be • downloaded from Cisco.com. You use it to manage a single switch, a cluster of switches, or a community of devices. For more information about Network Assistant, see Getting Started with Cisco Network Assistant, available on Cisco.com.
Page 52: Availability And Redundancy Features
Network Time Protocol (NTP) for providing a consistent time stamp to all switches from an external source • Cisco IOS File System (IFS) for providing a single interface to all file systems that the switch uses • Configuration logging to log and to view changes to the switch configuration •...
Page 53: Vlan Features
Link-state tracking to mirror the state of the ports that carry upstream traffic from connected hosts • and servers and to allow the failover of the server traffic to an operational link on another Cisco Ethernet switch VLAN Features These are the VLAN features: •...
Page 54: Security Features
VLAN Trunking Protocol (VTP) and VTP pruning for reducing network traffic by restricting • flooded traffic to links destined for stations receiving the traffic Voice VLAN for creating subnets for voice traffic from Cisco IP Phones • Dynamic voice virtual LAN (VLAN) for multidomain authentication (MDA) to allow a dynamic •...
Page 55 Port security for controlling access to IEEE 802.1x ports – Voice VLAN to permit a Cisco IP Phone to access the voice VLAN regardless of the authorized or unauthorized state of the port IP phone detection enhancement to detect and recognize a Cisco IP phone –...
Page 56: Qos And Cos Features
Trusted port states (CoS, DSCP, and IP precedence) within a QoS domain and with a port – bordering another QoS domain Trusted boundary for detecting the presence of a Cisco IP Phone, trusting the CoS value – received, and ensuring port security Policing •...
Page 57: Layer 3 Features
Support for these IP services, making them VRF aware so that they can operate on multiple routing instances: HSRP, uRPF, ARP, SNMP, IP SLA, TFTP, FTP, syslog, traceroute, and ping Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 1-11...
Page 58: Monitoring Features
Syslog facility for logging system messages about authentication or authorization errors, resource • issues, and time-out events Layer 2 traceroute to identify the physical path that a packet takes from a source device to a • destination device Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 1-12 OL-12247-01...
Page 59: Default Settings After Initial Switch Configuration
System name and prompt is Switch. For more information, see Chapter 6, “Administering the Switch.” • NTP is enabled. For more information, see Chapter 6, “Administering the Switch.” Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 1-13 OL-12247-01...
Page 60 Chapter 21, “Configuring DHCP Features and IP Source Guard.” IP source guard is disabled. For more information, see Chapter 21, “Configuring DHCP Features • and IP Source Guard.” Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 1-14 OL-12247-01...
Page 61 “Configuring IP Multicast Routing.” MSDP is disabled. For more information, see Chapter 45, “Configuring MSDP.” • Fallback bridging is not configured. For more information, see Chapter 46, “Configuring Fallback • Bridging.” Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 1-15 OL-12247-01...
Page 62: Network Configuration Examples
(such as • Use the EtherChannel feature between the switch and its connected servers and e-mail with large attached files) routers. and from bandwidth-intensive applications (such as multimedia) Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 1-16 OL-12247-01...
Page 63 Gigabit multilayer switch in the backbone, such as a Catalyst 4500 Gigabit switch or Catalyst 6500 Gigabit switch. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 1-17...
Page 64 The various lengths of stack cable available, ranging from 0.5 meter to 3 meters, provide extended connections to the switch stacks across multiple server racks, for multiple stack aggregation. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 1-18...
Page 65: Small To Medium-Sized Network
Cisco CallManager controls call processing and routing. Users with workstations running Cisco SoftPhone software can place, receive, and control calls from their PCs. Using Cisco CallManager software and Cisco SoftPhone software integrates telephony and IP networks, and the IP network supports both voice and data.
Page 66: Where To Go Next
Before configuring the switch, review these sections for startup information: • Chapter 2, “Using the Command-Line Interface” • Chapter 3, “Assigning the Switch IP Address and Default Gateway” Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 1-20 OL-12247-01...
Page 67: Understanding Command Modes
C H A P T E R Using the Command-Line Interface This chapter describes the Cisco IOS command-line interface (CLI) and how to use it to configure your standalone switch or a switch stack, referred to as the switch. It contains these sections: •...
Page 68: C H A P T E R 2 Using The Command-Line Interface
To exit to privileged Use this mode to configure Switch(vlan)# EXEC mode, enter EXEC mode, enter VLAN parameters for VLANs the vlan database exit. 1 to 1005 in the VLAN command. database. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 69: Understanding The Help System
Obtain a list of commands that begin with a particular character string. For example: Switch# di? dir disable disconnect abbreviated-command-entry<Tab> Complete a partial command name. For example: Switch# sh conf<tab> Switch# show configuration Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 70: Understanding Abbreviated Commands
However, some commands are enabled by default and have variables set to certain default values. In these cases, the default command enables the command and sets variables to their default values. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 71: Understanding Cli Error Messages
You can choose to have the notifications sent to the syslog. For more information, see the “Configuration Change Notification and Logging” section of the Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.4 at this URL: http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080454f...
Page 72: Using Command History
The number of commands that appear is controlled by the setting of the terminal history global configuration command and the history line configuration command. 1. The arrow keys function only on ANSI-compatible terminals such as VT100s. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 73: Disabling The Command History Feature
To re-enable the enhanced editing mode for the current terminal session, enter this command in privileged EXEC mode: Switch# terminal editing To reconfigure a specific line to have enhanced editing mode, enter this command in line configuration mode: Switch(config-line)# editing Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 74: Editing Commands Through Keystrokes
Press Esc U. Capitalize letters from the cursor to the end of the word. Designate a particular keystroke as Press Ctrl-V or Esc Q. an executable command, perhaps as a shortcut. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 75: Editing Command Lines That Wrap
The software assumes you have a terminal screen that is 80 columns wide. If you have a width other than that, use the terminal width privileged EXEC command to set the width of your terminal. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 76: Searching And Filtering Output Of Show And More Commands
Switch-2# the system prompt for the stack master is . Only the show and debug commands are available in Switch a CLI session to a specific stack member. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 2-10 OL-12247-01...
Page 77: Accessing The Cli Through A Console Connection Or Through Telnet
After you connect through the console port, through the Ethernet management port, through a Telnet session or through an SSH session, the user EXEC prompt appears on the management station. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 2-11...
Page 78 Chapter 2 Using the Command-Line Interface Accessing the CLI Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 2-12 OL-12247-01...
Page 79: Understanding The Boot Process
For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release and the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2. This chapter consists of these sections: •...
Page 80: C H A P T E R 3 Assigning The Switch Ip Address And Default Gateway
You can still manage the stack through the same IP address even if you remove the stack master or any other stack member from the stack, provided there is IP connectivity. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 81: Default Switch Information
The switch can act as both a DHCP client and a DHCP server. During DHCP-based autoconfiguration, your switch (DHCP client) is automatically configured at startup with IP address information and a configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 82: Dhcp Client Request Process
If the configuration parameters sent to the client in the DHCPOFFER unicast message are invalid (a configuration error exists), the client returns a DHCPDECLINE broadcast message to the DHCP server. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 83: Configuring Dhcp-Based Autoconfiguration
Example Configuration, page 3-8 • If your DHCP server is a Cisco device, see the “Configuring DHCP” section of the “IP Addressing and Services” section of the Cisco IOS IP Configuration Guide, Release 12.2 for additional information about configuring DHCP.
Page 84: Configuring The Tftp Server
The DNS server can be on the same or on a different LAN as the switch. If it is on a different LAN, the switch must be able to access it through a router. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 85: Configuring The Relay Device
If the relay device is a Cisco router, enable IP routing (ip routing global configuration command), and configure helper addresses by using the ip helper-address interface configuration command.
Page 86: Example Configuration
DHCP-Based Autoconfiguration Network Example Switch 1 Switch 2 Switch 3 Switch 4 00e0.9f1e.2001 00e0.9f1e.2002 00e0.9f1e.2003 00e0.9f1e.2004 Cisco router 10.0.0.10 10.0.0.1 10.0.0.2 10.0.0.3 DHCP server DNS server TFTP server (tftpserver) Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 87 It reads its host table by indexing its IP address 10.0.0.21 to its hostname (switcha). • It reads the configuration file that corresponds to its hostname; for example, it reads switch1-confg from the TFTP server. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 88: Manually Assigning Ip Information
IP addresses. The MAC addresses that appear in the show interfaces vlan vlan-id command output are not the same as the MAC address that is printed on the switch label (the base MAC address). Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 3-10...
Page 89: Checking And Saving The Running Configuration
To store the configuration or changes you have made to your startup configuration in flash memory, enter this privileged EXEC command: Switch# copy running-config startup-config Destination filename [startup-config]? Building configuration... Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 3-11 OL-12247-01...
Page 90: Modifying The Startup Configuration
The Cisco IOS image is stored in a directory that has the same name as the image file (excluding the .bin extension).
Page 91: Specifying The Filename To Read And Write The System Configuration
Specifying the Filename to Read and Write the System Configuration By default, the Cisco IOS software uses the file config.text to read and write a nonvolatile copy of the system configuration. However, you can specify a different filename, which will be loaded during the next boot cycle.
Page 92: Booting A Specific Software Image
• Use number to specify a stack member. Use all to specify all stack members. • Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 3-14 OL-12247-01...
Page 93: Controlling Environment Variables
Cisco IOS configuration file can be stored as an environment variable. You can change the settings of the environment variables by accessing the boot loader or by using Cisco IOS commands. Under normal circumstances, it is not necessary to alter the setting of the environment variables.
Page 94 Note member. member. SWITCH_PRIORITY set SWITCH_PRIORITY switch stack-member-number priority stack-member-number priority-number Changes the priority value of a stack member. Changes the priority value of a stack Note member. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 3-16 OL-12247-01...
Page 95: Scheduling A Reload Of The Software Image
(if the specified time is later than the current time) or on the next day (if the specified time is earlier than the current time). Specifying 00:00 schedules the reload for midnight. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 3-17...
Page 96: Displaying Scheduled Reload Information
It displays reload information including the time the reload is scheduled to occur and the reason for the reload (if it was specified when the reload was scheduled). Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 3-18 OL-12247-01...
Page 97: Understanding Cisco Configuration Engine Software
For complete configuration information for the Cisco Configuration Engine, see this URL on Cisco.com http://www.cisco.com/en/US/products/sw/netmgtsw/ps4617/tsd_products_support_series_home.html For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Network Management Command Reference, Release 12.4 at this URL on Cisco.com: http://www.cisco.com/en/US/products/ps6350/products_command_reference_book09186a008042df72.
Page 98: Chapter 4 Configuring Cisco Io Cn Agent
(LDAP) URLs that reference the device-specific configuration information stored in a directory. The Cisco IOS agent can perform a syntax check on received configuration files and publish events to show the success or failure of the syntax check. The configuration agent can either apply configurations immediately or delay the application until receipt of a synchronization event from the configuration server.
Page 99: Event Service
ID, and event. Cisco IOS devices recognize only event subject-names that match those configured in Cisco IOS software; for example, cisco.cns.config.load. You can use the namespace mapping service to designate events by using any desired naming convention.
Page 100: Deviceid
Therefore, the DeviceID, as originated on the switch, must match the DeviceID of the corresponding switch definition in the Configuration Engine. The origin of the DeviceID is defined by the Cisco IOS hostname of the switch. However, the DeviceID variable and its usage reside within the event gateway adjacent to the switch.
Page 101: Understanding Cisco Ios Agents
Understanding Cisco IOS Agents The CNS event agent feature allows the switch to publish and subscribe to events on the event bus and works with the Cisco IOS agent. The Cisco IOS agent feature supports the switch by providing these features: •...
Page 102: Incremental (Partial) Configuration
NVRAM for use at the next reboot. Configuring Cisco IOS Agents The Cisco IOS agents embedded in the switch Cisco IOS software allow the switch to be connected and automatically configured as described in the “Enabling Automated CNS Configuration” section on page 4-6.
Page 103 For more information about running the setup program and creating templates on the Configuration Note Engine, see the Cisco Configuration Engine Installation and Setup Guide, 1.5 for Linux at this URL: http://www.cisco.com/en/US/products/sw/netmgtsw/ps4617/products_installation_and_configuration_ guide_book09186a00803b59db.html...
Page 104: Enabling The Cns Event Agent
This example shows how to enable the CNS event agent, set the IP address gateway to 10.180.1.27, set 120 seconds as the keepalive interval, and set 10 as the retry count. Switch(config)# cns event 10.180.1.27 keepalive 120 10 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 105: Enabling The Cisco Ios Cns Agent
Configuring Cisco IOS CNS Agents Configuring Cisco IOS Agents Enabling the Cisco IOS CNS Agent After enabling the CNS event agent, start the Cisco IOS CNS agent on the switch. You can enable the Cisco IOS agent with these commands: •...
Page 106 Step 11 hostname name Enter the hostname for the switch. Step 12 ip route network-number (Optional) Establish a static route to the Configuration Engine whose IP address is network-number. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 4-10 OL-12247-01...
Page 107 ID, enter an arbitrary text string for string string as the unique ID, or enter udi to set the unique device identifier (UDI) as the unique ID. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 4-11 OL-12247-01...
Page 108 Verify your entries. To disable the CNS Cisco IOS agent, use the no cns config initial {ip-address | hostname} global configuration command. This example shows how to configure an initial configuration on a remote switch when the switch configuration is unknown (the CNS Zero Touch feature).
Page 109: Enabling A Partial Configuration
RemoteSwitch(config)# cns id ethernet 0 ipaddress RemoteSwitch(config)# cns config initial 172.28.129.22 no-persist Enabling a Partial Configuration Beginning in privileged EXEC mode, follow these steps to enable the Cisco IOS agent and to initiate a partial configuration on the switch: Command...
Page 110: Displaying Cns Configuration
Displays statistics about the CNS event agent. show cns event subject Displays a list of event agent subjects that are subscribed to by applications. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 4-14 OL-12247-01...
Page 111: Understanding Switch Stacks
For other switch stack-related information, such as cabling the switches through their StackWise Plus ports and using the LEDs to display switch stack status, see the hardware installation guide. The Cisco Catalyst Blade Switch 3120 for HP does not support switch stacks with different types of Caution blade switches as members.
Page 112: Chapter 5 Managing Switch Stack
– – Incompatible Software and Stack Member Image Upgrades, page 5-16 – Switch Stack Configuration Files, page 5-16 – Additional Considerations for System-Wide Configuration on Switch Stacks, page 5-17 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 113: Switch Stack Membership
Reconnect them to the original switch stack through their StackWise Plus ports. Power on the switches. For more information about cabling and powering switch stacks, see the “Switch Installation” chapter in the hardware installation guide. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 114 Blade switch Blade switch Enclosure 1 Blade switch Stack member 1 Blade switch Blade switch Enclosure 2 Blade switch Blade switch Blade switch Stack member 2 and stack master Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 115 Enclosure Stack member 1 Blade switch Blade switch Blade switch Stack member 1 Enclosure Stack member 1 Blade switch Blade switch Blade switch Stack member 2 and stack master Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 116: Stack Master Election And Re-Election
We recommend assigning the highest priority value to the switch that you prefer to be the stack master. This ensures that the switch is re-elected as stack master if a re-election occurs. The switch that is not using the default interface-level configuration. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 117 As described in the hardware installation guide, you can use the Master LED on the switch to see if the switch is the stack master. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 118: Switch Stack Bridge Id And Router Mac Address
“Switch Stack Membership” section on page 5-3. As described in the hardware installation guide, you can use the LEDs in Stack mode to visually determine the stack member number of each stack member. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 119: Stack Member Priority Values
When you add a provisioned switch to the switch stack, the stack applies either the provisioned configuration or the default configuration. Table 5-1 lists the events that occur when the switch stack compares the provisioned configuration with the provisioned switch. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 120 The stack member number of The switch stack applies the default the provisioned switch is not configuration to the provisioned switch found in the provisioned and adds it to the stack. configuration. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 5-10 OL-12247-01...
Page 121: Effects Of Replacing A Provisioned Switch In A Switch Stack
To ensure complete compatibility between stack members, use the information in this section and also in the “Hardware Compatibility and SDM Mismatch Mode in Switch Stacks” section on page 5-11. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 5-11 OL-12247-01...
Page 122: Stack Protocol Version Compatibility
Managing Switch Stacks Understanding Switch Stacks All stack members must run the same Cisco IOS software image and feature set to ensure compatibility between stack members. For example, all stack members should run the cryptographic universal software image and have the IP services feature set enabled for Cisco IOS Release 12.2(40)EX or later.
Page 123: Understanding Auto-Upgrade And Auto-Advise
IP base image and you add a switch that is running the IP services image, the auto-advise software does not provide a recommendation. The same events occur when cryptographic and noncryptographic images are running. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 5-13 OL-12247-01...
Page 124: Auto-Upgrade And Auto-Advise Example Messages
*Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: Old image will be deleted after download. *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:Extracting images from archive into flash on switch 1... *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: cbs31x0-universal-mz.122-0.0.313.EX (directory) Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 5-14 OL-12247-01...
Page 125 /force-reload /overwrite /dest 1 flash1:cbs31x0-universal-mz.122-40.EX.tar *Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ADVISE_SW: For information about using the archive download-sw privileged EXEC command, see the “Working with Software Images” section on page B-23. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 5-15 OL-12247-01...
Page 126: Incompatible Software And Stack Member Image Upgrades
Note We recommend that all stack members run Cisco IOS Release 12.2(40)EX or later. The interface-specific settings of the stack master are saved if the stack master is replaced without saving the running configuration to the startup configuration.
Page 127: Additional Considerations For System-Wide Configuration On Switch Stacks
Additional Considerations for System-Wide Configuration on Switch Stacks These sections provide additional considerations for configuring system-wide features on switch stacks: • “Planning and Creating Clusters” chapter in the Getting Started with Cisco Network Assistant, available on Cisco.com • “MAC Addresses and Switch Stacks” section on page 6-21 •...
Page 128: Switch Stack Configuration Files
EXEC mode for stack member 2, and the Switch-2# system prompt for the stack master is . Only the show and debug commands are available in a Switch CLI session to a specific stack member. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 5-18 OL-12247-01...
Page 129: Switch Stack Configuration Scenarios
IP services feature set that the other stack member has the noncryptographic image installed and the IP services feature set enabled. Restart both stack members at the same time. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 5-19 OL-12247-01...
Page 130 For information about using the Mode button and the LEDs, see the hardware installation guide. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 5-20 OL-12247-01...
Page 131: Configuring The Switch Stack
MAC address to that of the current stack master. If you do not enter the no stack-mac persistent timer command, the stack MAC address never changes. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 5-21 OL-12247-01...
Page 132 WARNING: as the stack MAC after a master switchover until the MAC WARNING: persistency timer expires. During this time the Network WARNING: Administrators must make sure that the old stack-mac does Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 5-22 OL-12247-01...
Page 133: Assigning Stack Member Information
Step 6 copy running-config startup-config Save your entries in the configuration file. Setting the Stack Member Priority Value This task is available only from the stack master. Note Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 5-23 OL-12247-01...
Page 134: Provisioning A New Member For A Switch Stack
Verify the status of the provisioned switch. For stack-member-number, enter the same number as in Step 1. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 5-24 OL-12247-01...
Page 135: Accessing The Cli Of A Specific Stack Member
Displaying Switch Stack Information To display configuration changes that you save after you reset a specific stack member or the switch stack, use the privileged EXEC commands listed in Table 5-4. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 5-25 OL-12247-01...
Page 136 Use the detail keyword to display the ASIC, the receive queues, and the number of frames per stack member that are sent to the stack ring. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 5-26 OL-12247-01...
Page 137: Managing The System Time And Date
You can manage the system time and date on your switch using automatic configuration, such as the Network Time Protocol (NTP), or manual configuration methods. Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2. These sections contain this configuration information: •...
Page 138: Chapter 6 Administering The Switch
Cisco’s implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that the time service for your network be derived from the public NTP servers available on the IP Internet.
Page 139: Configuring Ntp
Blade servers If the network is isolated from the Internet, Cisco’s implementation of NTP allows a device to act as if it is synchronized through NTP, when in fact it has learned the time by using other means. Other devices then synchronize to that device through NTP.
Page 140: Default Ntp Configuration
NTP that provide for accurate timekeeping) with other devices for security purposes: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ntp authenticate Enable the NTP authentication feature, which is disabled by default. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 141: Configuring Ntp Associations
(meaning that only this switch synchronizes to the other device, and not the other way around). Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 142: Configuring Ntp Broadcast Service
However, in a LAN environment, NTP can be configured to use IP broadcast messages instead. This alternative reduces configuration complexity because each device can simply be configured to send or receive broadcast messages. However, the information flow is one-way only. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 143 Step 3 ntp broadcast client Enable the interface to receive NTP broadcast packets. By default, no interfaces receive NTP broadcast packets. Step 4 exit Return to global configuration mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 144: Configuring Ntp Access Restrictions
NTP control queries and allows the • switch to synchronize to the remote device. For access-list-number, enter a standard IP access list number from 1 to 99. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 145 99. However, the switch restricts access to allow only time requests from access list 42: Switch# configure terminal Switch(config)# ntp access-group peer 99 Switch(config)# ntp access-group serve-only 42 Switch(config)# access-list 99 permit 172.20.130.5 Switch(config)# access list 42 permit 172.20.130.6 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 146: Configuring The Source Ip Address For Ntp Packets
“Configuring NTP Associations” section on page 6-5. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 6-10 OL-12247-01...
Page 147: Displaying The Ntp Configuration
• show ntp status • For detailed information about the fields in these displays, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2. Configuring Time and Date Manually If no other source of time is available, you can manually configure the time and date after the system is restarted.
Page 148: Displaying The Time And Date Configuration
Atlantic Canada (AST) is UTC-3.5, where the 3 means 3 hours and .5 means 50 percent. In this case, the necessary command is clock timezone AST -3 30. To set the time to UTC, use the no clock timezone global configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 6-12 OL-12247-01...
Page 149: Configuring Summer Time (Daylight Saving Time)
This example shows how to specify that summer time starts on the first Sunday in April at 02:00 and ends on the last Sunday in October at 02:00: Switch(config)# clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 6-13 OL-12247-01...
Page 150: Configuring A System Name And Prompt
9. When you use this command, the stack member number is appended to the system prompt. For example, is the prompt in privileged EXEC mode for stack member 2, and the system prompt Switch-2# for the switch stack is Switch Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 6-14 OL-12247-01...
Page 151: Default System Name And Prompt Configuration
Administering the Switch Configuring a System Name and Prompt For complete syntax and usage information for the commands used in this section, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 and the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2.
Page 152: Default Dns Configuration
If your network devices require connectivity with devices in networks for which you do not control name assignment, you can dynamically assign device names that uniquely identify your devices by using the global Internet naming scheme (DNS). Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 6-16 OL-12247-01...
Page 153: Displaying The Dns Configuration
If there is a period (.) in the hostname, the Cisco IOS software looks up the IP address without appending any default domain name to the hostname.
Page 154: Configuring A Message-Of-The-Day Login Banner
Trying 172.2.5.4... Connected to 172.2.5.4. Escape character is '^]'. This is a secure site. Only authorized users are allowed. For access, contact technical support. User Access Verification Password: Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 6-18 OL-12247-01...
Page 155: Configuring A Login Banner
(static or dynamic). For complete syntax and usage information for the commands used in this section, see the command Note reference for this release. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 6-19 OL-12247-01...
Page 156: Building The Address Table
Each VLAN maintains its own logical address table. A known address in one VLAN is unknown in another until it is learned or statically associated with a port in the other VLAN. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 6-20...
Page 157: Mac Addresses And Switch Stacks
VLAN as the receiving port. This unnecessary flooding can impact performance. Setting too long an aging time can cause the address table to be filled with unused addresses, which prevents new addresses from being learned. Flooding results, which can impact switch performance. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 6-21 OL-12247-01...
Page 158: Removing Dynamic Address Entries
MAC address activity for each hardware port for which the trap is enabled. MAC address notifications are generated for dynamic and secure MAC addresses; events are not generated for self addresses, multicast addresses, or other static addresses. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 6-22 OL-12247-01...
Page 159 MAC address is added on this interface. • Enable the MAC notification trap whenever a MAC address is removed from this interface. Step 8 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 6-23 OL-12247-01...
Page 160: Adding And Removing Static Address Entries
MAC address in all associated VLANs. Static MAC addresses configured in a private-VLAN primary or secondary VLAN are not replicated in the associated VLAN. For more information about private VLANs, see Chapter 15, “Configuring Private VLANs.” Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 6-24 OL-12247-01...
Page 161: Configuring Unicast Mac Address Filtering
% Only unicast addresses can be configured to be dropped % CPU destined address cannot be configured as drop address Packets that are forwarded to the CPU are also not supported. • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 6-25 OL-12247-01...
Page 162 When a packet is received in VLAN 4 with this MAC address as its source or destination, the packet is dropped: Switch(config)# mac ddress-table static c2f3.220a.12f4 vlan 4 drop Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 6-26 OL-12247-01...
Page 163: Displaying Address Table Entries
(represented by the arpa keyword) is enabled on the IP interface. ARP entries added manually to the table do not age and must be manually removed. For CLI procedures, see the Cisco IOS Release 12.2 documentation on Cisco.com. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide...
Page 164 Chapter 6 Administering the Switch Managing the ARP Table Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 6-28 OL-12247-01...
Page 165: Preventing Unauthorized Access To Your Switch
If you have defined privilege levels, you can also assign a specific privilege level (with associated rights and privileges) to each username and password pair. For more information, see the “Configuring Username and Password Pairs” section on page 7-6. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 166: C H A P T E R 7 Configuring Switch-Based Authentication
Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS Security Command Reference, Release 12.2. These sections contain this configuration information: Default Password and Privilege Level Configuration, page 7-2 •...
Page 167: Setting Or Changing A Static Enable Password
We recommend that you use the enable secret command because it uses an improved encryption algorithm. If you configure the enable secret command, it takes precedence over the enable password command; the two commands cannot be in effect simultaneously. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 168 To remove a password and level, use the no enable password [level level] or no enable secret [level level] global configuration command. To disable password encryption, use the no service password-encryption global configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 169: Disabling Password Recovery
Disable password recovery. This setting is saved in an area of the flash memory that is accessible by the boot loader and the Cisco IOS image, but it is not part of the file system and is not accessible by any user.
Page 170: Setting A Telnet Password For A Terminal Line
If you have defined privilege levels, you can also assign a specific privilege level (with associated rights and privileges) to each username and password pair. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 171: Configuring Multiple Privilege Levels
Configuring Multiple Privilege Levels By default, the Cisco IOS software has two modes of password security: user EXEC and privileged EXEC. You can configure up to 16 hierarchical levels of commands for each mode. By configuring multiple passwords, you can allow different sets of users to have access to specified commands.
Page 172: Setting The Privilege Level For A Command
This example shows how to set the configure command to privilege level 14 and define SecretPswd14 as the password users must enter to use level 14 commands: Switch(config)# privilege exec level 14 configure Switch(config)# enable password level 14 SecretPswd14 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 173: Changing The Default Privilege Level For Lines
Log in to a specified privilege level. For level, the range is 0 to 15. Step 2 disable level Exit to a specified privilege level. For level, the range is 0 to 15. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 174: Controlling Switch Access With Tacacs
(AAA) and can be enabled only through AAA commands. Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS Security Command Reference, Release 12.2. These sections contain this configuration information: •...
Page 175 TACACS+ daemon are encrypted. You need a system running the TACACS+ daemon software to use TACACS+ on your switch. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-11 OL-12247-01...
Page 176: Tacacs+ Operation
These sections contain this configuration information: • Default TACACS+ Configuration, page 7-13 Identifying the TACACS+ Server Host and Setting the Authentication Key, page 7-13 • Configuring TACACS+ Login Authentication, page 7-14 • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-12 OL-12247-01...
Page 177: Default Tacacs+ Configuration
(Optional) Associate a particular TACACS+ server with the defined server group. Repeat this step for each TACACS+ server in the AAA server group. Each server in the group must be previously defined in Step 2. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-13 OL-12247-01...
Page 178: Configuring Tacacs+ Login Authentication
Beginning in privileged EXEC mode, follow these steps to configure login authentication: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-14 OL-12247-01...
Page 179 {default | list-name} method1 [method2...] global configuration command. To either disable TACACS+ authentication for logins or to return to the default value, use the no login authentication {default | list-name} line configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-15 OL-12247-01...
Page 180: Configuring Tacacs+ Authorization For Privileged Exec Access And Network Services
Configuring AAA authentication does not secure the switch for HTTP access by using AAA methods. For more information about the ip http authentication command, see the Cisco IOS Security Command Reference, Release 12.2.
Page 181: Starting Tacacs+ Accounting
RADIUS is facilitated through AAA and can be enabled only through AAA commands. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Security Command Reference, Release 12.2.
Page 182: Understanding Radius
Switch-to-switch or router-to-router situations. RADIUS does not provide two-way authentication. • RADIUS can be used to authenticate from one device to a non-Cisco device if the non-Cisco device requires authentication. Networks using a variety of services. RADIUS generally binds a user to one service model.
Page 183: Radius Operation
REJECT packets includes these items: • Telnet, SSH, rlogin, or privileged EXEC services • Connection parameters, including the host or client IP address, access list, and user timeouts Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-19 OL-12247-01...
Page 184: Configuring Radius
Identifying the RADIUS Server Host Switch-to-RADIUS-server communication involves several components: • Hostname or IP address Authentication destination port • Accounting destination port • Key string • • Timeout period Retransmission value • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-20 OL-12247-01...
Page 185 You can configure the switch to use AAA server groups to group existing server hosts for authentication. For more information, see the “Defining AAA Server Groups” section on page 7-25. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-21 OL-12247-01...
Page 186 Step 3 Return to privileged EXEC mode. Step 4 show running-config Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-22 OL-12247-01...
Page 187: Configuring Radius Login Authentication
Beginning in privileged EXEC mode, follow these steps to configure login authentication. This procedure is required. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-23 OL-12247-01...
Page 188 Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-24 OL-12247-01...
Page 189: Defining Aaa Server Groups
Configuring AAA authentication does not secure the switch for HTTP access by using AAA methods. For more information about the ip http authentication command, see the Cisco IOS Security Command Reference, Release 12.2.
Page 190 Repeat this step for each RADIUS server in the AAA server group. Each server in the group must be previously defined in Step 2. Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-26 OL-12247-01...
Page 191: Configuring Radius Authorization For User Privileged Access And Network Services
Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa authorization network radius Configure the switch for user RADIUS authorization for all network-related service requests. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-27 OL-12247-01...
Page 192: Starting Radius Accounting
(AV) pairs and is stored on the security server. This data can then be analyzed for network management, client billing, or auditing. Beginning in privileged EXEC mode, follow these steps to enable RADIUS accounting for each Cisco IOS privilege level and for network services:...
Page 193: Configuring Settings For All Radius Servers
1, which is named cisco-avpair. The value is a string with this format: protocol : attribute sep value * Protocol is a value of the Cisco protocol attribute for a particular type of authorization. Attribute and value are an appropriate attribute-value (AV) pair defined in the Cisco TACACS+ specification, and sep is = for mandatory attributes and is * for optional attributes.
Page 194: Configuring The Switch For Vendor-Proprietary Radius Server Communication
Although an IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the switch and the RADIUS server, some vendors have extended the RADIUS attribute set in a unique way. Cisco IOS software supports a subset of vendor-proprietary RADIUS attributes.
Page 195: Displaying The Radius Configuration
To use this feature, the cryptographic (that is, supports encryption) versions of the switch software must be installed on your switch. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-31...
Page 196: Understanding Kerberos
Kerberos Operation, page 7-34 • Configuring Kerberos, page 7-35 For Kerberos configuration examples, see the “Kerberos Configuration Examples” section in the “Security Server Protocols” chapter of the Cisco IOS Security Configuration Guide, Release 12.2, at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter0918 6a00800ca7ad.html For complete syntax and usage information for the commands used in this section, see the “Kerberos Note Commands”...
Page 197 A daemon that is running on a network host. Users and network services register their identity with the Kerberos server. Network services query the Kerberos server to authenticate to other network services. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-33 OL-12247-01...
Page 198: Kerberos Operation
The user opens an un-Kerberized Telnet connection to the boundary switch. The switch prompts the user for a username and password. The switch requests a TGT from the KDC for this user. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-34 OL-12247-01...
Page 199: Obtaining A Tgt From A Kdc
KDC and obtain a TGT from the KDC to access network services. For instructions about how to authenticate to a KDC, see the “Obtaining a TGT from a KDC” section in the “Security Server Protocols” chapter of the Cisco IOS Security Configuration Guide, Release 12.2, at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter0918...
Page 200: Configuring The Switch For Local Authentication And Authorization
• Configure the switch to use the Kerberos protocol. For instructions, see the “Kerberos Configuration Task List” section in the “Security Server Protocols” chapter of the Cisco IOS Security Configuration Guide, Release 12.2, at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter0918 6a00800ca7ad.html#1001027 Configuring the Switch for Local Authentication and...
Page 201: Configuring The Switch For Secure Shell
Configuring AAA authentication does not secure the switch for HTTP access by using AAA methods. For more information about the ip http authentication command, see the Cisco IOS Security Command Reference, Release 12.2.
Page 202: Understanding Ssh
You can use an SSH client to connect to a switch running the SSH server. The SSH server works with the SSH client supported in this release and with non-Cisco SSH clients. The SSH client also works with the SSH server supported in this release and with non-Cisco SSH servers.
Page 203: Limitations
When generating the RSA key pair, the message might appear. If it does, • No host name specified you must configure a hostname by using the hostname global configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-39 OL-12247-01...
Page 204: Setting Up The Switch To Run Ssh
To delete the RSA key pair, use the crypto key zeroize rsa global configuration command. After the RSA key pair is deleted, the SSH server is automatically disabled. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-40 OL-12247-01...
Page 205: Configuring The Ssh Server
(Optional) Save your entries in the configuration file. To return to the default SSH control parameters, use the no ip ssh {timeout | authentication-retries} global configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-41 OL-12247-01...
Page 206: Displaying The Ssh Configuration And Status
Displaying Secure HTTP Server and Client Status, page 7-49 • For configuration examples and complete syntax and usage information for the commands used in this section, see the “HTTPS - HTTP Server and Client with SSL 3.0” feature description for Cisco IOS Release 12.2(15)T at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a008015a4c6.
Page 207: Certificate Authority Trustpoints
(pages) back to the HTTP secure server, which, in turn, responds to the original request. The primary role of the HTTP secure client (the web browser) is to respond to Cisco IOS application requests for HTTPS User Agent services, perform HTTPS User Agent services for the application, and pass the response back to the application.
Page 208: Ciphersuites
For additional information on Certificate Authorities, see the “Configuring Certification Authority Interoperability” chapter in the Cisco IOS Security Configuration Guide, Release 12.2. CipherSuites A CipherSuite specifies the encryption algorithm and the digest algorithm to use on a SSL connection.
Page 209: Configuring Secure Http Servers And Clients
(Optional) Generate an RSA key pair. RSA key pairs are required before you can obtain a certificate for the switch. RSA key pairs are generated automatically. You can use this command to regenerate the keys, if needed. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-45 OL-12247-01...
Page 210: Configuring The Secure Http Server
Step 2 configure terminal Enter global configuration mode. Step 3 ip http secure-server Enable the HTTPS server if it has been disabled. The HTTPS server is enabled by default. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-46 OL-12247-01...
Page 211 Use the no ip http secure-client-auth global configuration command to remove the requirement for client authentication. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-47 OL-12247-01...
Page 212: Configuring The Secure Http Client
Use the no ip http client secure-trustpoint name to remove a client trustpoint configuration. Use the no ip http client secure-ciphersuite to remove a previously configured CipherSuite specification for the client. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-48 OL-12247-01...
Page 213: Displaying Secure Http Server And Client Status
A user who has appropriate authorization can use SCP to copy any file in the Cisco IOS File System (IFS) to and from a switch by using the copy command. An authorized administrator can also do this from a workstation.
Page 214 Chapter 7 Configuring Switch-Based Authentication Configuring the Switch for Secure Copy Protocol Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 7-50 OL-12247-01...
Page 215: Understanding The Sdm Templates
The switch supports only the desktop templates that are the same as the Catalyst 3750 and 3560 desktop templates. Table 8-1 lists the approximate numbers of each resource supported in each of the four templates. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 216: Chapter 8 Configuring Sdm Template
Table 8-2 defines the approximate feature resources allocated by each dual IPv4 and IPv6 template. Template estimations are based on a switch with 8 routed interfaces and 1024 VLANs. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 217: Sdm Templates And Switch Stacks
2d23h:%SDM-6-MISMATCH_ADVISE:System (#2) is incompatible with the SDM 2d23h:%SDM-6-MISMATCH_ADVISE:template currently running on the stack and 2d23h:%SDM-6-MISMATCH_ADVISE:will not function unless the stack is 2d23h:%SDM-6-MISMATCH_ADVISE:downgraded. Issuing the following commands 2d23h:%SDM-6-MISMATCH_ADVISE:will downgrade the stack to use a smaller Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 218: Configuring The Switch Sdm Template
Using the dual stack template results in less hardware capacity allowed for each resource, so do not • use it if you plan to forward only IPv4 traffic. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 219: Setting The Sdm Template
+ multicast routes: number of unicast routes: number of directly connected hosts: number of indirect routes: number of qos aces: 0.5K number of security aces: Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 220: Displaying The Sdm Templates
0.5K number of qos aces: 0.5K number of security aces: Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 221 IPv4/MAC qos aces: 0.5K number of IPv4/MAC security aces: 0.5K number of IPv6 policy based routing aces: 0.25K number of IPv6 qos aces: 0.5K number of IPv6 security aces: 0.5K Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 222 Chapter 8 Configuring SDM Templates Displaying the SDM Templates Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 223: Understanding Ieee 802.1X Port-Based Authentication
For complete syntax and usage information for the commands used in this chapter, see the “RADIUS Note Commands” section in the Cisco IOS Security Command Reference, Release 12.2 and the command reference or this release. This chapter consists of these sections: •...
Page 224: C H A P T E R 9 Configuring Ieee 802.1X Port-Based Authentication
LAN and switch services. Because the switch acts as the proxy, the authentication service is transparent to the client. In this release, the RADIUS security system with Extensible Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 225: Authentication Process
Authentication Protocol (EAP) extensions is the only supported authentication server. It is available in Cisco Secure Access Control Server Version 3.0 or later. RADIUS operates in a client/server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients.
Page 226 RADIUS server. After IEEE 802.1x authentication using a RADIUS server is configured, the switch uses timers based on the Session-Timeout RADIUS attribute (Attribute[27]) and the Termination-Action RADIUS attribute (Attribute [29]). Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 227: Authentication Initiation And Message Exchange
The specific exchange of EAP frames depends on the authentication method being used. Figure 9-3 shows a message exchange initiated by the client when the client uses the One-Time-Password (OTP) authentication method with a RADIUS server. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 228 MAC authentication bypass. Figure 9-4 Message Exchange During MAC Authentication Bypass Authentication server Client (RADIUS) Switch EAPOL Request/Identity EAPOL Request/Identity EAPOL Request/Identity Ethernet packet RADIUS Access/Request RADIUS Access/Accept Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 229: Ports In Authorized And Unauthorized States
Note that if the stack master fails, a stack member becomes the new stack master by using the election process described in Chapter 5, “Managing Switch Stacks,” and the IEEE 802.1x authentication process continues as usual. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 230: Ieee 802.1X Host Mode
With the multiple-hosts mode enabled, you can use IEEE 802.1x authentication to authenticate the port and port security to manage network access for all MAC addresses, including that of the client. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 231: Ieee 802.1X Accounting
AV pairs and when they are sent are sent by the switch: Table 9-1 Accounting AV Pairs Attribute Number AV Pair Name START INTERIM STOP Attribute[1] User-Name Always Always Always Attribute[4] NAS-IP-Address Always Always Always Attribute[5] NAS-Port Always Always Always Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide OL-12247-01...
Page 232: Using Ieee 802.1X Authentication With Vlan Assignment
You can view the AV pairs that are being sent by the switch by entering the debug radius accounting privileged EXEC command. For more information about this command, see the Cisco IOS Debug Command Reference, Release 12.2 at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_reference_book09186a008...
Page 233 Enable AAA authorization by using the network keyword to allow interface configuration from the RADIUS server. • Enable IEEE 802.1x authentication. (The VLAN assignment feature is automatically enabled when you configure IEEE 802.1x authentication on an access port). Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-11 OL-12247-01...
Page 234: Using Ieee 802.1X Authentication With Per-User Acls
If the RADIUS server does not allow the .in or .out syntax, the access list is applied to the outbound ACL by default. Because of limited support of Cisco IOS access lists on the switch, the Filter-Id attribute is supported only for IP ACLs numbered 1 to 199 and 1300 to 2699 (IP standard and IP extended ACLs).
Page 235: Using Ieee 802.1X Authentication With Guest Vlan
Note If an EAPOL packet is detected after the interface has changed to the guest VLAN, the interface reverts to an unauthorized state, and IEEE 802.1x authentication restarts. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-13 OL-12247-01...
Page 236: Using Ieee 802.1X Authentication With Restricted Vlan
EAP logoff event. We recommend that you keep re-authentication enabled if a client might connect through a hub. When a client disconnects from the hub, the port might not receive the link down or EAP logoff event. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-14 OL-12247-01...
Page 237: Using Ieee 802.1X Authentication With Inaccessible Authentication Bypass
When a RADIUS server that can authenticate the host is available, all critical ports in the critical-authentication state are automatically re-authenticated. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-15 OL-12247-01...
Page 238: Using Ieee 802.1X Authentication With Voice Vlan Ports
The IP phone uses the VVID for its voice traffic, regardless of the authorization state of the port. This allows the phone to work independently of IEEE 802.1x authentication. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-16...
Page 239: Using Ieee 802.1X Authentication With Port Security
If you enable IEEE 802.1x authentication on an access port on which a voice VLAN is configured and to which a Cisco IP Phone is connected, the Cisco IP phone loses connectivity to the switch for up to 30 seconds.
Page 240: Using Ieee 802.1X Authentication With Wake-On-Lan
After detecting a client on an IEEE 802.1x port, the switch waits for an Ethernet packet from the client. The switch sends the authentication server a RADIUS-access/request Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-18...
Page 241 Network admission control (NAC) Layer 2 IP validation—This feature takes effect after an IEEE 802.1x port is authenticated with MAC authentication bypass, including hosts in the exception list. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-19 OL-12247-01...
Page 242: Network Admission Control Layer 2 Ieee 802.1X Validation
The switch supports multidomain authentication (MDA), which allows both a data device and voice device, such as an IP phone (Cisco or non-Cisco), to authenticate on the same switch port. The port is divided into a data domain and a voice domain.
Page 243: Using Web Authentication
When a port host mode is changed from single- or multihost to multidomain mode, an authorized • data device remains authorized on the port. However, a Cisco IP phone that has been allowed on the port voice VLAN is automatically removed and must be reauthenticated on that port.
Page 244: Web Authentication With Automatic Mac Check
(optional) • • Configuring a Guest VLAN, page 9-34 (optional) • Configuring a Restricted VLAN, page 9-35 (optional) • Configuring the Inaccessible Authentication Bypass Feature, page 9-37 (optional) Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-22 OL-12247-01...
Page 245: Default Ieee 802.1X Authentication Configuration
Maximum retransmission number 2 times (number of times that the switch will send an EAP-request/identity frame before restarting the authentication process). Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-23 OL-12247-01...
Page 246: Ieee 802.1X Authentication Configuration Guidelines
If the VLAN to which an IEEE 802.1x port is assigned to shut down, disabled, or removed, the port becomes unauthorized. For example, the port is unauthorized after the access VLAN to which a port is assigned shuts down or is removed. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-24 OL-12247-01...
Page 247: Vlan Assignment, Guest Vlan, Restricted Vlan, And Inaccessible Authentication Bypass
IEEE 802.1x authentication and EtherChannel are configured. • If you are using a device running the Cisco Access Control Server (ACS) application for IEEE 802.1x authentication with EAP-Transparent LAN Services (TLS) and EAP-MD5, make sure that the device is running ACS Version 3.2.1 or later.
Page 248: Mac Authentication Bypass
A user connects to a port on the switch. Step 1 Step 2 Authentication is performed. Step 3 VLAN assignment is enabled, as appropriate, based on the RADIUS server configuration. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-26 OL-12247-01...
Page 249 9-24. Step 11 Return to privileged EXEC mode. Step 12 show dot1x Verify your entries. Step 13 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-27 OL-12247-01...
Page 250: Configuring The Switch-To-Radius-Server Communication
For more information, see the “Configuring Settings for All RADIUS Servers” section on page 7-29. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-28 OL-12247-01...
Page 251: Configuring The Host Mode
IEEE 802.1x-authorized port that has the dot1x port-control interface configuration command set to auto. Use the multi-domain keyword to configure and enable multidomain authentication (MDA), which allows both a host and a voice device, such as an IP phone (Cisco or non-Cisco), on the same switch port. This procedure is optional.
Page 252: Configuring Periodic Re-Authentication
“Configuring Periodic Re-Authentication” section on page 9-30. This example shows how to manually re-authenticate the client connected to a port: Switch# dot1x re-authenticate interface gigabitethernet2/0/1 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-30 OL-12247-01...
Page 253: Changing The Quiet Period
Set the number of seconds that the switch waits for a response to an EAP-request/identity frame from the client before resending the request. The range is 1 to 65535 seconds; the default is 5. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-31 OL-12247-01...
Page 254: Setting The Switch-To-Client Frame-Retransmission Number
This example shows how to set 5 as the number of times that the switch sends an EAP-request/identity request before restarting the authentication process: Switch(config-if)# dot1x max-req 5 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-32 OL-12247-01...
Page 255: Setting The Re-Authentication Number
Accounting message %s for session %s failed to receive Accounting Response. When the stop message is not sent successfully, this message appears: 00:09:55: %RADIUS-4-RADIUS_DEAD: RADIUS server 172.20.246.201:1645,1646 is not responding. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-33 OL-12247-01...
Page 256: Configuring A Guest Vlan
Specify the port to be configured, and enter interface configuration mode. For the supported port types, see the “IEEE 802.1x Authentication Configuration Guidelines” section on page 9-24. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-34 OL-12247-01...
Page 257: Configuring A Restricted Vlan
Configuration Guidelines” section on page 9-24. Step 3 switchport mode access Set the port to access mode, switchport mode private-vlan host Configure the Layer 2 port as a private-VLAN host port. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-35 OL-12247-01...
Page 258 Return to privileged EXEC mode. Step 8 show dot1x interface interface-id (Optional) Verify your entries. Step 9 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-36 OL-12247-01...
Page 259: Configuring The Inaccessible Authentication Bypass Feature
(Optional) Set the number of minutes that a RADIUS server is not sent requests. The range is from 0 to 1440 minutes (24 hours). The default is 0 minutes. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-37 OL-12247-01...
Page 260 RADIUS server that was unavailable becomes available. The range is from 1 to 10000 milliseconds. The default is 1000 milliseconds (a port can be re-initialized every second). Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-38 OL-12247-01...
Page 261: Configuring Ieee 802.1X Authentication With Wol
Specify the port to be configured, and enter interface configuration mode. For the supported port types, see the “IEEE 802.1x Authentication Configuration Guidelines” section on page 9-24. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-39 OL-12247-01...
Page 262: Configuring Mac Authentication Bypass
(Optional) Save your entries in the configuration file. To disable MAC authentication bypass, use the no dot1x mac-auth-bypass interface configuration command. This example shows how to enable MAC authentication bypass: Switch(config-if)# dot1x mac-auth-bypass Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-40 OL-12247-01...
Page 263: Configuring Nac Layer 2 Ieee 802.1X Validation
(Optional) Save your entries in the configuration file. This example shows how to configure NAC Layer 2 IEEE 802.1x validation: Switch# configure terminal Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# dot1x reauthentication Switch(config-if)# dot1x timeout reauth-period server Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-41 OL-12247-01...
Page 264: Configuring Web Authentication
Switch(config)# aaa authorization auth-proxy default group radius Switch(config)# radius-server host 1.1.1.2 key key1 Switch(config)# radius-server attribute 8 include-in-access-req Switch(config)# radius-server vsa send authentication Switch(config)# ip device tracking Switch(config) end Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-42 OL-12247-01...
Page 265 Return to privileged EXEC mode. Step 7 interface interface-id Specify the port to be configured, and enter interface configuration mode. Step 8 switchport mode access Set the port to access mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-43 OL-12247-01...
Page 266: Disabling Ieee 802.1X Authentication On The Port
Step 4 Return to privileged EXEC mode. Step 5 show dot1x interface interface-id Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-44 OL-12247-01...
Page 267: Resetting The Ieee 802.1X Authentication Configuration To The Default Values
EXEC command. For detailed information about the fields in these displays, see the command reference for this release. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-45 OL-12247-01...
Page 268 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Displaying IEEE 802.1x Statistics and Status Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 9-46 OL-12247-01...
Page 269: Understanding Interface Types
• Note For complete syntax and usage information for the commands used in this chapter, see the switch command reference for this release and the online Cisco IOS Interface Command Reference, Release 12.2. Understanding Interface Types This section describes the different types of interfaces supported by the switch with references to chapters that contain more detailed information about configuring these interface types.
Page 270: C H A P T E R 10 Configuring Interface Characteristics
Configure switch ports by using the switchport interface configuration commands. Use the switchport command with no keywords to put an interface that is in Layer 3 mode into Layer 2 mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 10-2...
Page 271: Access Ports
Catalyst 6500 series switch; the switch cannot be a VMPS server. You can also configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and another VLAN for data traffic from a device attached to the phone. For more information about voice VLAN ports, see Chapter 14, “Configuring Voice VLAN.”...
Page 272: Tunnel Ports
The IP base feature set supports static routing and the Routing Information Protocol (RIP). For full Layer 3 routing or for fallback bridging, you must enable the IP services feature set on the standalone switch or the stack master. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 10-4 OL-12247-01...
Page 273: Switch Virtual Interfaces
Most protocols operate over either single ports or aggregated switch ports and do not recognize the physical ports within the port group. Exceptions are the DTP, the Cisco Discovery Protocol (CDP), and the Port Aggregation Protocol (PAgP), which operate only on physical ports.
Page 274: Gigabit Ethernet Interfaces
A 10-Gigabit Ethernet interface operates only in full-duplex mode. The interface can be configured as a switched or routed port. For more information about the Cisco TwinGig Converter Module, see the switch hardware installation guide and your transceiver module documentation.
Page 275: Using Interface Configuration Mode
10-Gigabit Ethernet ports: tengigabitethernet1/0/1. On a switch with Cisco dual SFP X2 converter modules in the 10-Gigabit Ethernet module slots, the SFP module ports are numbered from 19 to 22. The external 10/100/1000 ports are numbered from 23 to 26;...
Page 276: Procedures For Configuring Interfaces
Step 4 After you configure an interface, verify its status by using the show privileged EXEC commands listed in the “Monitoring and Maintaining the Interfaces” section on page 10-25. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 10-8 OL-12247-01...
Page 277: Configuring A Range Of Interfaces
- port-channel-number, where the port-channel-number is 1 to 48 Note When you use the interface range command with port channels, the first and last port-channel number must be active port channels. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 10-9 OL-12247-01...
Page 278: Configuring And Using Interface Range Macros
You can now use the normal configuration commands to apply the configuration to all interfaces in the defined macro. Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 10-10 OL-12247-01...
Page 279 - 7, tengigabitethernet1/0/1 -2 Switch(config)# end This example shows how to enter interface-range configuration mode for the interface-range macro enet_list: Switch# configure terminal Switch(config)# interface range macro enet_list Switch(config-if-range)# Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 10-11 OL-12247-01...
Page 280: Using The Internal Ethernet Management Port
Network Blade switch Blade switch Onboard Administrator Internal Ethernet management port Figure 10-3 shows how to connect the Ethernet management ports in the switch stack to the PC. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 10-12 OL-12247-01...
Page 281 The internal Ethernet management ports on the stack members are disabled. Note By default, the Ethernet management port is enabled. The switch cannot route packets from the Ethernet management port to a network port, and the reverse. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 10-13 OL-12247-01...
Page 282: Supported Features On The Ethernet Management Port
To avoid this problem, use VRF or configure static route to forward the packets to specific hosts and networks. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 10-14...
Page 283: Monitoring The Ethernet Management Port
Loads and boots an executable image from the TFTP server and enters the command-line interface. For more details, see the command reference for this release. copy tftp:/source-file-url Copies a Cisco IOS image from the TFTP server to the specified filesystem:/destination-file- location. For more details, see the command reference for this release.
Page 284: Default Ethernet Interface Configuration
Disabled (Layer 2 interfaces only). See the “Configuring Protected Ports” section on page 25-5. Port security Disabled (Layer 2 interfaces only). See the “Default Port Security Configuration” section on page 25-10. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 10-16 OL-12247-01...
Page 285: Configuring Interface Speed And Duplex Mode
When STP is enabled and a port is reconfigured, the switch can take up to 30 seconds to check for • loops. The port LED is amber while STP reconfigures. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 10-17 OL-12247-01...
Page 286: Setting The Interface Speed And Duplex Parameters
Use the no speed and no duplex interface configuration commands to return the interface to the default speed and duplex settings (autonegotiate). To return all interface settings to the defaults, use the default interface interface-id interface configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 10-18 OL-12247-01...
Page 287: Configuring Ieee 802.3X Flow Control
Return to privileged EXEC mode. Step 5 show interfaces interface-id Verify the interface flow control settings. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 10-19 OL-12247-01...
Page 288: Configuring Auto-Mdix On An Interface
Verify the operational state of the auto-MDIX feature on the interface. interface-id phy Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 10-20 OL-12247-01...
Page 289: Adding A Description For An Interface
VLAN ID following the interface vlan global configuration command. To delete an SVI, use the no interface vlan global configuration command. You cannot delete interface VLAN 1. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 10-21 OL-12247-01...
Page 290 For physical ports only, enter Layer 3 mode. Step 4 ip address ip_address subnet_mask Configure the IP address and IP subnet. Step 5 no shutdown Enable the interface. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 10-22 OL-12247-01...
Page 291: Configuring The System Mtu
Cisco IOS configuration file, even if you enter the copy running-config startup-config privileged EXEC command. Therefore, if you use TFTP to configure a new switch by using a backup...
Page 292 This example shows the response when you try to set Gigabit Ethernet interfaces to an out-of-range number: Switch(config)# system mtu jumbo 25000 % Invalid input detected at '^' marker. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 10-24 OL-12247-01...
Page 293: Monitoring And Maintaining The Interfaces
Display the hardware configuration, software version, the names and sources of configuration files, and the boot images. show controllers ethernet-controller interface-id Display the operational state of the auto-MDIX feature on the interface. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 10-25 OL-12247-01...
Page 294: Clearing And Resetting Interfaces And Counters
Use the no shutdown interface configuration command to restart the interface. To verify that an interface is disabled, enter the show interfaces privileged EXEC command. A disabled interface is shown as administratively down in the display. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 10-26 OL-12247-01...
Page 295: Understanding Smartports Macros
When the macro is applied to an interface, the existing interface configurations are not lost. The new commands are added to the interface and are saved in the running configuration file. There are Cisco-default Smartports macros embedded in the switch software (see Table 11-1).
Page 296: C H A P T E R 11 Configuring Smartports Macros
Use this interface configuration macro when connecting a desktop device such as a PC with a Cisco IP Phone to a switch port. This macro is an extension of the cisco-desktop macro and provides the same security and resiliency features, but with the addition of dedicated voice VLANs to ensure proper treatment of delay-sensitive voice traffic.
Page 297: Smartports Macro Configuration Guidelines
• to the switch or interface. You can display the applied commands and macro names by using the show running-config user EXEC command. There are Cisco-default Smartports macros embedded in the switch software (see Table 11-1). You can display these macros and the commands they contain by using the show parser macro user EXEC command.
Page 298: Creating Smartports Macros
Cisco-default macro with the required values by using the parameter value keywords. The Cisco-default macros use the $ character to help identify required keywords. There is no restriction on using the $ character to define keywords when you create a macro.
Page 299: Applying Smartports Macros
You can delete a global macro-applied configuration on a switch only by entering the no version of each command that is in the macro. You can delete a macro-applied configuration on an interface by entering the default interface interface-id interface configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 11-5 OL-12247-01...
Page 300: Applying Cisco-Default Smartports Macros
Enter global configuration mode. Step 4 macro global {apply | trace} Append the Cisco-default macro with the required values by using the macro-name [parameter {value}] parameter value keywords and apply the macro to the switch. [parameter {value}] [parameter...
Page 301 You can delete a macro-applied configuration on an interface by entering the default interface interface-id interface configuration command. This example shows how to display the cisco-desktop macro, how to apply the macro, and to set the access VLAN ID to 25 on an interface:...
Page 302: Displaying Smartports Macros
Displays a specific macro. show parser macro brief Displays the configured macro names. show parser macro description [interface Displays the macro description for all interfaces or for a specified interface-id] interface. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 11-8 OL-12247-01...
Page 303: Understanding Vlans
Before you create VLANs, you must decide whether to use VLAN Trunking Protocol (VTP) to maintain Note global VLAN configuration for your network. For more information on VTP, see Chapter 13, “Configuring VTP.” Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-1 OL-12247-01...
Page 304: Chapter 12 Configuring Vlan
VTP only learns normal-range VLANs, with VLAN IDs 1 to 1005; VLAN IDs greater than 1005 are extended-range VLANs and are not stored in the VLAN database. The switch must be in VTP transparent mode when you create VLAN IDs from 1006 to 4094. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-2 OL-12247-01...
Page 305: Vlan Port Membership Modes
For information about configuring trunk ports, see the “Configuring an Ethernet Interface as a Trunk Port” section on page 12-20. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-3 OL-12247-01...
Page 306: Configuring Normal-Range Vlans
Dynamic-Access Ports on VMPS Clients” section on page 12-31. Voice VLAN A voice VLAN port is an access port attached to a Cisco VTP is not required; it has no affect on a IP Phone, configured to use one VLAN for voice traffic voice VLAN.
Page 307 Default Ethernet VLAN Configuration, page 12-8 • • Creating or Modifying an Ethernet VLAN, page 12-9 • Deleting a VLAN, page 12-10 • Assigning Static-Access Ports to a VLAN, page 12-11 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-5 OL-12247-01...
Page 308: Token Ring Vlans
• When a switch joins a stack or when stacks merge, VTP information (the vlan.dat file) on the new switches will be consistent with the stack master. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-6 OL-12247-01...
Page 309: Vlan Configuration Mode Options
In a switch stack, the whole stack uses the same vlan.dat file and running configuration. To display the VLAN configuration, enter the show vlan privileged EXEC command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-7...
Page 310: Default Ethernet Vlan Configuration
0 to 1005 Translational bridge 2 0 to 1005 VLAN state active active, suspend Remote SPAN disabled enabled, disabled Private VLANs none configured 2 to 1001, 1006 to 4094. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-8 OL-12247-01...
Page 311: Creating Or Modifying An Ethernet Vlan
This example shows how to use config-vlan mode to create Ethernet VLAN 20, name it test20, and add it to the VLAN database: Switch# configure terminal Switch(config)# vlan 20 Switch(config-vlan)# name test20 Switch(config-vlan)# end Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-9 OL-12247-01...
Page 312: Deleting A Vlan
VTP transparent mode, the VLAN is deleted only on that specific switch or a switch stack. You cannot delete the default VLANs for the different media types: Ethernet VLAN 1 and FDDI or Token Ring VLANs 1002 to 1005. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-10 OL-12247-01...
Page 313: Assigning Static-Access Ports To A Vlan
Assign the port to a VLAN. Valid VLAN IDs are 1 to 4094. Step 5 Return to privileged EXEC mode. Step 6 show running-config interface interface-id Verify the VLAN membership mode of the interface. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-11 OL-12247-01...
Page 314: Configuring Extended-Range Vlans
Ethernet VLANs. You can change only the MTU size, private VLAN, and the remote SPAN configuration state on extended-range VLANs; all other characteristics must remain at the default state. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-12 OL-12247-01...
Page 315: Extended-Range Vlan Configuration Guidelines
VLAN is rejected. In a switch stack, the whole stack uses the same running configuration and saved configuration, and • extended-range VLAN information is shared across the stack. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-13 OL-12247-01...
Page 316: Creating An Extended-Range Vlan
The procedure for assigning static-access ports to an extended-range VLAN is the same as for normal-range VLANs. See the “Assigning Static-Access Ports to a VLAN” section on page 12-11. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-14 OL-12247-01...
Page 317: Creating An Extended-Range Vlan With An Internal Vlan Id
Otherwise, if the switch resets, it will default to VTP server mode, and the extended-range VLAN IDs will not be saved. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-15 OL-12247-01...
Page 318: Displaying Vlans
VLANs across an entire network. Two trunking encapsulations are available on all Ethernet interfaces: Inter-Switch Link (ISL)—Cisco-proprietary trunking encapsulation. • IEEE 802.1Q— industry-standard trunking encapsulation. • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-16 OL-12247-01...
Page 319 You can configure a trunk on a single Ethernet interface or on an EtherChannel bundle. For more information about EtherChannel, see Chapter 37, “Configuring EtherChannels and Link-State Tracking.” Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-17 OL-12247-01...
Page 320 IEEE 802.1Q trunk port. The IEEE 802.1Q tunneling is used to maintain customer VLAN integrity across a service provider network. See Chapter 16, “Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling,” for more information on tunnel ports. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-18 OL-12247-01...
Page 321: Encapsulation Types
VLAN allowed on the trunks. Non-Cisco devices might support one spanning-tree instance for all VLANs. When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco switch combines the spanning-tree instance of the VLAN of the trunk with the spanning-tree instance of the non-Cisco IEEE 802.1Q switch.
Page 322: Default Layer 2 Ethernet Interface Vlan Configuration
If you change the configuration of one of these parameters, the switch propagates the setting you entered to all ports in the group: – allowed-VLAN list. – STP port priority for each VLAN. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-20 OL-12247-01...
Page 323: Configuring A Trunk Port
Mode and the Administrative Trunking Encapsulation fields of the display. Step 9 show interfaces interface-id trunk Display the trunk configuration of the interface. Step 10 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-21 OL-12247-01...
Page 324: Defining The Allowed Vlans On A Trunk
Note VLAN 1 is the default VLAN on all trunk ports in all Cisco switches, and it has previously been a requirement that VLAN 1 always be enabled on every trunk link. You can use the VLAN 1 minimization feature to disable VLAN 1 on any individual VLAN trunk link so that no user traffic (including spanning-tree advertisements) is sent or received on VLAN 1.
Page 325: Changing The Pruning-Eligible List
VLANs that are pruning-ineligible receive flooded traffic. The default list of VLANs allowed to be pruned contains VLANs 2 to 1001. Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-23 OL-12247-01...
Page 326: Configuring The Native Vlan For Untagged Traffic
Load sharing divides the bandwidth supplied by parallel trunks connecting switches. To avoid loops, STP normally blocks all but one parallel link between switches. Using load sharing, you divide the traffic between the links according to which VLAN the traffic belongs. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-24 OL-12247-01...
Page 327: Load Sharing Using Stp Port Priorities
For more information, see the “Load Sharing Using STP Path Cost” section on page 12-27. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-25 OL-12247-01...
Page 328 Assign the port priority of 16 for VLANs 3 through 6. Step 22 Return to privileged EXEC mode. Step 23 show running-config Verify your entries. Step 24 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-26 OL-12247-01...
Page 329: Load Sharing Using Stp Path Cost
When the trunk links come up, Switch A receives the VTP information from the other switches. Verify that Switch A has learned the VLAN configuration. Step 10 configure terminal Enter global configuration mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-27 OL-12247-01...
Page 330: Configuring Vmps
In secure mode, the server shuts down the port when an illegal host is detected. In open mode, the server simply denies the host access to the port. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-28 OL-12247-01...
Page 331: Dynamic-Access Port Vlan Membership
20 MAC addresses are allowed per port on the switch. A dynamic-access port can belong to only one VLAN at a time, but the VLAN can change over time, depending on the MAC addresses seen. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-29...
Page 332: Default Vmps Client Configuration
The VLAN configured on the VMPS server should not be a voice VLAN. Configuring the VMPS Client You configure dynamic VLANs by using the VMPS (server). The switch can be a VMPS client; it cannot be a VMPS server. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-30 OL-12247-01...
Page 333: Entering The Ip Address Of The Vmps
Configure the port as eligible for dynamic VLAN membership. The dynamic-access port must be connected to an end station. Step 5 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-31 OL-12247-01...
Page 334: Reconfirming Vlan Memberships
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no vmps reconfirm global configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-32 OL-12247-01...
Page 335: Changing The Retry Count
VQP Client Status: -------------------- VMPS VQP Version: Reconfirm Interval: 60 min Server Retry Count: 3 VMPS domain server: 172.20.128.86 (primary, current) 172.20.128.87 Reconfirmation status --------------------- VMPS Action: other Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-33 OL-12247-01...
Page 336: Troubleshooting Dynamic-Access Port Vlan Membership
End stations are connected to the clients, Switch B and Switch I. • The database configuration file is stored on the TFTP server with the IP address 172.20.22.7. • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-34 OL-12247-01...
Page 337 Switch F 172.20.26.156 Switch G 172.20.26.157 Switch H Client switch I Dynamic-access port Server 2 172.20.26.158 Trunk port 172.20.26.159 Catalyst 6500 series Secondary VMPS Switch J Server 3 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-35 OL-12247-01...
Page 338 Chapter 12 Configuring VLANs Configuring VMPS Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 12-36 OL-12247-01...
Page 339: Understanding Vtp
VTP messages or when a new VLAN is configured by the user, the new VLAN information is communicated to all switches in the stack. When a switch joins the stack or when stacks merge, the new switches get VTP information from the stack master. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 13-1 OL-12247-01...
Page 340: Chapter 13 Configuring Vtp
However, configuration changes made when the switch is in this mode are saved in the switch running configuration and can be saved to the switch startup configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 13-2 OL-12247-01...
Page 341: Vtp Modes
Otherwise, the switch cannot receive any VTP advertisements. For more information on trunk ports, see the “Configuring VLAN Trunks” section on page 12-16. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 13-3 OL-12247-01...
Page 342: Vtp Version 2
Without VTP pruning, a switch floods broadcast, multicast, and unknown unicast traffic across all trunk links within a VTP domain even though receiving switches might discard them. VTP pruning is disabled by default. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 13-4 OL-12247-01...
Page 343 Optimized Flooded Traffic with VTP Pruning Switch D Port 2 Flooded traffic is pruned. Port Switch B VLAN Switch E Flooded traffic Port is pruned. Port 1 Switch F Switch C Switch A Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 13-5 OL-12247-01...
Page 344: Vtp And Switch Stacks
Disabling VTP (VTP Transparent Mode), page 13-12 Enabling VTP Version 2, page 13-13 • Enabling VTP Pruning, page 13-14 • Adding a VTP Client Switch to a VTP Domain, page 13-14 • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 13-6 OL-12247-01...
Page 345: Default Vtp Configuration
If the VTP mode or domain name in the startup configuration do not match the VLAN database, the domain name and VTP mode and configuration for the first 1005 VLANs use the VLAN database information. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 13-7 OL-12247-01...
Page 346: Vtp Configuration In Vlan Database Configuration Mode
When you configure a VTP domain password, the management domain does not function properly if you do not assign a management domain password to each switch in the domain. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 13-8...
Page 347: Vtp Version
Configure the VTP administrative-domain name. The name can be 1 to 32 characters. All switches operating in VTP server or client mode under the same administrative responsibility must be configured with the same domain name. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 13-9 OL-12247-01...
Page 348 When you configure a domain name, it cannot be removed; you can only reassign a switch to a different domain. To return the switch to a no-password state, use the no vtp password VLAN database configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 13-10 OL-12247-01...
Page 349: Configuring A Vtp Client
Step 5 Return to privileged EXEC mode. Step 6 show vtp status Verify your entries in the VTP Operating Mode and the VTP Domain Name fields of the display. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 13-11 OL-12247-01...
Page 350: Disabling Vtp (Vtp Transparent Mode)
If extended-range VLANs are configured on the switch or switch stack, you cannot change the VTP Note mode to server. You receive an error message, and the configuration is not allowed. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 13-12 OL-12247-01...
Page 351: Enabling Vtp Version 2
VLAN database configuration mode and by entering the vtp v2-mode VLAN database configuration command. To disable VTP Version 2, use the no vtp v2-mode VLAN database configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 13-13 OL-12247-01...
Page 352: Enabling Vtp Pruning
If you add a switch that has a revision number higher than the revision number in the VTP domain, it can erase all VLAN information from the VTP server and VTP domain. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 13-14...
Page 353 You can use the vtp mode transparent global configuration command or the vtp transparent VLAN database configuration command to disable VTP on the switch, and then change its VLAN information without affecting the other switches in the VTP domain. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 13-15 OL-12247-01...
Page 354: Monitoring Vtp
VTP Monitoring Commands Command Purpose show vtp status Display the VTP switch configuration information. show vtp counters Display counters about VTP messages that have been sent and received. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 13-16 OL-12247-01...
Page 355: Understanding Voice Vlan
The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. When the switch is connected to a Cisco 7960 IP Phone, the phone sends voice traffic with Layer 3 IP precedence and Layer 2 class of service (CoS) values, which are both set to 5 by default. Because the sound quality of an IP phone call can deteriorate if the data is unevenly sent, the switch supports quality of service (QoS) based on IEEE 802.1p CoS.
Page 356: Chapter 14 Configuring Voice Vlan
Cisco IP Phone Voice Traffic You can configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and another VLAN for data traffic from a device attached to the phone. You can configure access ports on...
Page 357: Configuring Voice Vlan
For more information, see Chapter 36, “Configuring QoS.” You must enable CDP on the switch port connected to the Cisco IP Phone to send the configuration • to the phone. (CDP is globally enabled by default on all switch interfaces.) The Port Fast feature is automatically enabled when voice VLAN is configured.
Page 358: Configuring A Port Connected To A Cisco 7960 Ip Phone
Configuring Voice VLAN • If the Cisco IP Phone and a device attached to the phone are in the same VLAN, they must be in the same IP subnet. These conditions indicate that they are in the same VLAN: –...
Page 359: Configuring Cisco Ip Phone Voice Traffic
Configuring Cisco IP Phone Voice Traffic You can configure a port connected to the Cisco IP Phone to send CDP packets to the phone to configure the way in which the phone sends voice traffic. The phone can carry voice traffic in IEEE 802.1Q frames for a specified voice VLAN with a Layer 2 CoS value.
Page 360: Configuring The Priority Of Incoming Data Frames
Configuring the Priority of Incoming Data Frames You can connect a PC or other data device to a Cisco IP Phone port. To process tagged data traffic (in IEEE 802.1Q or IEEE 802.1p frames), you can configure the switch to send CDP packets to instruct the phone how to send data packets from the device attached to the access port on the Cisco IP Phone.
Page 361: Displaying Voice Vlan
(Optional) Save your entries in the configuration file. startup-config This example shows how to configure a port connected to a Cisco IP Phone to not change the priority of frames received from the PC or the attached device: Switch# configure terminal Enter configuration commands, one per line.
Page 362 Chapter 14 Configuring Voice VLAN Displaying Voice VLAN Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 14-8 OL-12247-01...
Page 363: Understanding Private Vlans
VLAN. A private VLAN can have multiple VLAN pairs, one pair for each subdomain. All VLAN pairs in a private VLAN share the same primary VLAN. The secondary VLAN ID differentiates one subdomain from another. See Figure 15-1. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 15-1 OL-12247-01...
Page 364: Chapter 15 Configuring Private Vlan
These interfaces are isolated at Layer 2 from all other interfaces in other communities and from isolated ports within their private VLAN. Trunk ports carry traffic from regular VLANs and also from primary, isolated, and community VLANs. Note Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 15-2 OL-12247-01...
Page 365: Ip Addressing Scheme With Private Vlans
VLANs, but in the same primary VLAN. When new devices are added, the DHCP server assigns them the next available address from a large pool of subnet addresses. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 15-3 OL-12247-01...
Page 366: Private Vlans Across Multiple Switches
Private VLANs have specific interaction with some other features, described in these sections: • Private VLANs and Unicast, Broadcast, and Multicast Traffic, page 15-5 • Private VLANs and SVIs, page 15-5 • Private VLANs and Switch Stacks, page 15-5 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 15-4 OL-12247-01...
Page 367: Private Vlans And Unicast, Broadcast, And Multicast Traffic
VLAN that had its promiscuous port on the old stack master lose connectivity outside of the private VLAN. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 15-5...
Page 368: Configuring Private Vlans
“Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface” section on page 15-14. Step 6 Verify private-VLAN configuration. Default Private-VLAN Configuration No private VLANs are configured. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 15-6 OL-12247-01...
Page 369: Private-Vlan Configuration Guidelines
ARP entries learned on Layer 3 private VLAN interfaces are sticky ARP entries. For security reasons, private VLAN port sticky ARP entries do not age out. We recommend that you display and verify private-VLAN interface ARP entries. Note Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 15-7 OL-12247-01...
Page 370: Private-Vlan Port Configuration
VLAN become inactive. • Private-VLAN ports can be on different network devices if the devices are trunk-connected and the primary and secondary VLANs have not been removed from the trunk. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 15-8 OL-12247-01...
Page 371: Limitations With Other Features
VLAN. When the original dynamic MAC address is deleted or aged out, the replicated addresses are removed from the MAC address table. Configure Layer 3 VLAN interfaces (SVIs) only for primary VLANs. • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 15-9 OL-12247-01...
Page 372: Configuring And Associating Vlans In A Private Vlan
Otherwise, if the switch resets, it defaults to VTP server mode, which does not support private VLANs. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 15-10 OL-12247-01...
Page 373: Configuring A Layer 2 Interface As A Private-Vlan Host Port
Isolated and community VLANs are both secondary VLANs. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Enter interface configuration mode for the Layer 2 interface to be configured. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 15-11 OL-12247-01...
Page 374 Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: 20 501 <output truncated> Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 15-12 OL-12247-01...
Page 375: Configuring A Layer 2 Interface As A Private-Vlan Promiscuous Port
Switch(config-if)# switchport private-vlan mapping 20 add 501-503 Switch(config-if)# end Use the show vlan private-vlan or the show interface status privileged EXEC command to display primary and secondary VLANs and private-VLAN ports on the switch. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 15-13 OL-12247-01...
Page 376: Mapping Secondary Vlans To A Primary Vlan Layer 3 Vlan Interface
Switch# configure terminal Switch(config)# interface vlan 10 Switch(config-if)# private-vlan mapping 501-502 Switch(config-if)# end Switch# show interfaces private-vlan mapping Interface Secondary VLAN Type --------- -------------- ----------------- vlan10 isolated vlan10 community Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 15-14 OL-12247-01...
Page 377: Monitoring Private Vlans
This is an example of the output from the show vlan private-vlan command: Switch(config)# show vlan private-vlan Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ isolated Gi2/0/1, Gi3/0/1, Gi3/0/2 community Gi2/0/11, Gi3/0/1, Gi3/0/4 non-operational Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 15-15 OL-12247-01...
Page 378 Chapter 15 Configuring Private VLANs Monitoring Private VLANs Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 15-16 OL-12247-01...
Page 379: Understanding Ieee 802.1Q Tunneling
VLAN ID that is dedicated to tunneling. Each customer requires a separate service-provider VLAN ID, but that VLAN ID supports all of the customer’s VLANs. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 16-1...
Page 380: C H A P T E R 16 Configuring Ieee 802.1Q And Layer 2 Protocol Tunneling
When the packet exits another trunk port on the same core switch, the same metro tag is again added to the packet. Figure 16-2 shows the tag structures of the double-tagged packets. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 16-2 OL-12247-01...
Page 381 Because 802.1Q tunneling is configured on a per-port basis, it does not matter whether the switch is a standalone switch or a stack member. All configuration is done on the stack master. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 16-3...
Page 382: Configuring Ieee 802.1Q Tunneling
The packet carries only the VLAN 30 tag through the service-provider network to the trunk port of the egress-edge switch (Switch C) and is misdirected through the egress switch tunnel port to Customer Y. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 16-4 OL-12247-01...
Page 383: System Mtu
The switch has a system jumbo MTU value of 1500 bytes, and the switchport mode dot1q tunnel interface configuration command is configured on a 10-Gigabit or Gigabit Ethernet switch port. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 16-5...
Page 384: Ieee 802.1Q Tunneling And Other Features
When a port is configured as an IEEE 802.1Q tunnel port, spanning-tree bridge protocol data unit • (BPDU) filtering is automatically enabled on the interface. Cisco Discovery Protocol (CDP) and the Layer Link Discovery Protocol (LLDP) are automatically disabled on the interface.
Page 385: Understanding Layer 2 Protocol Tunneling
VLAN should build a proper spanning tree that includes the local site and all remote sites across the service-provider network. Cisco Discovery Protocol (CDP) must discover neighboring Cisco devices from local and remote sites. VLAN Trunking Protocol (VTP) must provide consistent VLAN configuration throughout all sites in the customer network.
Page 386 Users on each of a customer’s sites can properly run STP, and every VLAN can build a correct • spanning tree based on parameters from all sites and not just from the local site. CDP discovers and shows information about the other Cisco devices connected through the • service-provider network.
Page 387 When you enable protocol tunneling (PAgP or LACP) on the SP switch, remote customer switches receive the PDUs and can negotiate the automatic creation of EtherChannels. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 16-9 OL-12247-01...
Page 388: Configuring Layer 2 Protocol Tunneling
When the Layer 2 PDUs that entered the service-provider inbound edge switch through a Layer 2 protocol-enabled port exit through the trunk port into the service-provider network, the switch overwrites the customer PDU-destination MAC address with a well-known Cisco proprietary multicast address (01-00-0c-cd-cd-d0). If IEEE 802.1Q tunneling is enabled, packets are also double-tagged; the outer tag is the customer metro tag, and the inner tag is the customer’s VLAN tag.
Page 389: Default Layer 2 Protocol Tunneling Configuration
If a CoS value is configured on the interface for data packets, that value is the default used for Layer 2 PDUs. If none is configured, the default is 5. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 16-11 OL-12247-01...
Page 390: Layer 2 Protocol Tunneling Configuration Guidelines
PDUs higher priority within the service-provider network than data packets received from the same tunnel port. By default, the PDUs use the same CoS value as data packets. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 16-12 OL-12247-01...
Page 391: Configuring Layer 2 Protocol Tunneling
Display the Layer 2 tunnel ports on the switch, including the protocols configured, the thresholds, and the counters. Step 12 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 16-13 OL-12247-01...
Page 392: Configuring Layer 2 Tunneling For Etherchannels
If no keyword is entered, tunneling is enabled for all three protocols. To avoid a network failure, make sure that the network is a Caution point-to-point topology before you enable tunneling for PAgP, LACP, or UDLD packets. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 16-14 OL-12247-01...
Page 393 [point-to-point [pagp | lacp | udld]] and the no l2protocol-tunnel drop-threshold [[point-to-point [pagp | lacp | udld]] commands to return the shutdown and drop thresholds to the default settings. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 16-15 OL-12247-01...
Page 394: Configuring The Customer Switch
Switch(config-if)# l2protocol-tunnel drop-threshold point-to-point pagp 1000 Switch(config-if)# exit Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# switchport access vlan 18 Switch(config-if)# switchport mode dot1q-tunnel Switch(config-if)# l2protocol-tunnel point-to-point pagp Switch(config-if)# l2protocol-tunnel point-to-point udld Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 16-16 OL-12247-01...
Page 395 Switch(config-if)# switchport trunk encapsulation dot1q Switch(config-if)# switchport mode trunk Switch(config-if)# udld enable Switch(config-if)# channel-group 1 mode desirable Switch(config-if)# exit Switch(config)# interface port-channel 1 Switch(config-if)# shutdown Switch(config-if)# no shutdown Switch(config-if)# exit Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 16-17 OL-12247-01...
Page 396: Monitoring And Maintaining Tunneling Status
Display the status of native VLAN tagging on the switch. For detailed information about these displays, see the command reference for this release. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 16-18 OL-12247-01...
Page 397: Understanding Spanning-Tree Features
The switch can use either the per-VLAN spanning-tree plus (PVST+) protocol based on the IEEE 802.1D standard and Cisco proprietary extensions, or the rapid per-VLAN spanning-tree plus (rapid-PVST+) protocol based on the IEEE 802.1w standard. A switch stack appears as a single spanning-tree node to the rest of the network, and all stack members use the same bridge ID.
Page 398: Chapter 17 Configuring Stp
By default, the switch sends keepalive messages (to ensure the connection is up) only on interfaces that do not have small form-factor pluggable (SFP) modules. You can change the default for an interface by entering the [no] keepalive interface configuration command with no keywords. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 17-2 OL-12247-01...
Page 399: Spanning-Tree Topology And Bpdus
Selects the lowest path cost to the root switch – – Selects the lowest designated bridge ID – Selects the lowest designated path cost – Selects the lowest port ID Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 17-3 OL-12247-01...
Page 400: Bridge Id, Switch Priority, And Extended System Id
VLAN. Each VLAN on the switch has a unique 8-byte bridge ID. The 2 most-significant bytes are used for the switch priority, and the remaining 6 bytes are derived from the switch MAC address. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 17-4...
Page 401: Spanning-Tree Interface States
An interface moves through these states: • From initialization to blocking • From blocking to listening or to disabled • From listening to learning or to disabled Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 17-5 OL-12247-01...
Page 402: Blocking State
An interface always enters the blocking state after switch initialization. An interface in the blocking state performs these functions: • Discards frames received on the interface • Discards frames switched from another interface for forwarding Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 17-6 OL-12247-01...
Page 403: Listening State
A disabled interface performs these functions: • Discards frames received on the interface • Discards frames switched from another interface for forwarding Does not learn addresses • Does not receive BPDUs • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 17-7 OL-12247-01...
Page 404: How A Switch Or Port Becomes The Root Switch Or Root Port
If the speeds are the same, the port priority and port ID are added together, and spanning tree disables the link with the lowest value. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 17-8...
Page 405: Spanning-Tree Address Management
A spanning-tree reconfiguration on one VLAN can cause the dynamic addresses learned on that VLAN to be subject to accelerated aging. Dynamic addresses on other VLANs can be unaffected and remain subject to the aging interval entered for the switch. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 17-9 OL-12247-01...
Page 406: Spanning-Tree Modes And Protocols
The switch supports these spanning-tree modes and protocols: • PVST+—This spanning-tree mode is based on the IEEE 802.1D standard and Cisco proprietary extensions. It is the default spanning-tree mode used on all Ethernet port-based VLANs. The PVST+ runs on each VLAN on the switch up to the maximum supported, ensuring that each has a loop-free path through the network.
Page 407: Spanning-Tree Interoperability And Backward Compatibility
VLAN allowed on the trunks. When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco switch uses PVST+ to provide spanning-tree interoperability. If rapid PVST+ is enabled, the switch uses it instead of PVST+.
Page 408: Spanning Tree And Switch Stacks
Configuring the Root Switch, page 17-16 (optional) • Configuring a Secondary Root Switch, page 17-18 (optional) Configuring Port Priority, page 17-18 (optional) • Configuring Path Cost, page 17-20 (optional) • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 17-12 OL-12247-01...
Page 409: Default Spanning-Tree Configuration
VLAN where you want it to run. Use the no spanning-tree vlan vlan-id global configuration command to disable spanning tree on a specific VLAN, and use the spanning-tree vlan vlan-id global configuration command to enable spanning tree on the desired VLAN. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 17-13 OL-12247-01...
Page 410 “Optional Spanning-Tree Configuration Guidelines” section on page 19-12. Caution Loop guard works only on point-to-point links. We recommend that each end of the link has a directly connected device that is running STP. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 17-14 OL-12247-01...
Page 411: Changing The Spanning-Tree Mode
To return to the default setting, use the no spanning-tree mode global configuration command. To return the port to its default setting, use the no spanning-tree link-type interface configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 17-15...
Page 412: Disabling Spanning Tree
ID support will become the root switch. The extended system ID increases the switch priority value every time the VLAN number is greater than the priority of the connected switches running older software. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 17-16 OL-12247-01...
Page 413 Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id root global configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 17-17 OL-12247-01...
Page 414: Configuring A Secondary Root Switch
(higher numerical values) that you want selected last. If all interfaces have the same priority value, spanning tree puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 17-18 OL-12247-01...
Page 415 The show spanning-tree interface interface-id privileged EXEC command displays information only if the port is in a link-up operative state. Otherwise, you can use the show running-config interface privileged EXEC command to confirm the configuration. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 17-19 OL-12247-01...
Page 416: Configuring Path Cost
Return to privileged EXEC mode. Step 6 show spanning-tree interface interface-id Verify your entries. show spanning-tree vlan vlan-id Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 17-20 OL-12247-01...
Page 417: Configuring The Switch Priority Of A Vlan
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id priority global configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 17-21 OL-12247-01...
Page 418: Configuring Spanning-Tree Timers
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id hello-time global configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 17-22 OL-12247-01...
Page 419: Configuring The Forwarding-Delay Time For A Vlan
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id max-age global configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 17-23 OL-12247-01...
Page 420: Configuring The Transmit Hold-Count
You can clear spanning-tree counters by using the clear spanning-tree [interface interface-id] privileged EXEC command. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 17-24 OL-12247-01...
Page 421: Configuring Mstp
Both MSTP and RSTP improve the spanning-tree operation and maintain backward compatibility with equipment that is based on the (original) IEEE 802.1D spanning tree, with existing Cisco-proprietary Multiple Instance STP (MISTP), and with existing Cisco per-VLAN spanning-tree plus (PVST+) and rapid per-VLAN spanning-tree plus (rapid PVST+).
Page 422: Chapter 18 Configuring Mstp
65 spanning-tree instances. Instances can be identified by any number in the range from 0 to 4094. You can assign a VLAN to only one spanning-tree instance at a time. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 18-2 OL-12247-01...
Page 423: Ist, Cist, And Cst
IST information, they leave their old subregions and join the new subregion that contains the true CIST regional root. Thus all subregions shrink, except for the one that contains the true CIST regional root. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 18-3 OL-12247-01...
Page 424: Operations Between Mst Regions
MST instances. Parameters related to the spanning-tree topology (for example, switch priority, port VLAN cost, and port VLAN priority) can be configured on both the CST instance and the MST instance. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 18-4...
Page 425: Ieee 802.1S Terminology
IEEE 802.1D switches. MSTP switches use MSTP BPDUs to communicate with MSTP switches. IEEE 802.1s Terminology Some MST naming conventions used in Cisco’s prestandard implementation have been changed to identify some internal or regional parameters. These parameters are significant only within an MST region, as opposed to external parameters that are relevant to the whole network.
Page 426: Boundary Ports
The primary change from the Cisco prestandard implementation is that a designated port is not defined as boundary, unless it is running in an STP-compatible mode.
Page 427: Port Role Naming Change
The boundary role is no longer in the final MST standard, but this boundary concept is maintained in Cisco’s implementation. However, an MST instance port at a boundary of the region might not follow the state of the corresponding CIST port. Two cases exist now: •...
Page 428: Detecting Unidirectional Link Failure
Detecting Unidirectional Link Failure This feature is not yet present in the IEEE MST standard, but it is included in this Cisco IOS release. The software checks the consistency of the port role and state in the received BPDUs to detect unidirectional link failures that could cause bridging loops.
Page 429: Interoperability With Ieee 802.1D Stp
LAN is called the designated port. • Alternate port—Offers an alternate path toward the root switch to that provided by the current root port. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 18-9 OL-12247-01...
Page 430: Rapid Convergence
Disabled Disabled Discarding To be consistent with Cisco STP implementations, this guide defines the port state as blocking instead of discarding. Designated ports start in the listening state. Rapid Convergence The RSTP provides for rapid recovery of connectivity following the failure of a switch, a switch port, or a LAN.
Page 431: Synchronization Of Port Roles
An individual port on the switch is synchronized if That port is in the blocking state. • • It is an edge port (a port configured to be at the edge of the network). Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 18-11 OL-12247-01...
Page 432: Bridge Protocol Data Unit Format And Processing
Table 18-3 shows the RSTP flag fields. Table 18-3 RSTP BPDU Flags Function Topology change (TC) Proposal 2–3: Port role: Unknown Alternate port Root port Designated port Learning Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 18-12 OL-12247-01...
Page 433: Processing Superior Bpdu Information
State changes on an edge port do not cause a topology change. When an RSTP switch detects a topology change, it deletes the learned information on all of its nonedge ports except on those from which it received the TC notification. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 18-13 OL-12247-01...
Page 434: Configuring Mstp Features
Specifying the Link Type to Ensure Rapid Transitions, page 18-24 (optional) • Designating the Neighbor Type, page 18-25 (optional) • Restarting the Protocol Migration Process, page 18-25 (optional) • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 18-14 OL-12247-01...
Page 435: Default Mstp Configuration
MST configuration (region name, revision number, and VLAN-to-instance mapping) on each switch within the MST region by using the command-line interface (CLI) or through the SNMP support. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 18-15 OL-12247-01...
Page 436: Specifying The Mst Region Configuration And Enabling Mstp
Specify the configuration revision number. The range is 0 to 65535. Step 6 show pending Verify your configuration by displaying the pending configuration. Step 7 exit Apply all changes, and return to global configuration mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 18-16 OL-12247-01...
Page 437: Configuring The Root Switch
ID support, the switch sets its own priority for the specified instance to 24576 if this value will cause this switch to become the root for the specified spanning-tree instance. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 18-17...
Page 438 (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst instance-id root global configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 18-18 OL-12247-01...
Page 439: Configuring Port Priority
(higher numerical values) that you want selected last. If all interfaces have the same priority value, the MSTP puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 18-19 OL-12247-01...
Page 440 Otherwise, you can use the show running-config interface privileged EXEC command to confirm the configuration. To return the interface to its default setting, use the no spanning-tree mst instance-id port-priority interface configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 18-20 OL-12247-01...
Page 441: Configuring The Switch Priority
You can configure the switch priority and make it more likely that a standalone switch or a switch in the stack will be chosen as the root switch. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 18-21 OL-12247-01...
Page 442: Configuring The Hello Time
These messages mean that the switch is alive. For seconds, the range is 1 to 10; the default is 2. Step 3 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 18-22 OL-12247-01...
Page 443: Configuring The Forwarding-Delay Time
Step 3 Return to privileged EXEC mode. Step 4 show spanning-tree mst Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 18-23 OL-12247-01...
Page 444: Configuring The Maximum-Hop Count
1 to 4094. The port-channel range is 1 to 48. Step 3 spanning-tree link-type point-to-point Specify that the link type of a port is point-to-point. Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 18-24 OL-12247-01...
Page 445: Designating The Neighbor Type
To restart the protocol migration process (force the renegotiation with neighboring switches) on the switch, use the clear spanning-tree detected-protocols privileged EXEC command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 18-25 OL-12247-01...
Page 446: Displaying The Mst Configuration And Status
Displays MST information for the specified interface. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 18-26 OL-12247-01...
Page 447: Understanding Optional Spanning-Tree Features
Understanding Cross-Stack UplinkFast, page 19-5 • • Understanding BackboneFast, page 19-7 • Understanding EtherChannel Guard, page 19-10 • Understanding Root Guard, page 19-10 Understanding Loop Guard, page 19-11 • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 19-1 OL-12247-01...
Page 448: C H A P T E R 19 Configuring Optional Spanning-Tree Features
To prevent the port from shutting down, you can use the errdisable detect cause bpduguard shutdown vlan global configuration command to shut down just the offending VLAN on the port where the violation occurred. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 19-2 OL-12247-01...
Page 449: Understanding Bpdu Filtering
Figure 19-2 shows a complex network where distribution switches and access switches each have at least one redundant link that spanning tree blocks to prevent loops. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 19-3 OL-12247-01...
Page 450 Switch B over link L1 and to Switch C over link L2. The Layer 2 interface on Switch C that is connected directly to Switch B is in a blocking state. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 19-4...
Page 451: Understanding Cross-Stack Uplinkfast
CSUF might not provide a fast transition all the time; in these cases, the normal spanning-tree transition occurs, completing in 30 to 40 seconds. For more information, see the “Events that Cause Fast Convergence” section on page 19-7. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 19-5 OL-12247-01...
Page 452: How Csuf Works
The switch sending the fast-transition request needs to do a fast transition to the forwarding state of a port that it has chosen as the root port, and it must obtain an acknowledgement from each stack switch before performing the fast transition. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 19-6 OL-12247-01...
Page 453: Events That Cause Fast Convergence
BPDU is a signal that the other switch might have lost its path to the root, and BackboneFast tries to find an alternate path to the root. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 19-7...
Page 454 Switch B over link L1 and to Switch C over link L2. The Layer 2 interface on Switch C that connects directly to Switch B is in the blocking state. Figure 19-6 BackboneFast Example Before Indirect Link Failure Switch A (Root) Switch B Blocked port Switch C Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 19-8 OL-12247-01...
Page 455 Switch A, the root switch. Figure 19-8 Adding a Switch in a Shared-Medium Topology Switch A (Root) Switch B Switch C (Designated bridge) Blocked port Added switch Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 19-9 OL-12247-01...
Page 456: Understanding Etherchannel Guard
MST instance. You can enable this feature by using the spanning-tree guard root interface configuration command. Caution Misuse of the root-guard feature can cause a loss of connectivity. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 19-10 OL-12247-01...
Page 457: Understanding Loop Guard
Enabling BPDU Guard, page 19-13 (optional) • Enabling BPDU Filtering, page 19-14 (optional) • Enabling UplinkFast for Use with Redundant Links, page 19-15 (optional) • Enabling Cross-Stack UplinkFast, page 19-16 (optional) Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 19-11 OL-12247-01...
Page 458: Default Optional Spanning-Tree Configuration
VLAN, the Port Fast feature is not automatically disabled. For more information, see Chapter 14, “Configuring Voice VLAN.” You can enable this feature if your switch is running PVST+, rapid PVST+, or MSTP. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 19-12 OL-12247-01...
Page 459: Enabling Bpdu Guard
To prevent the port from shutting down, you can use the errdisable detect cause bpduguard shutdown vlan global configuration command to shut down just the offending VLAN on the port where the violation occurred. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 19-13 OL-12247-01...
Page 460: Enabling Bpdu Filtering
Configure Port Fast only on interfaces that connect to end stations; otherwise, an accidental topology loop could cause a data packet loop and disrupt switch and network operation. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 19-14 OL-12247-01...
Page 461: Enabling Uplinkfast For Use With Redundant Links
You can configure the UplinkFast or the CSUF feature for rapid PVST+ or for the MSTP, but the feature remains disabled (inactive) until you change the spanning-tree mode to PVST+. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 19-15...
Page 462: Enabling Cross-Stack Uplinkfast
To disable UplinkFast on the switch and all its VLANs, use the no spanning-tree uplinkfast global configuration command. Enabling BackboneFast You can enable BackboneFast to detect indirect link failures and to start the spanning-tree reconfiguration sooner. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 19-16 OL-12247-01...
Page 463: Enabling Etherchannel Guard
EXEC command to verify the EtherChannel configuration. After the configuration is corrected, enter the shutdown and no shutdown interface configuration commands on the port-channel interfaces that were misconfigured. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 19-17 OL-12247-01...
Page 464: Enabling Root Guard
Beginning in privileged EXEC mode, follow these steps to enable loop guard. This procedure is optional. Command Purpose Step 1 show spanning-tree active Verify which interfaces are alternate or root ports. show spanning-tree mst Step 2 configure terminal Enter global configuration mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 19-18 OL-12247-01...
Page 465: Displaying The Spanning-Tree Status
You can clear spanning-tree counters by using the clear spanning-tree [interface interface-id] privileged EXEC command. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 19-19 OL-12247-01...
Page 466 Chapter 19 Configuring Optional Spanning-Tree Features Displaying the Spanning-Tree Status Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 19-20 OL-12247-01...
Page 467: Flex Links
STP on the switch. If the switch is running STP, Flex Links is not necessary because STP already provides link-level redundancy or backup. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 20-1 OL-12247-01...
Page 468: Vlan Flex Link Load Balancing And Support
VLANs. This way, apart from providing the redundancy, this Flex Link pair can be used for load balancing. Also, Flex Link VLAN load-balancing does not impose any restrictions on uplink switches. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 20-2 OL-12247-01...
Page 469: C H A P T E R 20 Configuring Flex Links And The Mac Address-Table Move Update Feature
100 milliseconds (ms). The PC is directly connected to switch A, and the connection status does not change. Switch A does not need to update the PC entry in the MAC address table. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 20-3...
Page 470 Understanding Flex Links and the MAC Address-Table Move Update Figure 20-3 MAC Address-Table Move Update Example Server Switch C Port 3 Port 4 Switch B Switch D Port 1 Port 2 Switch A Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 20-4 OL-12247-01...
Page 471: Mac Address-Table Move Update
The Flex Links are not configured, and there are no backup interfaces defined. The preemption mode is off. The preemption delay is 35 seconds. The MAC address-table move update feature is not configured on the switch. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 20-5 OL-12247-01...
Page 472: Configuring Flex Links
Switch(conf)# interface gigabitethernet1/0/1 Switch(conf-if)# switchport backup interface gigabitethernet1/0/2 Switch(conf-if)# end Switch# show interface switchport backup Switch Backup Interface Pairs: Active Interface Backup Interface State ------------------------------------------------------------------------ GigabitEthernet1/0/1 GigabitEthernet1/0/2 Active Up/Backup Standby Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 20-6 OL-12247-01...
Page 473: Configuring Flex Links And Mac Address-Table Move Update
Interface Pair : Gi1/0/1, Gi1/0/2 Preemption Mode : forced Preemption Delay : 50 seconds Bandwidth : 100000 Kbit (Gi1/0/1), 100000 Kbit (Gi1/0/2) Mac Address Move Update Vlan : auto Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 20-7 OL-12247-01...
Page 474: Configuring Flex Links
Switch Backup Interface Pairs: Active Interface Backup Interface State ------------------------------------------------------------------------ GigabitEthernet2/0/6 GigabitEthernet2/0/8 Active Down/Backup Up Vlans Preferred on Active Interface: 1-50 Vlans Preferred on Backup Interface: 60, 100-120 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 20-8 OL-12247-01...
Page 475: Configuring The Mac Address-Table Move Update Feature
VLAN ID on the interface, which is used for sending the MAC address-table move update. When one link is forwarding traffic, the other interface is in standby mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 20-9 OL-12247-01...
Page 476 Purpose Step 1 configure terminal Enter global configuration mode. Step 2 mac address-table move update receive Enable the switch to get and process the MAC address-table move updates. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 20-10 OL-12247-01...
Page 477: Monitoring Flex Links And The Mac Address-Table Move Update
Flex Links and the state of each active and backup backup interface (up or standby mode). show mac address-table Displays the MAC address-table move update information on the move update switch. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 20-11 OL-12247-01...
Page 478 Chapter 20 Configuring Flex Links and the MAC Address-Table Move Update Feature Monitoring Flex Links and the MAC Address-Table Move Update Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 20-12 OL-12247-01...
Page 479: Understanding Dhcp Features
For complete syntax and usage information for the commands used in this chapter, see the command reference for this release, and see the “DHCP Commands” section in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2.
Page 480: C H A P T E R 21 Configuring Dhcp Features And Ip Source Guard
Understanding DHCP Features For information about the DHCP client, see the “Configuring DHCP” section of the “IP Addressing and Services” section of the Cisco IOS IP Configuration Guide, Release 12.2. DHCP Server The DHCP server assigns IP addresses from specified address pools on a switch or router to DHCP clients and manages them.
Page 481: Option-82 Data Insertion
Note The DHCP option-82 feature is supported only when DHCP snooping is globally enabled and on the VLANs to which subscriber devices using this feature are assigned. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 21-3 OL-12247-01...
Page 482 Figure 21-2 do not change: Circuit-ID suboption fields • – Suboption type – Length of the suboption type – Circuit-ID type Length of the circuit-ID type – Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 21-4 OL-12247-01...
Page 483 In the port field of the circuit ID suboption, the port numbers start at 1. For example, on a switch with Cisco dual SFP X2 converter modules in the 10-Gigabit Ethernet module slots, port 1 is the internal Gigabit Ethernet 1/0/1 port, port 2 is the internal Gigabit Ethernet1/0/2 port, and so on. Because ports 19, 20, 21, and 22 are small form-factor pluggable (SFP) modules, port 19 is the Gigabit Ethernet1/0/19 port, port 20 is the Gigabit Ethernet1/0/20 port, and so on.
Page 484: Cisco Ios Dhcp Server Database
An address binding is a mapping between an IP address and a MAC address of a host in the Cisco IOS DHCP server database. You can manually assign the client IP address, or the DHCP server can allocate an IP address from a DHCP address pool.
Page 485 An entry has an expired lease time (the switch might not remove a binding entry when the lease time expires). • The interface in the entry no longer exists on the system. The interface is a routed interface or a DHCP snooping-trusted interface. • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 21-7 OL-12247-01...
Page 486: Configuration Guidelines
Checking the relay agent information Enabled (invalid messages are dropped) DHCP relay agent forwarding policy Replace the existing relay agent information DHCP snooping enabled globally Disabled DHCP snooping information option Enabled Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 21-8 OL-12247-01...
Page 487: Dhcp Snooping Configuration Guidelines
• DHCP server and the DHCP relay agent are configured and enabled. When you globally enable DHCP snooping on the switch, these Cisco IOS commands are not • available until snooping is disabled. If you enter these commands, the switch returns an error message, and the configuration is not applied.
Page 488: Configuring The Dhcp Server
EXEC command. Configuring the DHCP Server The switch can act as a DHCP server. By default, the Cisco IOS DHCP server and relay agent features are enabled on your switch but are not configured. These features are not operational.
Page 489: Configuring The Dhcp Relay Agent
To disable the DHCP server and relay agent, use the no service dhcp global configuration command. See the “Configuring DHCP” section of the “IP Addressing and Services” section of the Cisco IOS IP Configuration Guide, Release 12.2 for these procedures: •...
Page 490: Enabling Dhcp Snooping And Option 82
Note If the hostname is longer than 63 characters, it is truncated to 63 characters in the remote-ID configuration. The default remote ID is the switch MAC address. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 21-12 OL-12247-01...
Page 491 This example shows how to enable DHCP snooping globally and on VLAN 10 and to configure a rate limit of 100 packets per second on a port: Switch(config)# ip dhcp snooping Switch(config)# ip dhcp snooping vlan 10 Switch(config)# ip dhcp snooping information option Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 21-13 OL-12247-01...
Page 492: Enabling Dhcp Snooping On Private Vlans
VLANs, on which DHCP snooping is enabled. Enabling the Cisco IOS DHCP Server Database For procedures to enable and configure the Cisco IOS DHCP server database, see the “DHCP Configuration Task List” section in the “Configuring DHCP” chapter of the Cisco IOS IP Configuration Guide, Release 12.2.
Page 493: Displaying Dhcp Snooping Information
Displays the DHCP snooping binding database status and statistics. show ip dhcp snooping statistics Displays the DHCP snooping statistics in summary or detail form. show ip source binding Display the dynamically and statically configured bindings. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 21-15 OL-12247-01...
Page 494: Understanding Ip Source Guard
DHCP snooping or manually configured) are not configured, the switch creates and applies a port ACL that denies all IP traffic on the interface. If you disable IP source guard, the switch removes the port ACL from the interface. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 21-16 OL-12247-01...
Page 495: Source Ip And Mac Address Filtering
When forwarding packets from the server to the host, DHCP snooping uses the option-82 data to identify the host port. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 21-17...
Page 496: Enabling Ip Source Guard
Step 6 Return to privileged EXEC mode. Step 7 show ip verify source [interface Display the IP source guard configuration for all interfaces or for a interface-id] specific interface. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 21-18 OL-12247-01...
Page 497: Displaying Ip Source Guard Information
Commands for Displaying IP Source Guard Information Command Purpose show ip source binding Display the IP source bindings on a switch. show ip verify source Display the IP source guard configuration on the switch. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 21-19 OL-12247-01...
Page 498 Chapter 21 Configuring DHCP Features and IP Source Guard Displaying IP Source Guard Information Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 21-20 OL-12247-01...
Page 499: Understanding Dynamic Arp Inspection
ARP caches of systems connected to the subnet and by intercepting traffic intended for other hosts on the subnet. Figure 22-1 shows an example of ARP cache poisoning. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 22-1 OL-12247-01...
Page 500: C H A P T E R 22 Configuring Dynamic Arp Inspection
“Configuring ARP ACLs for Non-DHCP Environments” section on page 22-8. The switch logs dropped packets. For more information about the log buffer, see the “Logging of Dropped Packets” section on page 22-5. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 22-2 OL-12247-01...
Page 501: Interface Trust States And Network Security
Switch B (and Host 2, if the link between the switches is configured as trusted). This condition can occur even though Switch B is running dynamic ARP inspection. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 22-3...
Page 502: Rate Limiting Of Arp Packets
The switch first compares ARP packets to user-configured ARP ACLs. If the ARP ACL denies the ARP packet, the switch also denies the packet even if a valid binding exists in the database populated by DHCP snooping. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 22-4 OL-12247-01...
Page 503: Logging Of Dropped Packets
The rate is unlimited on all trusted interfaces. The burst interval is 1 second. ARP ACLs for non-DHCP environments No ARP ACLs are defined. Validation checks No checks are performed. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 22-5 OL-12247-01...
Page 504: Dynamic Arp Inspection Configuration Guidelines
30 pps on an EtherChannel that has one port on switch 1 and one port on switch 2, each port can receive packets at 29 pps without causing the EtherChannel to become error-disabled. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 22-6 OL-12247-01...
Page 505: Configuring Dynamic Arp Inspection In Dhcp Environments
This procedure is required. Command Purpose Step 1 show cdp neighbors Verify the connection between the switches. Step 2 configure terminal Enter global configuration mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 22-7 OL-12247-01...
Page 506: Configuring Arp Acls For Non-Dhcp Environments
This procedure shows how to configure dynamic ARP inspection when Switch B shown in Figure 22-2 on page 22-3 does not support dynamic ARP inspection or DHCP snooping. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 22-8 OL-12247-01...
Page 507 For more information, see the “Configuring the Log Buffer” section on page 22-13. Step 4 exit Return to global configuration mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 22-9 OL-12247-01...
Page 508 [acl-name] Verify your entries. show ip arp inspection vlan vlan-range show ip arp inspection interfaces Step 10 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 22-10 OL-12247-01...
Page 509: Limiting The Rate Of Incoming Arp Packets
ARP packets.The range is 1 to 15. For rate none, specify no upper limit for the rate of incoming ARP • packets that can be processed. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 22-11 OL-12247-01...
Page 510: Performing Validation Checks
Dynamic ARP inspection intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. You can configure the switch to perform additional checks on the destination MAC address, the sender and target IP addresses, and the source MAC address. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 22-12 OL-12247-01...
Page 511: Configuring The Log Buffer
VLAN with the same ARP parameters, the switch combines the packets as one entry in the log buffer and generates a single system message for the entry. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 22-13...
Page 512 The logs and interval settings interact. If the logs number X is greater than interval seconds Y, X divided by Y (X/Y) system messages are sent every second. Otherwise, one system message is sent every Y divided by X (Y/X) seconds. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 22-14 OL-12247-01...
Page 513: Displaying Dynamic Arp Inspection Information
ARP inspection for the specified VLAN. If no VLANs are specified or if a range is specified, displays information only for VLANs with dynamic ARP inspection enabled (active). Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 22-15 OL-12247-01...
Page 514 Displays the configuration and contents of the dynamic ARP inspection log buffer. For more information about these commands, see the command reference for this release. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 22-16 OL-12247-01...
Page 515 For complete syntax and usage information for the commands used in this chapter, see the switch Note command reference for this release and the “IP Multicast Routing Commands” section in the Cisco IOS IP Command Reference, Volume 3 of 3:Multicast, Release 12.2.
Page 516: Chapter 23 Configuring Igmp Snooping And Mvr
Leaving a Multicast Group, page 23-5 • Immediate Leave, page 23-6 • IGMP Configurable-Leave Timer, page 23-6 • IGMP Report Suppression, page 23-6 • IGMP Snooping and Switch Stacks, page 23-7 • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-2 OL-12247-01...
Page 517: Igmp Versions
The CPU also adds the interface where the join message was received to the forwarding-table entry. The blade server associated with that interface receives multicast traffic for that multicast group. See Figure 23-1. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-3 OL-12247-01...
Page 518 The information in the table tells the switching engine to send frames addressed to the 224.1.2.3 multicast IP address that are not IGMP packets to the router and to the host that has joined the group. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-4...
Page 519: Leaving A Multicast Group
If the router receives no reports from a VLAN, it removes the group for the VLAN from its IGMP cache. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-5...
Page 520: Immediate Leave
If you disable IGMP report suppression, all IGMP reports are forwarded to the multicast routers. For configuration steps, see the “Disabling IGMP Report Suppression” section on page 23-16. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-6 OL-12247-01...
Page 521: Igmp Snooping And Switch Stacks
Enabled globally and per VLAN Multicast routers None configured Multicast router learning (snooping) method PIM-DVMRP IGMP snooping Immediate Leave Disabled Static groups None configured flood query count TCN query solicitation Disabled Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-7 OL-12247-01...
Page 522: Enabling Or Disabling Igmp Snooping
(Optional) Save your entries in the configuration file. To disable IGMP snooping on a VLAN interface, use the no ip igmp snooping vlan vlan-id global configuration command for the specified VLAN number. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-8 OL-12247-01...
Page 523: Setting The Snooping Method
• Snooping on IGMP queries, Protocol-Independent Multicast (PIM) packets, and Distance Vector Multicast Routing Protocol (DVMRP) packets Listening to Cisco Group Management Protocol (CGMP) packets from other routers • • Statically connecting to a multicast router port with the ip igmp snooping mrouter global...
Page 524: Configuring A Multicast Router Port
Blade servers that are connected to Layer 2 ports normally join multicast groups dynamically. You can also statically configure a Layer 2 port, to which a blade server is connected, so that the port joins a multicast group. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-10 OL-12247-01...
Page 525: Enabling Igmp Immediate Leave
Verify that Immediate Leave is enabled on the VLAN interface. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-11 OL-12247-01...
Page 526: Configuring The Igmp Leave Timer
Controlling the Multicast Flooding Time After a TCN Event, page 23-13 • • Recovering from Flood Mode, page 23-13 • Disabling Multicast Flooding During a TCN Event, page 23-14 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-12 OL-12247-01...
Page 527: Controlling The Multicast Flooding Time After A Tcn Event
Return to privileged EXEC mode. Step 4 show ip igmp snooping Verify the TCN settings. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-13 OL-12247-01...
Page 528: Disabling Multicast Flooding During A Tcn Event
The IGMP snooping querier supports IGMP Versions 1 and 2. • When administratively enabled, the IGMP snooping querier moves to the nonquerier state if it • detects the presence of a multicast router in the network. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-14 OL-12247-01...
Page 529 Switch(config)# end This example shows how to set the IGMP snooping querier timeout to 60 seconds: Switch# configure terminal Switch(config)# ip igmp snooping querier timeout expiry 60 Switch(config)# end Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-15 OL-12247-01...
Page 530: Disabling Igmp Report Suppression
You can display IGMP snooping information for dynamically learned and statically configured router ports and VLAN interfaces. You can also display MAC address multicast entries for a VLAN configured for IGMP snooping. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-16 OL-12247-01...
Page 531 IGMP snooping querier in the VLAN. For more information about the keywords and options in these commands, see the command reference for this release. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-17 OL-12247-01...
Page 532: Understanding Multicast Vlan Registration
If a switch fails or is removed from the stack, only those receiver ports belonging to that switch will not receive the multicast data. All other receiver ports on other switches continue to receive the multicast data. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-18 OL-12247-01...
Page 533: Using Mvr In A Multicast Television Application
VLAN to the subscriber port in a different VLAN, selectively allowing traffic to cross between two VLANs. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-19 OL-12247-01...
Page 534: Configuring Mvr
Catalyst 3550 or Catalyst 3500 XL switches, you should not configure IP addresses that alias between themselves or with the reserved IP multicast addresses (in the range 224.0.0.xxx). Do not configure MVR on private VLAN ports. • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-20 OL-12247-01...
Page 535: Configuring Mvr Global Parameters
Return to privileged EXEC mode. Step 8 show mvr or show mvr members Verify the configuration. Step 9 copy running-config (Optional) Save your entries in the configuration file. startup-config Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-21 OL-12247-01...
Page 536: Default Configuration
This command applies to only receiver ports and should only be enabled on receiver ports to which a single receiver device is connected. Step 7 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-22 OL-12247-01...
Page 537: Displaying Mvr Information
If the members keyword is entered, displays all multicast group members on this port or, if a VLAN identification is entered, all multicast group members on the VLAN. The VLAN ID range is 1 to 1001 and 1006 to 4094. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-23 OL-12247-01...
Page 538: Configuring Igmp Filtering And Throttling
• Applying IGMP Profiles, page 23-26 (optional) • • Setting the Maximum Number of IGMP Groups, page 23-27 (optional) • Configuring the IGMP Throttling Action, page 23-27 (optional) Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-24 OL-12247-01...
Page 539: Default Igmp Filtering And Throttling Configuration
(Optional) Set the action to permit or deny access to the IP multicast address. If no action is configured, the default for the profile is to deny access. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-25 OL-12247-01...
Page 540: Applying Igmp Profiles
Step 4 Return to privileged EXEC mode. Step 5 show running-config interface Verify the configuration. interface-id Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-26 OL-12247-01...
Page 541: Setting The Maximum Number Of Igmp Groups
Use the no form of this command to return to the default, which is to drop the IGMP join report. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-27...
Page 542 (Optional) Save your entries in the configuration file. To return to the default action of dropping the report, use the no ip igmp max-groups action interface configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-28 OL-12247-01...
Page 543: Displaying Igmp Filtering And Throttling Configuration
Displays the configuration of the specified interface or the configuration of all interfaces interface-id] on the switch, including (if configured) the maximum number of IGMP groups to which an interface can belong and the IGMP profile applied to the interface. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-29 OL-12247-01...
Page 544 Chapter 23 Configuring IGMP Snooping and MVR Displaying IGMP Filtering and Throttling Configuration Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 23-30 OL-12247-01...
Page 545: Understanding Mld Snooping
Routing.”. Note For complete syntax and usage information for the commands used in this chapter, see the command reference for this release or the Cisco IOS documentation referenced in the procedures. This chapter includes these sections: • “Understanding MLD Snooping” section on page 24-1 •...
Page 546: Chapter 24 Configuring Ipv6 Mld Snooping
• MLD Reports, page 24-4 • MLD Done Messages and Immediate-Leave, page 24-4 • Topology Change Notification Processing, page 24-5 MLD Snooping in Switch Stacks, page 24-5 • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 24-2 OL-12247-01...
Page 547: Mld Messages
The default number is 2. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 24-3...
Page 548: Multicast Router Discovery
MASQs. A port is removed from membership to an address when there are no MLDv1 reports to the address on the port for the configured number of queries. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 24-4...
Page 549: Topology Change Notification Processing
Configuring a Multicast Router Port, page 24-8 • • Enabling MLD Immediate Leave, page 24-9 • Configuring MLD Snooping Queries, page 24-10 • Disabling MLD Listener Message Suppression, page 24-11 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 24-5 OL-12247-01...
Page 550: Default Mld Snooping Configuration
The maximum number of multicast entries allowed on the switch or switch stack is determined by the configured SDM template. • The maximum number of address entries allowed for the switch or switch stack is 1000. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 24-6 OL-12247-01...
Page 551: Enabling Or Disabling Mld Snooping
(Optional) Save your entries in the configuration file. To disable MLD snooping on a VLAN interface, use the no ipv6 mld snooping vlan vlan-id global configuration command for the specified VLAN number. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 24-7 OL-12247-01...
Page 552: Configuring A Static Multicast Group
(add a static connection to a multicast router), use the ipv6 mld snooping vlan mrouter global configuration command on the switch. Note Static connections to multicast routers are supported only on switch ports. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 24-8 OL-12247-01...
Page 553: Enabling Mld Immediate Leave
This example shows how to enable MLD Immediate Leave on VLAN 130: Switch# configure terminal Switch(config)# ipv6 mld snooping vlan 130 immediate-leave Switch(config)# exit Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 24-9 OL-12247-01...
Page 554: Configuring Mld Snooping Queries
(Optional) Verify that the MLD snooping querier information for the vlan-id] switch or for the VLAN. Step 12 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 24-10 OL-12247-01...
Page 555: Disabling Mld Listener Message Suppression
VLAN interfaces. You can also display MAC address multicast entries for a VLAN configured for MLD snooping. To display MLD snooping information, use one or more of the privileged EXEC commands in Table 24-2. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 24-11 OL-12247-01...
Page 556 Enter user to display MLD snooping user-configured group information for the switch or for a VLAN. show ipv6 mld snooping multicast-address vlan Display MLD snooping for the specified VLAN and IPv6 multicast vlan-id [ipv6-multicast-address] address. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 24-12 OL-12247-01...
Page 557: Configuring Storm Control
The switch counts the number of packets of a specified type received within the 1-second time interval and compares the measurement with a predefined suppression-level threshold. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 25-1 OL-12247-01...
Page 558 When the storm control threshold for multicast traffic is reached, all multicast traffic except control traffic, such as bridge protocol data unit (BDPU) and Cisco Discovery Protocol (CDP) frames, are blocked.However, the switch does not differentiate between routing updates, such as OSPF, and regular multicast data traffic, so both types of traffic are blocked.
Page 559: C H A P T E R 25 Configuring Port-Based Traffic Control
Beginning in privileged EXEC mode, follow these steps to storm control and threshold levels: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the interface to be configured, and enter interface configuration mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 25-3 OL-12247-01...
Page 560 Select the shutdown keyword to error-disable the port during a storm. • Select the trap keyword to generate an SNMP trap when a storm is detected. Step 5 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 25-4 OL-12247-01...
Page 561: Configuring Protected Ports
• Protected Port Configuration Guidelines, page 25-6 • • Configuring a Protected Port, page 25-6 Default Protected Port Configuration The default is to have no protected ports defined. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 25-5 OL-12247-01...
Page 562: Protected Port Configuration Guidelines
(protected or nonprotected) from flooding unknown unicast or multicast packets to other ports. These sections contain this configuration information: Default Port Blocking Configuration, page 25-7 • Blocking Flooded Traffic on an Interface, page 25-7 • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 25-6 OL-12247-01...
Page 563: Default Port Blocking Configuration
MAC addresses, a security violation occurs. Also, if a station with a secure MAC address configured or learned on one secure port attempts to access another secure port, a violation is flagged. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 25-7...
Page 564: Understanding Port Security
If you do not save the sticky secure addresses, they are lost. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 25-8...
Page 565: Security Violations
Table 25-1 shows the violation mode and the actions taken when you configure an interface for port security. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 25-9 OL-12247-01...
Page 566: Default Port Security Configuration
A secure port cannot belong to a Gigabit EtherChannel port group. Note Voice VLAN is only supported on access ports and not on trunk ports, even though the configuration is allowed. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 25-10 OL-12247-01...
Page 567 IP phone requires one MAC address. The Cisco IP phone address is learned on the voice VLAN, but is not learned on the access VLAN. If you connect a single PC to the Cisco IP phone, no additional MAC addresses are required. If you connect more than one PC to the Cisco IP phone, you must configure enough secure addresses to allow one for each PC and one for the phone.
Page 568: Enabling And Configuring Port Security
The voice keyword is available only if a voice VLAN is configured on a port and if that port is not the access VLAN. If an interface is configured for voice VLAN, configure a maximum of two secure MAC addresses. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 25-12 OL-12247-01...
Page 569 You can manually re-enable it by entering the shutdown and no shutdown interface configuration commands or by using the clear errdisable interface vlan privileged EXEC command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 25-13 OL-12247-01...
Page 570 VLAN. Step 11 Return to privileged EXEC mode. Step 12 show port-security Verify your entries. Step 13 copy running-config (Optional) Save your entries in the configuration file. startup-config Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 25-14 OL-12247-01...
Page 571 Switch(config-if)# switchport voice vlan 22 Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security maximum 20 Switch(config-if)# switchport port-security violation restrict Switch(config-if)# switchport port-security mac-address sticky Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0002 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 25-15 OL-12247-01...
Page 572: Enabling And Configuring Port Security Aging
Return to privileged EXEC mode. Step 5 show port-security [interface interface-id] Verify your entries. [address] Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 25-16 OL-12247-01...
Page 573: Port Security And Switch Stacks
Return to privileged EXEC mode. Step 6 show port-security [interface interface-id] Verify your entries. [address] Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 25-17 OL-12247-01...
Page 574: Displaying Port-Based Traffic Control Settings
Displays the number of secure MAC addresses configured per VLAN on the specified interface. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 25-18 OL-12247-01...
Page 575: Understanding Cdp
Monitoring and Maintaining CDP, page 26-5 Understanding CDP CDP is a device discovery protocol that runs over Layer 2 (the data link layer) on all Cisco-manufactured devices (routers, bridges, access servers, and switches) and allows network management applications to discover Cisco devices that are neighbors of already known devices. With CDP, network management applications can learn the device type and the Simple Network Management Protocol (SNMP) agent address of neighboring devices running lower-layer, transparent protocols.
Page 576: Cdp And Switch Stacks
Enter global configuration mode. Step 2 cdp timer seconds (Optional) Set the transmission frequency of CDP updates in seconds. The range is 5 to 254; the default is 60 seconds. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 26-2 OL-12247-01...
Page 577: Chapter 26 Configuring Cdp
Enable CDP after disabling it. Step 3 Return to privileged EXEC mode. This example shows how to enable CDP if it has been disabled. Switch# configure terminal Switch(config)# cdp run Switch(config)# end Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 26-3 OL-12247-01...
Page 578: Disabling And Enabling Cdp On An Interface
(Optional) Save your entries in the configuration file. This example shows how to enable CDP on a port when it has been disabled. Switch# configure terminal Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# cdp enable Switch(config-if)# end Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 26-4 OL-12247-01...
Page 579: Monitoring And Maintaining Cdp
You can limit the display to neighbors of a specific interface or expand the display to provide more detailed information. show cdp traffic Display CDP counters, including the number of packets sent and received and checksum errors. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 26-5 OL-12247-01...
Page 580 Chapter 26 Configuring CDP Monitoring and Maintaining CDP Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 26-6 OL-12247-01...
Page 581: Understanding Lldp
• Understanding LLDP The Cisco Discovery Protocol (CDP) is a device discovery protocol that runs over Layer 2 (the data link layer) on all Cisco-manufactured devices (routers, bridges, access servers, and switches). CDP allows network management applications to automatically discover and learn about other Cisco devices connected to the network.
Page 582: Chapter 27 Configuring Lldp And Lldp-Med
Allows an endpoint to transmit detailed inventory information about itself to the switch, including information hardware revision, firmware version, software version, serial number, manufacturer name, model name, and asset ID TLV. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 27-2 OL-12247-01...
Page 583: Default Lldp Configuration
LLDP timer (packet update frequency) 30 seconds LLDP reinitialization delay 2 seconds LLDP tlv-select Enabled to send and receive all TLVs. LLDP interface state Enabled LLDP receive Enabled Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 27-3 OL-12247-01...
Page 584: Configuring Lldp And Lldp-Med
Switch(config)# lldp holdtime 120 Switch(config)# lldp reinit 2 Switch(config)# lldp timer 30 Switch(config)# end For additional LLDP show commands, see the “Monitoring and Maintaining LLDP and LLDP-MED” section on page 27-7. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 27-4 OL-12247-01...
Page 585: Disabling And Enabling Lldp Globally
Step 3 no lldp transmit No LLDP packets are sent on the interface. Step 4 no lldp receive No LLDP packets are received on the interface. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 27-5 OL-12247-01...
Page 586: Configuring Lldp-Med Tlvs
Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the interface on which you are configuring a LLDP-MED TLV, and enter interface configuration mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 27-6 OL-12247-01...
Page 587 Display LLDP counters, including the number of packets sent and received, number of packets discarded, and number of unrecognized TLVs. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 27-7 OL-12247-01...
Page 588: Monitoring And Maintaining Lldp And Lldp-Med
Chapter 27 Configuring LLDP and LLDP-MED Monitoring and Maintaining LLDP and LLDP-MED Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 27-8 OL-12247-01...
Page 589: Understanding Udld
A unidirectional link occurs whenever traffic sent by a local device is received by its neighbor but traffic from the neighbor is not received by the local device. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 28-1 OL-12247-01...
Page 590: Chapter 28 Configuring Udld
Because this behavior is the same on all UDLD neighbors, the sender of the echoes expects to receive an echo in reply. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 28-2 OL-12247-01...
Page 591: Configuring Udld
• Configuration Guidelines, page 28-4 • Enabling UDLD Globally, page 28-5 • Enabling UDLD on an Interface, page 28-6 • Resetting an Interface Disabled by UDLD, page 28-6 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 28-3 OL-12247-01...
Page 592: Default Udld Configuration
Caution Loop guard works only on point-to-point links. We recommend that each end of the link has a directly connected device that is running STP. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 28-4 OL-12247-01...
Page 593: Enabling Udld Globally
To disable UDLD globally, use the no udld enable global configuration command to disable normal mode UDLD on all fiber-optic ports. Use the no udld aggressive global configuration command to disable aggressive mode UDLD on all fiber-optic ports. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 28-5 OL-12247-01...
Page 594: Enabling Udld On An Interface
The errdisable recovery cause udld global configuration command enables the timer to automatically recover from the UDLD error-disabled state, and the errdisable recovery interval interval global configuration command specifies the time to recover from the UDLD error-disabled state. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 28-6 OL-12247-01...
Page 595: Displaying Udld Status
To display the UDLD status for the specified port or for all ports, use the show udld [interface-id] privileged EXEC command. For detailed information about the fields in the command output, see the command reference for this release. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 28-7 OL-12247-01...
Page 596 Chapter 28 Configuring UDLD Displaying UDLD Status Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 28-8 OL-12247-01...
Page 597: Understanding Span And Rspan
You can use the SPAN or RSPAN destination port to inject traffic from a network security device. For example, if you connect a Cisco Intrusion Detection System (IDS) sensor appliance to a destination port, the IDS device can send TCP reset packets to close down the TCP session of a suspected attacker.
Page 598: Chapter 29 Configuring Span And Rspan
11 12 13 14 Network analyzer Figure 29-2 is an example of a local SPAN in a switch stack, where the source and destination ports reside on different stack members. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 29-2 OL-12247-01...
Page 599: Remote Span
RSPAN VLAN to a destination session monitoring the RSPAN VLAN. Each RSPAN source switch must have either ports or VLANs as RSPAN sources. The destination is always a physical port, as shown on Switch C in the figure. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 29-3 OL-12247-01...
Page 600: Span And Rspan Concepts And Terminology
RSPAN VLAN. To configure an RSPAN destination session on another device, you associate the destination port with the RSPAN VLAN. The destination session collects all RSPAN VLAN traffic and sends it out the RSPAN destination port. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 29-4 OL-12247-01...
Page 601 You can configure SPAN sessions on disabled ports; however, a SPAN session does not become active unless you enable the destination port and at least one source port or VLAN for that session. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 29-5...
Page 602: Monitored Traffic
The default configuration for local SPAN session ports is to send all packets untagged. SPAN also does not normally monitor bridge protocol data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol (PAgP).
Page 603: Source Ports
On a given port, only traffic on the monitored VLAN is sent to the destination port. • If a destination port belongs to a source VLAN, it is excluded from the source list and is not • monitored. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 29-7 OL-12247-01...
Page 604: Vlan Filtering
When it is active, incoming traffic is disabled. The port does not transmit any traffic except that • required for the SPAN session. Incoming traffic is never learned or forwarded on a destination port. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 29-8 OL-12247-01...
Page 605: Rspan Vlan
VLANs. For example, if a VLAN is being Rx-monitored and the switch routes traffic from another VLAN to the monitored VLAN, that traffic is not monitored and not received on the SPAN destination port. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 29-9 OL-12247-01...
Page 606 For SPAN sessions, do not enable IEEE 802.1x on ports with monitored egress when ingress forwarding is enabled on the destination port. For RSPAN source sessions, do not enable IEEE 802.1x on any ports that are egress monitored. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 29-10 OL-12247-01...
Page 607: Span And Rspan And Switch Stacks
SPAN Configuration Guidelines, page 29-12 • Creating a Local SPAN Session, page 29-13 • Creating a Local SPAN Session and Configuring Incoming Traffic, page 29-15 Specifying VLANs to Filter, page 29-16 • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 29-11 OL-12247-01...
Page 608: Span Configuration Guidelines
VLANs specified with this keyword is monitored. By default, all VLANs are monitored on a trunk port. • You cannot mix source VLANs and filter VLANs within a single SPAN session. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 29-12 OL-12247-01...
Page 609: Creating A Local Span Session
This is the default. • rx—Monitor received traffic. • • tx—Monitor sent traffic. Note You can use the monitor session session_number source command multiple times to configure multiple source ports. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 29-13 OL-12247-01...
Page 610 Switch(config)# no monitor session 1 source interface gigabitethernet1/0/1 rx The monitoring of traffic received on port 1 is disabled, but traffic sent from this port continues to be monitored. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 29-14 OL-12247-01...
Page 611: Creating A Local Span Session And Configuring Incoming Traffic
• isl—Forward ingress packets with ISL encapsulation. • untagged vlan vlan-id or vlan vlan-id—Accept incoming packets with untagged encapsulation type with the specified VLAN as the default VLAN. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 29-15 OL-12247-01...
Page 612: Specifying Vlans To Filter
(Optional) Use a comma (,) to specify a series of VLANs, or use a hyphen (-) to specify a range of VLANs. Enter a space before and after the comma; enter a space before and after the hyphen. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 29-16 OL-12247-01...
Page 613: Configuring Rspan
As RSPAN VLANs have special properties, you should reserve a few VLANs across your network • for use as RSPAN VLANs; do not assign access ports to these VLANs. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 29-17 OL-12247-01...
Page 614: Configuring A Vlan As An Rspan Vlan
Configure the VLAN as an RSPAN VLAN. Step 4 Return to privileged EXEC mode. Step 5 copy running-config startup-config (Optional) Save the configuration in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 29-18 OL-12247-01...
Page 615: Creating An Rspan Source Session
For session_number, enter the number defined in Step 3. For vlan-id, specify the source RSPAN VLAN to monitor. Step 5 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 29-19 OL-12247-01...
Page 616: Specifying Vlans To Filter
(Optional) Use a comma (,) to specify a series of VLANs or use a hyphen (-) to specify a range of VLANs. Enter a space before and after the comma; enter a space before and after the hyphen. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 29-20 OL-12247-01...
Page 617: Creating An Rspan Destination Session
For session_number, the range is 1 to 66. Specify all to remove all RSPAN sessions, local to remove all local sessions, or remote to remove all remote SPAN sessions. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 29-21 OL-12247-01...
Page 618: Creating An Rspan Destination Session And Configuring Incoming Traffic
RSPAN VLAN and the destination port, and to enable incoming traffic on the destination port for a network security device (such as a Cisco IDS Sensor Appliance). For details about the keywords not related to incoming traffic, see the “Creating an RSPAN Destination...
Page 619 VLAN 6 as the default receiving VLAN. Switch(config)# monitor session 2 source remote vlan 901 Switch(config)# monitor session 2 destination interface gigabitethernet1/0/2 ingress vlan 6 Switch(config)# end Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 29-23 OL-12247-01...
Page 620: Displaying Span And Rspan Status
To display the current SPAN or RSPAN configuration, use the show monitor user EXEC command. You can also use the show running-config privileged EXEC command to display configured SPAN or RSPAN sessions. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 29-24 OL-12247-01...
Page 621: Understanding Rmon
Note For complete syntax and usage information for the commands used in this chapter, see the “System Management Commands” section in the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2. This chapter consists of these sections: •...
Page 622: Chapter 30 Configuring Rmon
Configuring RMON Alarms and Events, page 30-3 (required) • Collecting Group History Statistics on an Interface, page 30-5 (optional) • • Collecting Group Ethernet Statistics on an Interface, page 30-5 (optional) Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 30-2 OL-12247-01...
Page 623: Default Rmon Configuration
(Optional) For event-number, specify the event number to trigger when the rising or falling threshold exceeds its limit. (Optional) For owner string, specify the owner • of the alarm. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 30-3 OL-12247-01...
Page 624 This example also generates an SNMP trap when the event is triggered. Switch(config)# rmon event 1 log trap eventtrap description "High ifOutErrors" owner jjones Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 30-4 OL-12247-01...
Page 625: Collecting Group History Statistics On An Interface
This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the interface on which to collect statistics, and enter interface configuration mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 30-5 OL-12247-01...
Page 626: Displaying Rmon Status
Displays the RMON statistics table. For information about the fields in these displays, see the “System Management Commands” section in the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 30-6 OL-12247-01...
Page 627: Understanding System Message Logging
Note For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2. This chapter consists of these sections: •...
Page 628: Configuring System Message Logging
The part of the message preceding the percent sign depends on the setting of the service sequence-numbers, service timestamps log datetime, service timestamps log datetime [localtime] [msec] [show-timezone], or service timestamps log uptime global configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 31-2 OL-12247-01...
Page 629: C H A P T E R 31 Configuring System Message Logging
00:00:47: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/2, changed state to up (Switch-2) 00:00:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down (Switch-2) 00:00:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/1, changed state to down 2 (Switch-2) Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 31-3 OL-12247-01...
Page 630: Default System Message Logging Configuration
When the logging process is disabled, messages appear on the console as soon as they are produced, often appearing in the middle of command output. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 31-4...
Page 631: Setting The Message Display Destination Device
Table 31-3 on page 31-10. By default, the log file receives debugging messages and numerically lower levels. Step 5 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 31-5 OL-12247-01...
Page 632: Synchronizing Log Messages
Therefore, unsolicited messages and debug command output are not interspersed with solicited device output and prompts. After the unsolicited messages appear, the console again displays the user prompt. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 31-6 OL-12247-01...
Page 633 (Optional) Save your entries in the configuration file. To disable synchronization of unsolicited messages and debug output, use the no logging synchronous [level severity-level | all] [limit number-of-buffers] line configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 31-7 OL-12247-01...
Page 634: Enabling And Disabling Time Stamps On Log Messages
This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 service sequence-numbers Enable sequence numbers. Step 3 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 31-8 OL-12247-01...
Page 635: Defining The Message Severity Level
To disable logging to syslog servers, use the no logging trap global configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 31-9...
Page 636: Limiting Syslog Messages Sent To The History Table And To Snmp
By default, one message of the level warning and numerically lower levels (see Table 31-3 on page 31-10) are stored in the history table even if syslog traps are not enabled. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 31-10 OL-12247-01...
Page 637: Enabling The Configuration-Change Logger
[end-number] | statistics} [provisioning] privileged EXEC command to display the complete configuration log or the log for specified parameters. The default is that configuration logging is disabled. For information about the commands, see the Cisco IOS Configuration Fundamentals and Network Management Command Reference, Release 12.3 T at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_command_reference_chapter0918 6a00801a8086.html#wp1114989...
Page 638: Configuring Unix Syslog Servers
Logging Messages to a UNIX Syslog Daemon Before you can send system log messages to a UNIX syslog server, you must configure the syslog daemon on a UNIX server. This procedure is optional. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 31-12 OL-12247-01...
Page 639: Configuring The Unix System Logging Facility
Step 4 logging facility facility-type Configure the syslog facility. See Table 31-4 on page 31-14 facility-type keywords. The default is local7. Step 5 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 31-13 OL-12247-01...
Page 640: Displaying The Logging Configuration
Displaying the Logging Configuration To display the logging configuration and the contents of the log buffer, use the show logging privileged EXEC command. For information about the fields in this display, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2.
Page 641: Understanding Snmp
Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. Note For complete syntax and usage information for the commands used in this chapter, see the command reference for this release and the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2. This chapter consists of these sections: •...
Page 642: Chapter 32 Configuring Snmp
A combination of the security level and the security model determine which security mechanism is used when handling an SNMP packet. Available security models are SNMPv1, SNMPv2C, and SNMPv3. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 32-2 OL-12247-01...
Page 643: Snmp Manager Functions
1. With this operation, an SNMP manager does not need to know the exact variable name. A sequential search is performed to find the needed variable from within a table. 2. The get-bulk command only works with SNMPv2 or later. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 32-3 OL-12247-01...
Page 644: Snmp Agent Functions
SNMP Network Get-request, Get-next-request, Network device Get-bulk, Set-request Get-response, traps SNMP Agent SNMP Manager For information on supported MIBs and how to access them, see Appendix A, “Supported MIBs.” Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 32-4 OL-12247-01...
Page 645: Snmp Notifications
-module interfaces) 10000–14500 Null 14501 1. SVI = switch virtual interface 2. SFP = small form-factor pluggable The switch might not use sequential values within a range. Note Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 32-5 OL-12247-01...
Page 646: Configuring Snmp
An SNMP group is a table that maps SNMP users to SNMP views. An SNMP user is a member of an SNMP group. An SNMP host is the recipient of an SNMP trap operation. An SNMP engine ID is a name for the local or remote SNMP engine. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 32-6 OL-12247-01...
Page 647: Disabling The Snmp Agent
The no snmp-server global configuration command disables all running versions (Version 1, Version 2C, and Version 3) on the device. No specific Cisco IOS command exists to enable SNMP. The first snmp-server global configuration command that you enter enables all versions of SNMP.
Page 648: Configuring Community Strings
Recall that the access list is always terminated by an implicit deny statement for everything. Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 32-8 OL-12247-01...
Page 649: Configuring Snmp Groups And Users
If you select remote, specify the ip-address of the device that • contains the remote copy of SNMP and the optional User Datagram Protocol (UDP) port on the remote device. The default is 162. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 32-9 OL-12247-01...
Page 650 64 characters) that is the name of the view in which you specify a notify, inform, or trap. (Optional) Enter access access-list with a string (not to exceed • 64 characters) that is the name of the access list. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 32-10 OL-12247-01...
Page 651: Configuring Snmp Notifications
A trap manager is a management station that receives and processes traps. Traps are system alerts that the switch generates when certain events occur. By default, no trap manager is defined, and no traps are sent. Switches running this Cisco IOS release can have an unlimited number of trap managers. Note Many commands use the word traps in the command syntax.
Page 652 Generates a trap for Open Shortest Path First (OSPF) changes. You can enable any or all of these traps: Cisco specific, errors, link-state advertisement, rate limit, retransmit, and state changes. Generates a trap for Protocol-Independent Multicast (PIM) changes. You can enable any or all of these traps: invalid PIM messages, neighbor changes, and rendezvous point (RP)-mapping changes.
Page 653 Step 4 snmp-server group groupname {v1 | Configure an SNMP group. v2c | v3 {auth | noauth | priv}} [read readview] [write writeview] [notify notifyview] [access access-list] Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 32-13 OL-12247-01...
Page 654 To enable a host to receive an inform, you must configure an snmp-server host informs command for the host and globally enable informs by using the snmp-server enable traps command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 32-14...
Page 655: Setting The Agent Contact And Location Information
Limit TFTP servers used for configuration file copies through access-list-number SNMP to the servers in the access list. For access-list-number, enter an IP standard access list numbered from 1 to 99 and 1300 to 1999. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 32-15 OL-12247-01...
Page 656: Snmp Examples
This example shows how to allow read-only access for all objects to members of access list 4 that use the comaccess community string. No other SNMP managers have access to any objects. SNMP Authentication Failure traps are sent by SNMPv2C to the host cisco.com using the community string public.
Page 657: Displaying Snmp Status
Switch(config)# snmp-server enable traps entity Switch(config)# snmp-server host cisco.com restricted entity This example shows how to enable the switch to send all traps to the host myhost.cisco.com using the community string public: Switch(config)# snmp-server enable traps Switch(config)# snmp-server host myhost.cisco.com public...
Page 658 Chapter 32 Configuring SNMP Displaying SNMP Status Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 32-18 OL-12247-01...
Page 659: Understanding Embedded Event Manager
For complete syntax and usage information for the commands used in this chapter, see the command reference for this release and the Cisco IOS Configuration Fundamentals and Network Management Command Reference, Release 12.3T. For complete configuration information, see the Cisco IOS Network Management Configuration Guide, Release 12.4T.
Page 660: Event Detectors
CLI and routing processes also run only from the master switch. The stack member switch does not generate events and does not support memory threshold notifications Note or IOSWdSysmon event detectors. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 33-2 OL-12247-01...
Page 661: C H A P T E R 33 Configuring Embedded Event Manager
• Counter event detector–Publishes an event when a named counter crosses a specified threshold. Interface counter event detector– Publishes an event when a generic Cisco IOS interface counter for • a specified interface crosses a defined threshold. A threshold can be specified as an absolute value or an incremental value.For example, if the incremental value is set to 50 an event would be...
Page 662: Embedded Event Manager Actions
TCL scripts policies continue to work. Cisco enhancements to TCL in the form of keyword extensions facilitate the development of EEM policies. These keywords identify the detected event, the subsequent action, utility information, counter values, and system information.
Page 663: Configuring Embedded Event Manager
Cisco built-in variables (available in EEM applets) Defined by Cisco and can be read-only or read-write. The read-only variables are set by the system before an applet starts to execute. The single read-write variable, _exit_status, allows you to set the exit status for policies triggered from synchronous events.
Page 664: Registering And Defining An Embedded Event Manager Tcl Script
This example shows the sample output for the show event manager environment command: Switch# show event manager environment all Name Value _cron_entry 0-59/2 0-23/1 * * 0-6 _show_cmd show ver _syslog_pattern .*UPDOWN.*Ethernet1/0.* Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 33-6 OL-12247-01...
Page 665: Displaying Embedded Event Manager Information
Switch(config)# event manager environment_cron_entry 0-59/2 0-23/1 * * 0-6 This example shows the sample EEM policy named tm_cli_cmd.tcl registered as a system policy. The system policies are part of the Cisco IOS image. User-defined TCL scripts must first be copied to flash memory.
Page 666 Chapter 33 Configuring Embedded Event Manager Displaying Embedded Event Manager Information Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 33-8 OL-12247-01...
Page 667: Understanding Acls
“Configuring IP Services” section in the “IP Addressing and Services” chapter of the Cisco IOS IP Configuration Guide, Release 12.2, and the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2.
Page 668: C H A P T E R 34 Configuring Network Security With Acls
ACL is applied are filtered by the port ACL. Incoming routed IP packets received on other ports are filtered by the router ACL. Other packets are not filtered. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-2 OL-12247-01...
Page 669: Port Acls
Blade Server A to access the Human Resources network, but prevent Blade Server B from accessing the same network. Port ACLs can only be applied to Layer 2 interfaces in the inbound direction. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-3 OL-12247-01...
Page 670: Router Acls
Standard IP access lists use source addresses for matching operations. • Extended IP access lists use source and destination addresses and optional protocol type information for matching operations. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-4 OL-12247-01...
Page 671: Vlan Maps
Permit ACEs that check the Layer 3 information in the fragment (including protocol type, such as • TCP, UDP, and so on) are considered to match the fragment regardless of what the missing Layer 4 information might have been. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-5 OL-12247-01...
Page 672: Acls And Switch Stacks
If packets must be forwarded by software for any reason (for example, not enough hardware resources), the master switch forwards the packets only after applying ACLs on the packets. • It programs its hardware with the ACL information it processes. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-6 OL-12247-01...
Page 673: Configuring Ipv4 Acls
ACL information to all switches in the stack. Configuring IPv4 ACLs Configuring IP v4ACLs on the switch is the same as configuring IPv4 ACLs on other Cisco switches and routers. The process is briefly described here. For more detailed information on configuring ACLs, see the “Configuring IP Services”...
Page 674: Creating Standard And Extended Ipv4 Acls
700–799 48-bit MAC address access list 800–899 IPX standard access list 900–999 IPX extended access list 1000–1099 IPX SAP access list 1100–1199 Extended 48-bit MAC address access list Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-8 OL-12247-01...
Page 675: Acl Logging
IP address of the packet, and the number of packets from that source permitted or denied in the prior 5-minute interval. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-9...
Page 676: Creating A Numbered Standard Acl
Switch (config)# access-list 2 deny host 171.69.198.102 Switch (config)# access-list 2 permit any Switch(config)# end Switch# show access-lists Standard IP access list 2 10 deny 171.69.198.102 20 permit any Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-10 OL-12247-01...
Page 677: Creating A Numbered Extended Acl
ICMP echo-reply cannot be filtered. All other ICMP codes or types can be filtered. Note For more details on the specific keywords for each protocol, see these command references: Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2 • •...
Page 678 DSCP value specified by a number • from 0 to 63, or use the question mark (?) to see a list of available values. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-12 OL-12247-01...
Page 679 TCP port. To see TCP port names, use the ? or see the “Configuring IP Services” section in the “IP Addressing and Services” chapter of the Cisco IOS IP Configuration Guide, Release 12.2. Use only TCP port numbers or names when filtering TCP.
Page 680 ICMP message type and code name. To see a list of ICMP message type names and code names, use the ?, or see the “Configuring IP Services” section of the Cisco IOS IP Configuration Guide, Release 12.2. Step access-list access-list-number (Optional) Define an extended IGMP access list and the access conditions.
Page 681: Resequencing Aces In An Acl
The ACL must be an extended named ACL. – match input-interface interface-id-list match ip dscp dscp-list – match ip precedence ip-precedence-list – You cannot enter the match access-group acl-index command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-15 OL-12247-01...
Page 682 Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To remove a named extended ACL, use the no ip access-list extended name global configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-16 OL-12247-01...
Page 683: Using Time Ranges With Acls
Network Time Protocol (NTP) to synchronize the switch clock. For more information, see the “Managing the System Time and Date” section on page 6-1. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-17 OL-12247-01...
Page 684 Switch(config)# access-list 188 permit tcp any any time-range workhours Switch(config)# end Switch# show access-lists Extended IP access list 188 10 deny tcp any any time-range new_year_day_2006 (inactive) 20 permit tcp any any time-range workhours (inactive) Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-18 OL-12247-01...
Page 685: Including Comments In Acls
For procedures for applying ACLs to interfaces, see the “Applying an IPv4 ACL to an Interface” section on page 34-20. For applying ACLs to VLANs, see the “Configuring VLAN Maps” section on page 34-29. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-19 OL-12247-01...
Page 686: Applying An Ipv4 Acl To An Interface
These access-group denied packets are not dropped in hardware but are bridged to the switch CPU so that it can generate the ICMP-unreachable message. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-20...
Page 687 When you apply an undefined ACL to an interface, the switch acts as if the ACL has not been applied to the interface and permits all packets. Remember this behavior if you use undefined ACLs for network security. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-21 OL-12247-01...
Page 688: Hardware And Software Treatment Of Ip Acls
This section provides examples of configuring and applying IPv4 ACLs. For detailed information about compiling ACLs, see the Cisco IOS Security Configuration Guide, Release 12.2 and to the Configuring IP Services” section in the “IP Addressing and Services” chapter of the Cisco IOS IP Configuration Guide, Release 12.2.
Page 689 Switch(config)# access-list 106 permit ip any 172.20.128.64 0.0.0.31 Switch(config)# end Switch# show access-lists Extended IP access list 106 10 permit ip any 172.20.128.64 0.0.0.31 Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# ip access-group 106 in Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-23 OL-12247-01...
Page 690: Numbered Acls
Internet. Switch(config)# access-list 102 permit tcp any 128.88.0.0 0.0.255.255 established Switch(config)# access-list 102 permit tcp any host 128.88.1.2 eq 25 Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# ip access-group 102 in Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-24 OL-12247-01...
Page 691: Named Acls
Switch(config)# access-list 1 remark Permit only Jones server through Switch(config)# access-list 1 permit 171.69.2.88 Switch(config)# access-list 1 remark Do not allow Smith server through Switch(config)# access-list 1 deny 171.69.3.13 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-25 OL-12247-01...
Page 692: Acl Logging
Switch(config)# ip access-list extended ext1 Switch(config-ext-nacl)# permit icmp any 10.1.1.0 0.0.0.255 log Switch(config-ext-nacl)# deny udp any any log Switch(config-std-nacl)# exit Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# ip access-group ext1 in Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-26 OL-12247-01...
Page 693: Creating Named Mac Extended Acls
Beginning in privileged EXEC mode, follow these steps to create a named MAC extended ACL: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 mac access-list extended name Define an extended MAC access list using a name. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-27 OL-12247-01...
Page 694: Applying A Mac Acl To A Layer 2 Interface
You can apply no more than one IP access list and one MAC access list to the same Layer 2 interface. The IP access list filters only IP packets, and the MAC access list filters non-IP packets. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-28...
Page 695: Configuring Vlan Maps
If there is no match clause for that type of packet, the default is to forward the packet. For complete syntax and usage information for the commands used in this section, see the command reference for this release. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-29 OL-12247-01...
Page 696: Vlan Map Configuration Guidelines
• You can configure VLAN maps on primary and secondary VLANs. However, we recommend that you configure the same VLAN maps on private-VLAN primary and secondary VLANs. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-30 OL-12247-01...
Page 697: Creating A Vlan Map
ACL that would match the packet, and set the action to drop. A permit in the ACL counts as a match. A deny in the ACL means no match. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-31...
Page 698: Examples Of Acls And Vlan Maps
Switch(config)# vlan access-map drop-ip-default 20 Switch(config-access-map)# match ip address igmp-match Switch(config-access-map)# action drop Switch(config-access-map)# exit Switch(config)# vlan access-map drop-ip-default 30 Switch(config-access-map)# match ip address tcp-match Switch(config-access-map)# action forward Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-32 OL-12247-01...
Page 699 Switch(config)# vlan access-map drop-all-default 10 Switch(config-access-map)# match ip address tcp-match Switch(config-access-map)# action forward Switch(config-access-map)# exit Switch(config)# vlan access-map drop-all-default 20 Switch(config-access-map)# match mac address good-hosts Switch(config-access-map)# action forward Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-33 OL-12247-01...
Page 700: Applying A Vlan Map To A Vlan
(see Figure 34-4): • Hosts in subnet 10.1.2.0/8 in VLAN 20 should not have access. • Hosts 10.1.1.4 and 10.1.1.8 in VLAN 10 should not have access. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-34 OL-12247-01...
Page 701: Using Vlan Maps With Router Acls
VLAN map to access control the bridged traffic. If a packet flow matches a VLAN-map deny clause in the ACL, regardless of the router ACL configuration, the packet flow is denied. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-35 OL-12247-01...
Page 702: Vlan Maps And Router Acl Configuration Guidelines
ACEs with Layer 4 information, put the Layer 4 ACEs at the end of the list. This gives priority to the filtering of traffic based on IP addresses. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-36 OL-12247-01...
Page 703: Examples Of Router Acls And Vlan Maps Applied To Vlans
ACL is applied on fallback-bridged packets. For bridged packets, only Layer 2 ACLs are applied to the input VLAN. Only non-IP, non-ARP packets can be fallback-bridged. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-37...
Page 704: Acls And Routed Packets
Applying ACLs on Routed Packets Input Output VLAN 10 router router VLAN 20 Frame Blade server A Blade server B (VLAN 10) (VLAN 20) Routing function VLAN 10 VLAN 20 Packet Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-38 OL-12247-01...
Page 705: Acls And Multicast Packets
(numbered or named). show ip access-lists [number | name] Display the contents of all current IP access lists or a specific IP access list (numbered or named). Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-39 OL-12247-01...
Page 706 Show information about all VLAN access maps or the specified access map. show vlan filter [access-map name | vlan vlan-id] Show information about all VLAN filters or about a specified VLAN or VLAN access map. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 34-40 OL-12247-01...
Page 707: Understanding Ipv6 Acls
For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release or the Cisco IOS documentation referenced in the procedures. This chapter contains these sections: Understanding IPv6 ACLs, page 35-2 •...
Page 708: Chapter 35 Configuring Ipv6 Acl
These sections describe some characteristics of IPv6 ACLs on the switch: • Supported ACL Features, page 35-3 • IPv6 ACL Limitations, page 35-3 IPv6 ACLs and Switch Stacks, page 35-3 • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 35-2 OL-12247-01...
Page 709: Configuring Ipv6 Acls
With IPv4, you can configure standard and extended numbered IP ACLs, named IP ACLs, and MAC ACLs. IPv6 supports only named ACLs. The switch supports most Cisco IOS-supported IPv6 ACLs with some exceptions: • The switch does not support matching on these keywords: flowlabel, routing header, and undetermined-transport.
Page 710: Default Ipv6 Acl Configuration
Layer 2 or Layer 3 interface. If you use the wrong command to attach an ACL (for example, an IPv4 command to attach an IPv6 ACL), you receive an error message. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 35-4...
Page 711: Creating Ipv6 Acls
Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ipv6 access-list access-list-name Define an IPv6 access list using a name, and enter IPv6 access-list configuration mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 35-5 OL-12247-01...
Page 712 The acceptable range is from 1 to 4294967295. (Optional) Enter time-range name to specify the time range that applies to • the deny or permit statement. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 35-6 OL-12247-01...
Page 713 Return to privileged EXEC mode. Step 5 show ipv6 access-list Verify the access list configuration. Step 6 copy running-config (Optional) Save your entries in the configuration file. startup-config Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 35-7 OL-12247-01...
Page 714: Applying An Ipv6 Acl To An Interface
This example configures the IPv6 access list named CISCO. The first deny entry in the list denies all packets that have a destination TCP port number greater than 5000. The second deny entry denies packets that have a source UDP port number less than 5000.
Page 715: Displaying Ipv6 Acls
Use the no ipv6 traffic-filter access-list-name interface configuration command to remove an access list from an interface. This example shows how to apply the access list Cisco to outbound traffic on a Layer 3 interface: Switch(config)# interface gigabitethernet 1/0/3 Switch(config-if)# no switchport...
Page 716 Chapter 35 Configuring IPv6 ACLs Displaying IPv6 ACLs Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 35-10 OL-12247-01...
Page 717: Configuring Qos
The switch supports some of the modular QoS CLI (MQC) commands. For more information about the MQC commands, see the “Modular Quality of Service Command-Line Interface Overview” at this site: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter0918 6a00800bd908.html9 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-1 OL-12247-01...
Page 718: Chapter 36 Configuring Qo
IP precedence values. IP precedence values range from 0 to 7. DSCP values range from 0 to 63. IPv6 QoS is not supported in this release. Note Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-2 OL-12247-01...
Page 719: Basic Qos Model
(police and mark), and provide different treatment (queue and schedule) in all situations where resource contention exists. The switch also needs to ensure that traffic sent from it meets a specific traffic profile (shape). Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-3 OL-12247-01...
Page 720 • One of the queues (queue 1) can be the expedited queue, which is serviced until empty before the other queues are serviced. Figure 36-2 Basic QoS Model Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-4 OL-12247-01...
Page 721: Classification
For information on the maps described in this section, see the “Mapping Tables” section on page 36-12. For configuration information on port trust states, see the “Configuring Classification Using Port Trust States” section on page 36-35. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-5 OL-12247-01...
Page 722 Assign the DSCP or CoS as specified Assign the default Generate the DSCP by using by ACL action to generate the QoS label. DSCP (0). the CoS-to-DSCP map. Done Done Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-6 OL-12247-01...
Page 723: Classification Based On Qos Acls
In this mode, you specify the actions to take on a specific traffic class by using the class, trust, or set policy-map configuration and policy-map class configuration commands. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-7 OL-12247-01...
Page 724: Policing And Marking
“Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps” section on page 36-52, and the “Classifying, Policing, and Marking Traffic by Using Aggregate Policers” section on page 36-58. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-8 OL-12247-01...
Page 725: Policing On Physical Ports
A nonhierarchical policy map on a physical port. The interface level of a hierarchical policy map attached to an SVI. The physical ports are specified • in this secondary policy map. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-9 OL-12247-01...
Page 726: Policing On Svis
SVI. The second level, the interface level, specifies the actions to be taken against the traffic on the physical ports that belong to the SVI and are specified in the interface-level policy map. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-10 OL-12247-01...
Page 727 Pass through Drop Check out-of-profile action Drop packet. configured for this policer. Mark Modify DSCP according to the policed-DSCP map. Generate a new QoS label. Done Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-11 OL-12247-01...
Page 728: Mapping Tables
Scheduling on Ingress Queues” section on page 36-15. For information about the DSCP and CoS output queue threshold maps, see the “Queueing and Scheduling on Egress Queues” section on page 36-17. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-12 OL-12247-01...
Page 729: Queueing And Scheduling Overview
Suppose the queue is already filled with 600 frames, and a new frame arrives. It contains CoS values 4 and 5 and is subjected to the 60-percent threshold. If this frame is added to the queue, the threshold will be exceeded, so the switch drops it. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-13 OL-12247-01...
Page 730: Srr Shaping And Sharing
“Allocating Bandwidth Between the Ingress Queues” section on page 36-68, the “Configuring SRR Shaped Weights on Egress Queues” section on page 36-75, and the “Configuring SRR Shared Weights on Egress Queues” section on page 36-76. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-14 OL-12247-01...
Page 731: Queueing And Scheduling On Ingress Queues
The expedite queue has guaranteed bandwidth. 1. The switch uses two nonconfigurable queues for traffic that is essential for proper network and stack operation. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-15 OL-12247-01...
Page 732 For configuration information, see the “Configuring Ingress Queue Characteristics” section on page 36-66. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-16 OL-12247-01...
Page 733: Queueing And Scheduling On Egress Queues
All traffic leaving an egress port flows through one of these four queues and is subjected to a threshold based on the QoS label assigned to the packet. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-17...
Page 734 The switch can allocate the needed buffers from the common pool if the common pool is not empty. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-18...
Page 735: Packet Modification
DSCP to the CPU where it is again processed through software. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-19...
Page 736: Configuring Auto-Qos
The switch uses the resulting classification to choose the appropriate egress queue. You use auto-QoS commands to identify ports connected to Cisco IP Phones and to devices running the Cisco SoftPhone application. You also use the commands to identify ports that receive trusted traffic through an uplink.
Page 737: Generated Auto-Qos Configuration
When you enter the auto qos voip cisco-softphone interface configuration command on a port at • the edge of the network that is connected to a device running the Cisco SoftPhone, the switch uses policing to determine whether a packet is in or out of profile and to specify the action on the packet.
Page 738 Ensure Port Security” section on page 36-38. When you enable auto-QoS by using the auto qos voip cisco-phone, the auto qos voip cisco-softphone, or the auto qos voip trust interface configuration command, the switch automatically generates a QoS configuration based on the traffic type and ingress packet label and applies the commands listed in Table 36-5 to the port.
Page 739 Switch(config)# mls qos srr-queue input bandwidth 90 Switch(config)# mls qos srr-queue input threshold 1 8 16 Switch(config)# mls qos srr-queue input threshold 2 34 66 Switch(config)# mls qos srr-queue input buffers 67 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-23 OL-12247-01...
Page 740 After creating the class maps and policy maps, the switch Switch(config-if)# service-policy input AutoQoS-Police-SoftPhone automatically applies the policy map called AutoQoS-Police-SoftPhone to an ingress interface on which auto-QoS with the Cisco SoftPhone feature is enabled. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-24 OL-12247-01...
Page 741: Effects Of Auto-Qos On The Configuration
By default, the CDP is enabled on all ports. For auto-QoS to function properly, do not disable the • CDP. When enabling auto-QoS with a Cisco IP Phone on a routed port, you must assign a static IP address • to the IP phone.
Page 742: Enabling Auto-Qos For Voip
Step 2 interface interface-id Specify the port that is connected to a Cisco IP Phone, the port that is connected to a device running the Cisco SoftPhone feature, or the uplink port that is connected to another trusted switch or router in the interior of the network, and enter interface configuration mode.
Page 743: Auto-Qos Configuration Example
VoIP traffic is prioritized over all other traffic. Auto-QoS is enabled on the switches in the network at the edge of the QoS domain. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-27...
Page 744 Step 6 exit Return to global configuration mode. Step 7 Repeat Steps 4 to 6 for as many ports as are connected to the Cisco IP Phone. Step 8 interface interface-id Specify the switch port identified as connected to a trusted switch or router, and enter interface configuration mode.
Page 745: Displaying Auto-Qos Information
(optional, unless you need to use the DSCP-to-DSCP-mutation map or the policed-DSCP map) • Configuring Ingress Queue Characteristics, page 36-66 (optional) • Configuring Egress Queue Characteristics, page 36-70 (optional) Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-29 OL-12247-01...
Page 746: Default Standard Qos Configuration
DSCP input queue threshold map when QoS is enabled. Table 36-8 Default DSCP Input Queue Threshold Map DSCP Value Queue ID–Threshold ID 0–39 1–1 40–47 2–1 48–63 1–1 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-30 OL-12247-01...
Page 747: Default Egress Queue Configuration
DSCP output queue threshold map when QoS is enabled. Table 36-11 Default DSCP Output Queue Threshold Map DSCP Value Queue ID–Threshold ID 0–15 2–1 16–31 3–1 32–39 4–1 40–47 1–1 48–63 4–1 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-31 OL-12247-01...
Page 748: Default Mapping Table Configuration
Incoming traffic is classified, policed, and marked down (if configured) regardless of whether the traffic is bridged, routed, or sent to the CPU. It is possible for bridged frames to be dropped or to have their DSCP and CoS values modified. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-32 OL-12247-01...
Page 749: Policing Guidelines
QoS processing. • You are likely to lose data when you change queue settings; therefore, try to make changes when traffic is at a minimum. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-33 OL-12247-01...
Page 750: Enabling Qos Globally
By default, VLAN-based QoS is disabled on all physical switch ports. The switch applies QoS, including class maps and policy maps, only on a physical-port basis. In Cisco IOS Release 12.2(25)SE or later, yYou can enable VLAN-based QoS on a switch port.
Page 751: Configuring Classification Using Port Trust States
QoS domain can be configured to one of the trusted states because there is no need to classify the packets at every switch within the QoS domain. Figure 36-12 shows a sample network topology. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-35 OL-12247-01...
Page 752 Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the port to be trusted, and enter interface configuration mode. Valid interfaces include physical ports. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-36 OL-12247-01...
Page 753: Configuring The Cos Value For An Interface
Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the port to be configured, and enter interface configuration mode. Valid interfaces include physical ports. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-37 OL-12247-01...
Page 754: Configuring A Trusted Boundary To Ensure Port Security
CoS setting). By contrast, trusted boundary uses CDP to detect the presence of a Cisco IP Phone (such as the Cisco IP Phone 7910, 7935, 7940, and 7960) on a switch port. If the telephone is not detected, the trusted boundary feature disables the trusted setting on the switch port and prevents misuse of a high-priority queue.
Page 755: Enabling Dscp Transparency Mode
Configuring QoS Configuring Standard QoS In some situations, you can prevent a PC connected to the Cisco IP Phone from taking advantage of a high-priority data queue. You can use the switchport priority extend cos interface configuration command to configure the telephone through the switch CLI to override the priority of the traffic received from the PC.
Page 756: Configuring The Dscp Trust State On A Port Bordering Another Qos Domain
QoS. If the two domains use different DSCP values, you can configure the DSCP-to-DSCP-mutation map to translate a set of DSCP values to match the definition in the other domain. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-40 OL-12247-01...
Page 757 Return to privileged EXEC mode. Step 7 show mls qos maps dscp-mutation Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-41 OL-12247-01...
Page 758: Configuring A Qos Policy
• • Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps, page 36-52 • Classifying, Policing, and Marking Traffic by Using Aggregate Policers, page 36-58 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-42 OL-12247-01...
Page 759: Classifying Traffic By Using Acls
Switch(config)# access-list 1 permit 192.5.255.0 0.0.0.255 Switch(config)# access-list 1 permit 128.88.0.0 0.0.255.255 Switch(config)# access-list 1 permit 36.0.0.0 0.0.0.255 ! (Note: all other access implicitly denied) Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-43 OL-12247-01...
Page 760 This example shows how to create an ACL that permits PIM traffic from any source to a destination group address of 224.0.0.2 with a DSCP set to 32: Switch(config)# access-list 102 permit pim any 224.0.0.2 dscp 32 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-44 OL-12247-01...
Page 761 MAC address 0001.0000.0002 to the host with MAC address 0002.0000.0002. Switch(config)# mac access-list extended maclist1 Switch(config-ext-macl)# permit 0001.0000.0001 0.0.0 0002.0000.0001 0.0.0 Switch(config-ext-macl)# permit 0001.0000.0002 0.0.0 0002.0000.0002 0.0.0 xns-idp ! (Note: all other access implicitly denied) Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-45 OL-12247-01...
Page 762: Classifying Traffic By Using Class Maps
See “Creating Named Standard and Extended ACLs” section on page 34-15 for limitations when using the match-all and the match-any keywords. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-46 OL-12247-01...
Page 763 This example shows how to create a class map called class3, which matches incoming traffic with IP-precedence values of 5, 6, and 7: Switch(config)# class-map class3 Switch(config-cmap)# match ip precedence 5 6 7 Switch(config-cmap)# end Switch# Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-47 OL-12247-01...
Page 764: Classifying, Policing, And Marking Traffic On Physical Ports By Using Policy Maps
For information on configuring a hierarchical policy map, see Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps, page 36-52. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-48 OL-12247-01...
Page 765 By default, no policy map class-maps are defined. If a traffic class has already been defined by using the class-map global configuration command, specify its name for class-map-name in this command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-49 OL-12247-01...
Page 766 DSCP value (by using the policed-DSCP map) and to send the packet. For more information, see the “Configuring the Policed-DSCP Map” section on page 36-62. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-50 OL-12247-01...
Page 767 Switch(config-ext-mac)# permit 0001.0000.0001 0.0.0 0002.0000.0001 0.0.0 Switch(config-ext-mac)# permit 0001.0000.0002 0.0.0 0002.0000.0002 0.0.0 xns-idp Switch(config-ext-mac)# exit Switch(config)# mac access-list extended maclist2 Switch(config-ext-mac)# permit 0001.0000.0003 0.0.0 0002.0000.0003 0.0.0 Switch(config-ext-mac)# permit 0001.0000.0004 0.0.0 0002.0000.0004 0.0.0 aarp Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-51 OL-12247-01...
Page 768: Classifying, Policing, And Marking Traffic On Svis By Using Hierarchical Policy Maps
The actions specified in the VLAN-level policy map affect the traffic belonging to the SVI. The police action on the port-level policy map affects the ingress traffic on the affected physical interfaces. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-52 OL-12247-01...
Page 769 See “Creating Named Standard and Extended ACLs” section on page 34-15 for limitations when using the match-all and the match-any keywords. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-53 OL-12247-01...
Page 770 This command can only be used in the child-level policy map and must be the only match condition in the child-level policy map. Step 8 exit Return to class-map configuration mode. Step 9 exit Return to global configuration mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-54 OL-12247-01...
Page 771 By default, no policy-map class-maps are defined. If a traffic class has already been defined by using the class-map global configuration command, specify its name for class-map-name in this command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-55 OL-12247-01...
Page 772 Step 21 exit Return to global configuration mode. Step 22 interface interface-id Specify the SVI to which to attach the hierarchical policy map, and enter interface configuration mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-56 OL-12247-01...
Page 773 Switch(config)# policy-map port-plcmap Switch(config-pmap)# class-map cm-interface-1 Switch(config-pmap-c)# police 900000 9000 exc policed-dscp-transmit Switch(config-pmap-c)# exit Switch(config-pmap)# exit Switch(config)# policy-map vlan-plcmap Switch(config-pmap)# class-map cm-1 Switch(config-pmap-c)# set dscp 7 Switch(config-pmap-c)# service-policy port-plcmap-1 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-57 OL-12247-01...
Page 774: Classifying, Policing, And Marking Traffic By Using Aggregate Policers
Create a class map to classify traffic as necessary. For more class-map-name information, see the “Classifying Traffic by Using Class Maps” section on page 36-46 and the “Creating Named Standard and Extended ACLs” section on page 34-15. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-58 OL-12247-01...
Page 775 Switch(config)# mls qos aggregate-police transmit1 48000 8000 exceed-action policed-dscp-transmit Switch(config)# class-map ipclass1 Switch(config-cmap)# match access-group 1 Switch(config-cmap)# exit Switch(config)# class-map ipclass2 Switch(config-cmap)# match access-group 2 Switch(config-cmap)# exit Switch(config)# policy-map aggflow1 Switch(config-pmap)# class ipclass1 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-59 OL-12247-01...
Page 776: Configuring Dscp Maps
CoS-to-DSCP map. Table 36-12 Default CoS-to-DSCP Map CoS Value DSCP Value If these values are not appropriate for your network, you need to modify them. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-60 OL-12247-01...
Page 777: Configuring The Ip-Precedence-To-Dscp Map
IP-precedence-to-DSCP map: Table 36-13 Default IP-Precedence-to-DSCP Map IP Precedence Value DSCP Value If these values are not appropriate for your network, you need to modify them. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-61 OL-12247-01...
Page 778: Configuring The Policed-Dscp Map
Return to privileged EXEC mode. Step 4 show mls qos maps policed-dscp Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-62 OL-12247-01...
Page 779: Configuring The Dscp-To-Cos Map
Default DSCP-to-CoS Map DSCP Value CoS Value 0–7 8–15 16–23 24–31 32–39 40–47 48–55 56–63 If these values are not appropriate for your network, you need to modify them. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-63 OL-12247-01...
Page 780: Configuring The Dscp-To-Dscp-Mutation Map
You can configure multiple DSCP-to-DSCP-mutation maps on an ingress port. The default DSCP-to-DSCP-mutation map is a null map, which maps an incoming DSCP value to the same DSCP value. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-64 OL-12247-01...
Page 781 30 30 30 30 30 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-65 OL-12247-01...
Page 782: Configuring Ingress Queue Characteristics
Allocating Buffer Space Between the Ingress Queues, page 36-68 (optional) • Allocating Bandwidth Between the Ingress Queues, page 36-68 (optional) Configuring the Ingress Priority Queue, page 36-69 (optional) • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-66 OL-12247-01...
Page 783: Mapping Dscp Or Cos Values To An Ingress Queue And Setting Wtd Thresholds
To return to the default WTD threshold percentages, use the no mls qos srr-queue input threshold queue-id global configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-67 OL-12247-01...
Page 784: Allocating Buffer Space Between The Ingress Queues
SRR scheduler sends packets from each queue. The bandwidth and the buffer allocation control how much data can be buffered before packets are dropped. On ingress queues, SRR operates only in shared mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-68 OL-12247-01...
Page 785: Configuring The Ingress Priority Queue
Then, SRR shares the remaining bandwidth with both ingress queues and services them as specified by the weights configured with the mls qos srr-queue input bandwidth weight1 weight2 global configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-69 OL-12247-01...
Page 786: Configuring Egress Queue Characteristics
Does the bandwidth of the port need to be rate limited? • How often should the egress queues be serviced and which technique (shaped, shared, or both) should be used? Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-70 OL-12247-01...
Page 787: Allocating Buffer Space To And Setting Wtd Thresholds For An Egress Queue-Set
The egress queue default settings are suitable for most situations. You should change them only when Note you have a thorough understanding of the egress queues and if these settings do not meet your QoS solution. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-71 OL-12247-01...
Page 788 For qset-id, enter the ID of the queue-set specified in Step 2. The range is 1 to 2. The default is 1. Step 6 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-72 OL-12247-01...
Page 789: Mapping Dscp Or Cos Values To An Egress Queue And To A Threshold Id
The egress queue default settings are suitable for most situations. You should change them only when you have a thorough understanding of the egress queues and if these settings do not meet your QoS solution. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-73 OL-12247-01...
Page 790 This example shows how to map DSCP values 10 and 11 to egress queue 1 and to threshold 2: Switch(config)# mls qos srr-queue output dscp-map queue 1 threshold 2 10 11 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-74...
Page 791: Configuring Srr Shaped Weights On Egress Queues
2, 3, and 4 are set to 0, these queues operate in shared mode. The bandwidth weight for queue 1 is 1/8, which is 12.5 percent: Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# srr-queue bandwidth shape 8 0 0 0 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-75 OL-12247-01...
Page 792: Configuring Srr Shared Weights On Egress Queues
You can ensure that certain packets have priority over all others by queuing them in the egress expedite queue. SRR services this queue until it is empty before servicing the other queues. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-76...
Page 793: Limiting The Bandwidth On An Egress Interface
The range is 10 to 90. By default, the port is not rate limited and is set to 100 percent. Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-77 OL-12247-01...
Page 794: Displaying Standard Qos Information
The control-plane and interface keywords are not supported, and the statistics shown in the display should be ignored. show running-config | include rewrite Display the DSCP transparency setting. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-78 OL-12247-01...
Page 795 Chapter 36 Configuring QoS Displaying Standard QoS Information Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-79 OL-12247-01...
Page 796 Chapter 36 Configuring QoS Displaying Standard QoS Information Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 36-80 OL-12247-01...
Page 797: Understanding Etherchannels
Port Aggregation Protocol, page 37-5 • Link Aggregation Control Protocol, page 37-6 EtherChannel On Mode, page 37-7 • • Load-Balancing and Forwarding Methods, page 37-7 EtherChannel and Switch Stacks, page 37-9 • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-1 OL-12247-01...
Page 798: C H A P T E R 37 Configuring Etherchannels And Link-State Tracking
EtherChannel, and the failed link. Inbound broadcast and multicast packets on one link in an EtherChannel are blocked from returning on any other link of the EtherChannel. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-2...
Page 799 Switch 2 group 2 Switch 3 Figure 37-3 Cross-Stack EtherChannel Blade switch stack Switch 1 StackWise Plus port connections Switch A Switch 2 Channel group 1 Switch 3 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-3 OL-12247-01...
Page 800: Port-Channel Interfaces
To change the parameters of all ports in an EtherChannel, apply configuration commands to the port-channel interface, for example, spanning-tree commands or commands to configure a Layer 2 EtherChannel as a trunk. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-4 OL-12247-01...
Page 801: Port Aggregation Protocol
Understanding EtherChannels Port Aggregation Protocol The Port Aggregation Protocol (PAgP) is a Cisco-proprietary protocol that can be run only on Cisco switches and on those switches licensed by vendors to support PAgP. PAgP facilitates the automatic creation of EtherChannels by exchanging PAgP packets between Ethernet ports. You can use PAgP only in single-switch EtherChannel configurations;...
Page 802: Pagp Interaction With Other Features
Link Aggregation Control Protocol The LACP is defined in IEEE 802.3ad and enables Cisco switches to manage Ethernet channels between switches that conform to the IEEE 802.3ad protocol. LACP facilitates the automatic creation of EtherChannels by exchanging LACP packets between Ethernet ports.
Page 803: Lacp Interaction With Other Features
Therefore, to provide load-balancing, packets from different hosts use different ports in the channel, but packets from the same host use the same port in the channel. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-7 OL-12247-01...
Page 804 MAC address, using the destination-MAC address always chooses the same link in the channel. Using source addresses or IP addresses might result in better load-balancing. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-8...
Page 805: Etherchannel And Switch Stacks
STP reconvergence. Use the stack-mac persistent timer command to control whether or not the stack MAC address changes during a master failover. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-9 OL-12247-01...
Page 806: Configuring Etherchannels
32768. LACP system ID LACP system priority and the switch MAC address. Load-balancing Load distribution on the switch is based on the source-MAC address of the incoming packet. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-10 OL-12247-01...
Page 807: Etherchannel Configuration Guidelines
If you configure an EtherChannel from trunk ports, verify that the trunking mode (ISL or – IEEE 802.1Q) is the same on all the trunks. Inconsistent trunk modes on EtherChannel ports can have unexpected results. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-11 OL-12247-01...
Page 808: Configuring Layer 2 Etherchannels
If you configure the port as a static-access port, assign it to only one VLAN. The range is 1 to 4094. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-12 OL-12247-01...
Page 809 Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. To remove a port from the EtherChannel group, use the no channel-group interface configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-13 OL-12247-01...
Page 810: Configuring Layer 3 Etherchannels
To move an IP address from a physical port to an EtherChannel, you must delete the IP address from the Note physical port before configuring it on the port-channel interface. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-14 OL-12247-01...
Page 811: Configuring The Physical Interfaces
Step 3 no ip address Ensure that there is no IP address assigned to the physical port. Step 4 no switchport Put the port into Layer 3 mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-15 OL-12247-01...
Page 812 37-6. Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-16 OL-12247-01...
Page 813: Configuring Etherchannel Load-Balancing
• src-ip—Load distribution is based on the source-host IP address. • src-mac—Load distribution is based on the source-MAC address of the incoming packet. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-17 OL-12247-01...
Page 814: Configuring The Pagp Learn Method And Priority
Catalyst 1900 switch using the same port in the EtherChannel from which it learned the source address. Only use the pagp learn-method command in this situation. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-18...
Page 815: Configuring Lacp Hot-Standby Ports
16 ports. Only eight LACP links can be active at one time. The software places any additional links in a hot-standby mode. If one of the active links becomes inactive, a link that is in the hot-standby mode becomes active in its place. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-19 OL-12247-01...
Page 816: Configuring The Lacp System Priority
(Optional) Save your entries in the configuration file. To return the LACP system priority to the default value, use the no lacp system-priority global configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-20 OL-12247-01...
Page 817: Configuring The Lacp Port Priority
(Optional) Save your entries in the configuration file. To return the LACP port priority to the default value, use the no lacp port-priority interface configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-21 OL-12247-01...
Page 818: Displaying Etherchannel, Pagp, And Lacp Status
Interfaces connected to servers are referred to as downstream interfaces, and interfaces connected to distribution switches and network devices are referred to as upstream interfaces. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-22 OL-12247-01...
Page 819 Traffic from half of the active Ethernet interfaces flows through blade switch 1 to distribution • switch 1. Traffic from the remaining active Ethernet interfaces flows through blade switch 2 to distribution • switch 2. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-23 OL-12247-01...
Page 820: Configuring Link-State Tracking
Do not configure a cross-connect interface (gigabitethernetn/0/17 or gigabitethernetn/0/18, where n • is the stack member number from 1 to 9) as a member of a link-state group. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-24 OL-12247-01...
Page 821: Configuring Link-State Tracking
If the interfaces are part of an EtherChannel, you must specify the port channel name as part of the link-state group, not the individual port members. To disable a link-state group, use the no link state track number global configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-25 OL-12247-01...
Page 822: Displaying Link-State Tracking Status
: Po1(Up) Downstream Interfaces : Gi0/3(Up) Gi0/4(Up) (Up):Interface up (Dwn):Interface Down (Dis):Interface disabled For detailed information about the fields in the display, see the command reference for this release. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 37-26 OL-12247-01...
Page 823: Configuring Ip Unicast Routing
For information about configuring IPv6 on the switch, see Chapter 39, “Configuring IPv6 Unicast Routing.” For more detailed IP unicast configuration information, see the Cisco IOS IP Configuration Guide, Release 12.2. For complete syntax and usage information for the commands used in this chapter, see these command references: •...
Page 824: Understanding Ip Routing
Routers and Layer 3 switches can route packets in three different ways: • By using default routing • By using preprogrammed static routes for the traffic By dynamically calculating routes by using a routing protocol • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-2 OL-12247-01...
Page 825: Chapter 38 Configuring Ip Unicast Routing
It processes routing protocol messages and updates received from peer routers. • It generates, maintains, and distributes the distributed Cisco Express Forwarding (dCEF) database to all stack members. The routes are programmed on all switches in the stack bases on this database.
Page 826 (BGP). If the stack master fails and the new elected stack master is running the IP base feature set, these protocols will no longer run in the stack. Caution Partitioning of the switch stack into two or more stacks might lead to undesirable behavior in the network. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-4 OL-12247-01...
Page 827: Steps For Configuring Routing
Steps for Configuring Routing By default, IP routing is disabled on the switch, and you must enable it before routing can take place. For detailed IP routing configuration information, see the Cisco IOS IP Configuration Guide, Release 12.2 In the following procedures, the specified interface must be one of these Layer 3 interfaces: •...
Page 828: Default Addressing Configuration
Maximum interval between advertisements: 600 seconds. • Minimum interval between advertisements: 0.75 times max interval • • Preference: 0. IP proxy ARP Enabled. IP routing Disabled. IP subnet-zero Disabled. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-6 OL-12247-01...
Page 829: Assigning Ip Addresses To Network Interfaces
(Optional) Save your entry in the configuration file. Use the no ip subnet-zero global configuration command to restore the default and disable the use of subnet zero. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-7 OL-12247-01...
Page 830: Classless Routing
38-3, the router in network 128.20.0.0 is connected to subnets 128.20.1.0, 128.20.2.0, and 128.20.3.0. If the host sends a packet to 120.20.4.1, because there is no network default route, the router discards the packet. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-8 OL-12247-01...
Page 831: Configuring Address Resolution Methods
MAC address from an IP address is called address resolution. The process of learning the IP address from the MAC address is called reverse address resolution. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-9 OL-12247-01...
Page 832: Define A Static Arp Cache
RARP requires a RARP server on the same network segment as the router interface. Use the ip rarp-server address interface configuration command to identify the server. For more information on RARP, see the Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.2.
Page 833: Set Arp Encapsulation
(Optional) Save your entries in the configuration file. To disable an encapsulation type, use the no arp arpa or no arp snap interface configuration command. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-11 OL-12247-01...
Page 834: Enable Proxy Arp
A limitation of this method is that there is no means of detecting when the default router has gone down or is unavailable. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-12...
Page 835: Icmp Router Discovery Protocol (Irdp)
It must be greater than maxadvertinterval and cannot be greater than 9000 seconds. If you change the maxadvertinterval value, this value also changes. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-13 OL-12247-01...
Page 836: Configuring Broadcast Packet Handling
Enabling Directed Broadcast-to-Physical Broadcast Translation, page 38-15 • Forwarding UDP Broadcast Packets and Protocols, page 38-16 Establishing an IP Broadcast Address, page 38-17 • Flooding IP Broadcasts, page 38-17 • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-14 OL-12247-01...
Page 837: Enabling Directed Broadcast-To-Physical Broadcast Translation
Use the no ip directed-broadcast interface configuration command to disable translation of directed broadcast to physical broadcasts. Use the no ip forward-protocol global configuration command to remove a protocol or port. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-15 OL-12247-01...
Page 838: Forwarding Udp Broadcast Packets And Protocols
By default, both UDP and ND forwarding are enabled if a helper address has been defined for an interface. The description for the ip forward-protocol interface configuration command in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2 lists the ports that are forwarded by default if you do not specify any UDP ports.
Page 839: Establishing An Ip Broadcast Address
When a flooded UDP datagram is sent out an interface (and the destination address possibly changed), the datagram is handed to the normal IP output routines and is, therefore, subject to access lists, if they are present on the output interface. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-17 OL-12247-01...
Page 840: Monitoring And Maintaining Ip Addressing
You can display specific statistics, such as the contents of IP routing tables, caches, and databases; the reachability of nodes; and the routing path that packets are taking through the network. Table 38-3 lists the privileged EXEC commands for displaying IP statistics. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-18 OL-12247-01...
Page 841: Enabling Ip Unicast Routing
(RIP) router configuration command. For information on specific protocols, see sections later in this chapter and to the Cisco IOS IP Configuration Guide, Release 12.2. The IP base feature set supports only RIP as a routing Note protocol.
Page 842: Configuring Rip
Protocol (UDP) data packets to exchange routing information. The protocol is documented in RFC 1058. You can find detailed information about RIP in IP Routing Fundamentals, published by Cisco Press. RIP is the only routing protocol supported by the IP base feature set; other routing protocols require the Note switch or stack master to be running the IP services feature set.
Page 843: Default Rip Configuration
Step 2 ip routing Enable IP routing. (Required only if IP routing is disabled.) Step 3 router rip Enable a RIP routing process, and enter router configuration mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-21 OL-12247-01...
Page 844 Step 12 Return to privileged EXEC mode. Step 13 show ip protocols Verify your entries. Step 14 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-22 OL-12247-01...
Page 845: Configuring Rip Authentication
This feature usually optimizes communication among multiple routers, especially when links are broken. In general, disabling split horizon is not recommended unless you are certain that your application Note requires it to properly advertise routes. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-23 OL-12247-01...
Page 846 Switch(config-if)# ip address 10.1.5.1 255.255.255.0 Switch(config-if)# ip summary-address rip 10.2.0.0 255.255.0.0 Switch(config-if)# no ip split-horizon Switch(config-if)# exit Switch(config)# router rip Switch(config-router)# network 10.0.0.0 Switch(config-router)# neighbor 2.2.2.2 peer-group mygroup Switch(config-router)# end Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-24 OL-12247-01...
Page 847: Configuring Split Horizon
This section briefly describes how to configure Open Shortest Path First (OSPF). For a complete description of the OSPF commands, see the “OSPF Commands” chapter of the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2.
Page 848: Default Ospf Configuration
Monitoring OSPF, page 38-36 Note To enable OSPF, the switch or stack master must be running the IP services feature set. Default OSPF Configuration Table 38-5 shows the default OSPF configuration. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-26 OL-12247-01...
Page 849 NSF-capable router during hardware or software changes. NSF capability Disabled. Note The switch stack supports OSPF NSF-capable routing for IPv4. Router ID No OSPF routing process defined. Summary address Disabled. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-27 OL-12247-01...
Page 850: Ospf Nonstop Forwarding
RP is manually reloaded for a non-disruptive software upgrade. This feature cannot be disabled. For more information on this feature, see the “OSPF Nonstop Forwarding (NSF) Awareness” section of the Cisco IOS IP Routing Protocols Configuration Guide, Release 12.4 at this URL: http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804557...
Page 851: Configuring Basic Ospf Parameters
Use the nsf OSPF routing configuration command to enable OSPF NSF routing. Use the show ip ospf privileged EXEC command to verify that it is enabled. For more information about this feature, see the Cisco Nonstop Forwarding Feature Overview at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00800ab7fc.
Page 852: Configuring Ospf Interfaces
Step 10 ip ospf message digest-key keyid md5 key (Optional) Enable MDS authentication. keyid—An identifier from 1 to 255. • key—An alphanumeric password of up to 16 bytes. • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-30 OL-12247-01...
Page 853: Configuring Ospf Area Parameters
The identifier can be either a decimal value or an IP address. Step 4 area area-id authentication message-digest (Optional) Enable MD5 authentication on the area. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-31 OL-12247-01...
Page 854: Configuring Other Ospf Parameters
Domain Name Server (DNS) names for use in all OSPF show privileged EXEC command displays • makes it easier to identify a router than displaying it by router ID or neighbor ID. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-32 OL-12247-01...
Page 855 Log neighbor changes: You can configure the router to send a syslog message when an OSPF • neighbor state changes, providing a high-level view of changes in the router. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-33 OL-12247-01...
Page 856 For some of the keyword options, see the “Monitoring OSPF” section on page 38-36. Step 14 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-34 OL-12247-01...
Page 857: Changing Lsa Group Pacing
Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no interface loopback 0 global configuration command to disable the loopback interface. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-35 OL-12247-01...
Page 858: Monitoring Ospf
Display OSPF-related virtual links information. Configuring EIGRP Enhanced IGRP (EIGRP) is a Cisco proprietary enhanced version of the IGRP. EIGRP uses the same distance vector algorithm and distance information as IGRP; however, the convergence properties and the operating efficiency of EIGRP are significantly improved.
Page 859 Neighbor discovery and recovery is achieved with low overhead by periodically sending small hello packets. As long as hello packets are received, the Cisco IOS software can learn that a neighbor is alive and functioning. When this status is determined, the neighboring routers can exchange routing information.
Page 860: Default Eigrp Configuration
IP split-horizon Enabled. IP summary address No summary aggregate addresses are predefined. Metric weights tos: 0; k1 and k3: 1; k2, k4, and k5: 0 Network None specified. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-38 OL-12247-01...
Page 861: Eigrp Nonstop Forwarding
RP is manually reloaded for a nondisruptive software upgrade. This feature cannot be disabled. For more information on this feature, see the “EIGRP Nonstop Forwarding (NSF) Awareness” section of the Cisco IOS IP Routing Protocols Configuration Guide, Release 12.4 at this URL: http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804529...
Page 862: Configuring Basic Eigrp Parameters
Associate networks with an EIGRP routing process. EIGRP sends updates to the interfaces in the specified networks. Step 5 eigrp log-neighbor-changes (Optional) Enable logging of EIGRP neighbor changes to monitor routing system stability. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-40 OL-12247-01...
Page 863: Configuring Eigrp Interfaces
EIGRP on an interface. The default is 50 percent. Step 4 ip summary-address eigrp (Optional) Configure a summary aggregate address for a autonomous-system-number address mask specified interface (not usually necessary if auto-summary is enabled). Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-41 OL-12247-01...
Page 864: Configuring Eigrp Route Authentication
Match the name configured in Step 4. Step 7 key number In key-chain configuration mode, identify the key number. Step 8 key-string text In key-chain key configuration mode, identify the key string. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-42 OL-12247-01...
Page 865: Eigrp Stub Routing
WAN. Switch B advertises connected, static, redistribution, and summary routes to switch A and C. Switch B does not advertise any routes learned from switch A (and the reverse). Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-43...
Page 866: Monitoring And Maintaining Eigrp
You can delete neighbors from the neighbor table. You can also display various EIGRP routing statistics. Table 38-8 lists the privileged EXEC commands for deleting neighbors and displaying statistics. For explanations of fields in the resulting display, see the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2. Table 38-8...
Page 867 Configuring IP Unicast Routing Configuring BGP For details about BGP commands and keywords, see the “IP Routing Protocols” part of the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2. For a list of BGP commands that are visible but not supported by the switch, see Appendix C, “Unsupported Commands in...
Page 868: Default Bgp Configuration
AS-level policy decisions. A router or switch running Cisco IOS does not select or use an IBGP route unless it has a route available to the next-hop router and it has received synchronization from an IGP (unless IGP synchronization is disabled).
Page 869 Always compare: Disabled. Does not compare MEDs for paths from neighbors in • different autonomous systems. Best path compare: Disabled. • MED missing as worst path: Disabled. • Deterministic MED comparison is disabled. • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-47 OL-12247-01...
Page 870: Nonstop Forwarding Awareness
BGP routing, you need to enable Graceful Restart. When the neighboring router is NSF-capable, and this feature is enabled, the Layer 3 switch continues to forward packets from the Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-48...
Page 871: Enabling Bgp Routing
RP taking over, or while the primary RP is manually reloaded for a nondisruptive software upgrade. For more information, see the “BGP Nonstop Forwarding (NSF) Awareness” section of the Cisco IOS IP Routing Protocols Configuration Guide, Release 12.4 at this URL: http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804556...
Page 872 These examples show how to configure BGP on the routers in Figure 38-5. Router A: Switch(config)# router bgp 100 Switch(config-router)# neighbor 129.213.1.1 remote-as 200 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-50 OL-12247-01...
Page 873: Managing Routing Policy Changes
BGP sessions so that the configuration changes take effect. There are two types of reset, hard reset and soft reset. Cisco IOS Releases 12.1 and later support a soft reset without any prior configuration. To use a soft reset without preconfiguration, both BGP peers must...
Page 874 Enter a peer group name to reset the peer group. Step 4 show ip bgp Verify the reset by checking information about the routing table and about BGP show ip bgp neighbors neighbors. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-52 OL-12247-01...
Page 875: Configuring Bgp Decision Attributes
Prefer the path with the largest weight (a Cisco proprietary parameter). The weight attribute is local to the router and not propagated in routing updates. By default, the weight attribute is 32768 for paths that the router originates and zero for other paths.
Page 876 (Although the switch software allows a maximum of 32 equal-cost routes, the switch hardware will never use more than 16 paths per route.) Step 13 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-54 OL-12247-01...
Page 877: Configuring Bgp Filtering With Route Maps
Only the routes that pass the route map are sent or accepted in updates. On both inbound and outbound updates, matching is supported based on AS Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-55...
Page 878 BGP autonomous system paths. Each filter is an access list based on regular expressions. (See the “Regular Expressions” appendix in the Cisco IOS Dial Technologies Command Reference, Release 12.2 for more information on forming regular expressions.) To use this method, define an autonomous system path access list, and apply it to updates to and from particular neighbors.
Page 879: Configuring Prefix Lists For Bgp Filtering
To delete an entry from a prefix list, use the no ip prefix-list seq seq-value global configuration command. To disable automatic generation of sequence numbers, use the no ip prefix-list Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-57...
Page 880: Configuring Bgp Community Filtering
Enter BGP router configuration mode. Step 4 neighbor {ip-address | peer-group name} Specify that the COMMUNITIES attribute be sent to the neighbor at send-community this IP address. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-58 OL-12247-01...
Page 881: Configuring Bgp Neighbors And Peer Groups
(Optional) Display and parse BGP communities in the format AA:NN. A BGP community is displayed in a two-part format 2 bytes long. The Cisco default community format is in the format NNAA. In the most recent RFC for BGP, a community takes the form AA:NN, where the first part is the AS number and the second part is a 2-byte number.
Page 882 {in | out | weight weight} Step 22 neighbor {ip-address | peer-group-name} (Optional) Specify the BGP version to use when communicating version value with a neighbor. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-60 OL-12247-01...
Page 883: Configuring Aggregate Addresses
Return to privileged EXEC mode. Step 10 show ip bgp neighbors [advertised-routes] Verify the configuration. Step 11 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-61 OL-12247-01...
Page 884: Configuring Routing Domain Confederations
The nonclient peers must be fully meshed with each other, but the client peers need not be fully meshed. The clients in the cluster do not communicate with IBGP speakers outside their cluster. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-62 OL-12247-01...
Page 885: Configuring Route Dampening
Dampening is not applied to routes that are learned by IBGP. This policy prevents the IBGP peers from having a higher penalty for routes external to the AS. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-63 OL-12247-01...
Page 886: Monitoring And Maintaining Bgp
Table 38-8 lists the privileged EXEC commands for clearing and displaying BGP. For explanations of the display fields, see the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2. Table 38-11 IP BGP Clear and Show Commands...
Page 887: Configuring Multi-Vrf Ce
Multi-VRF CE allows a service provider to support two or more VPNs with overlapping IP addresses. The switch does not use Multiprotocol Label Switching (MPLS) to support VPNs. For information about Note MPLS VRF, see the Cisco IOS Switching Services Configuration Guide, Release 12.2. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-65...
Page 888: Understanding Multi-Vrf Ce
Multi-VRF CE extends limited PE functionality to a CE device, giving it the ability to maintain separate VRF tables to extend the privacy and security of a VPN to the branch office. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-66 OL-12247-01...
Page 889 When a CE receives a packet from an egress PE, it uses the input policy label to look up the correct • VPN routing table. If a route is found, it forwards the packet within the VPN. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-67 OL-12247-01...
Page 890: Default Multi-Vrf Ce Configuration
The switch supports configuring VRF by using physical ports, VLAN SVIs, or a combination of both. The SVIs can be connected through an access port or a trunk port. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-68...
Page 891: Configuring Vrfs
VRF, and enter interface configuration mode. The interface can be a routed port or SVI. Step 8 ip vrf forwarding vrf-name Associate the VRF with the Layer 3 interface. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-69 OL-12247-01...
Page 892: Configuring Vrf-Aware Services
VRF in the system can be specified for a VRF-aware service. VRF-Aware services are implemented in platform-independent modules. VRF means multiple routing instances in Cisco IOS. Each platform has its own limit on the number of VRFs it supports. VRF-aware services have the following characteristics: •...
Page 893: User Interface For Ping
Beginning in privileged EXEC mode, follow these steps to configure VRF-aware services for ping. For complete syntax and usage information for the commands, refer to the switch command reference for this release and the Cisco IOS Switching Services Command Reference, Release 12.2. Command...
Page 894: User Interface For Urpf
Beginning in privileged EXEC mode, follow these steps to configure VRF-aware services for Syslog. For complete syntax and usage information for the commands, refer to the switch command reference for this release and the Cisco IOS Switching Services Command Reference, Release 12.2. Command...
Page 895: User Interface For Traceroute
Beginning in privileged EXEC mode, follow these steps to configure VRF-aware services for traceroute. For complete syntax and usage information for the commands, refer to the switch command reference for this release and the Cisco IOS Switching Services Command Reference, Release 12.2. Command...
Page 896: Configuring Multicast Vrfs
Step 14 copy running-config startup-config (Optional) Save your entries in the configuration file. For more information about configuring a multicast within a Multi-VRF CE, see the Cisco IOS IP Multicast Configuration Guide, Release 12.4. Configuring a VPN Routing Session Routing within the VPN can be configured with any supported routing protocol (RIP, OSPF, EIGRP, or BGP) or with static routing.
Page 897: Configuring Bgp Pe To Ce Routing Sessions
Return to privileged EXEC mode. Step 10 show ip bgp [ipv4] [neighbors] Verify BGP configuration. Step 11 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-75 OL-12247-01...
Page 898: Multi-Vrf Ce Configuration Example
Switch J VPN2 Gigabit Switch F Ethernet 118.0.0.0 Fast Ethernet Global network Switch K Global network Switch G 168.0.0.0 Fast Ethernet CE = Customer-edge device PE = Provider-edge device Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-76 OL-12247-01...
Page 899 Switch(config)# interface vlan10 Switch(config-if)# ip vrf forwarding v11 Switch(config-if)# ip address 38.0.0.8 255.255.255.0 Switch(config-if)# exit Switch(config)# interface vlan20 Switch(config-if)# ip vrf forwarding v12 Switch(config-if)# ip address 83.0.0.8 255.255.255.0 Switch(config-if)# exit Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-77 OL-12247-01...
Page 900 Switch(config)# ip routing Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# no switchport Switch(config-if)# ip address 208.0.0.20 255.255.255.0 Switch(config-if)# exit Switch(config)# router ospf 101 Switch(config-router)# network 208.0.0.0 0.0.0.255 area 0 Switch(config-router)# end Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-78 OL-12247-01...
Page 901 Router(config-if)# ip vrf forwarding v1 Router(config-if)# ip address 38.0.0.3 255.255.255.0 Router(config-if)# exit Router(config)# interface gigabitethernet1/1/0.20 Router(config-if)# encapsulation dot1q 20 Router(config-if)# ip vrf forwarding v2 Router(config-if)# ip address 83.0.0.3 255.255.255.0 Router(config-if)# exit Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-79 OL-12247-01...
Page 902: Displaying Multi-Vrf Ce Status
[brief | detail | interfaces] [vrf-name] Display information about the defined VRF instances. For more information about the information in the displays, see the Cisco IOS Switching Services Command Reference, Release 12.2. Configuring Unicast Reverse Path Forwarding...
Page 903: Configuring Protocol-Independent Features
RIP. For a complete description of the IP routing protocol-independent commands in this chapter, see the “IP Routing Protocol-Independent Commands” chapter of the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2.
Page 904: Configuring The Number Of Equal-Cost Routing Paths
Parallel paths provide redundancy in case of a circuit failure and also enable a router to load balance packets over the available paths for more efficient use of available bandwidth. Equal-cost routes are supported across switches in a stack. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-82 OL-12247-01...
Page 905: Configuring Static Unicast Routes
38-14. If you want a static route to be overridden by information from a dynamic routing protocol, set the administrative distance of the static route higher than that of the dynamic protocol. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-83 OL-12247-01...
Page 906: Specifying Default Routes And Networks
Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ip default-network network number Specify a default network. Step 3 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-84 OL-12247-01...
Page 907: Using Route Maps To Redistribute Routing Information
The system periodically scans its routing table to choose the optimal default network as its default route. In IGRP networks, there might be several candidate networks for the system default. Cisco routers use administrative distance and metric information to set the default route or the gateway of last resort.
Page 908 BGP routes. • internal—OSPF intra-area and interarea routes or • EIGRP internal routes. external—OSPF external routes (Type 1 or Type 2) • or EIGRP external routes. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-86 OL-12247-01...
Page 909 To delete an entry, use the no route-map map tag global configuration command or the no match or no set route-map configuration commands. You can distribute routes from one routing domain into another and control route distribution. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-87 OL-12247-01...
Page 910: Configuring Policy-Based Routing
For example, you could transfer stock records to a corporate office on a high-bandwidth, high-cost link for a short time while transmitting routine application data such as e-mail over a low-bandwidth, low-cost link. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-88 OL-12247-01...
Page 911: Pbr Configuration Guidelines
For details about PBR commands and keywords, see the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2. For a list of PBR commands that are visible but not supported by the switch, see Appendix C, “Unsupported Commands in Cisco IOS Release 12.2(40)EX.”...
Page 912: Enabling Pbr
PBR on the switch, all packets that originate on the switch are subject to local PBR. Local PBR is disabled by default. Note To enable PBR, the switch or stack master must be running the IP services feature set. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-90 OL-12247-01...
Page 913 (Optional) Enable local PBR to perform policy-based routing on packets originating at the switch. This applies to packets generated by the switch and not to incoming packets. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-91 OL-12247-01...
Page 914: Filtering Routing Information
(Optional) Activate only those interfaces that need to have adjacencies sent. Step 6 network network-address (Optional) Specify the list of networks for the routing process. The network-address is an IP address. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-92 OL-12247-01...
Page 915: Controlling Advertising And Processing In Routing Updates
In a large network, some routing protocols can be more reliable than others. By specifying administrative distance values, you enable the Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-93...
Page 916: Managing Authentication Keys
The software examines the key numbers in order from lowest to highest, and uses the first valid key it encounters. The lifetimes allow for overlap during key changes. Note that the router must know these lifetimes. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-94 OL-12247-01...
Page 917: Monitoring And Maintaining The Ip Network
[address [mask] [longer-prefixes]] | Display the current state of the routing table. [protocol [process-id]] show ip route summary Display the current state of the routing table in summary form. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-95 OL-12247-01...
Page 918 Display supernets. show ip cache Display the routing table used to switch IP traffic. show route-map [map-name] Display all route maps configured or only the one specified. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 38-96 OL-12247-01...
Page 919: Understanding Ipv6
39-11. Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Note documentation referenced in the procedures This chapter consists of these sections: “Understanding IPv6”...
Page 920: C H A P T E R 39 Configuring Ipv6 Unicast Routing
Routing optimized for mobile devices • • Duplicate Address Detection (DAD) feature For information about how Cisco Systems implements IPv6, go to this URL: http://www.cisco.com//warp/public/732/Tech/ipv6/ This section describes IPv6 implementation on the switch. These sections are included: • IPv6 Addresses, page 39-2 Supported IPv6 Unicast Routing Features, page 39-3 •...
Page 921: Supported Ipv6 Unicast Routing Features
Configuring IPv6 Unicast Routing Understanding IPv6 For more information about IPv6 address formats, address types, and the IPv6 packet header, go to “Implementing Basic Connectivity for IPv6” chapter of the Cisco IOS IPv6 Configuration Library at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_configuration_guide_chapter0918 6a00801d65f5.html In the “Information About Implementing Basic Connectivity for IPv6”...
Page 922: Dns For Ipv6
IPv6 routers do not forward packets with link-local source or destination addresses to other links. See the “IPv6 Address Type: Unicast” section in the “Implementing Basic Connectivity for IPv6” chapter in the Cisco IOS IPv6 Configuration Library at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_configuration_guide_chapter0918 6a00801d65f5.html Each IPv6 host interface can support up to three addresses in hardware (one aggregatable global unicast address, one link-local unicast address, and zero or more privacy addresses).
Page 923: Ipv6 Applications
New and upgraded applications can use both IPv4 and IPv6 protocol stacks. The Cisco IOS software supports the dual IPv4 and IPv6 protocol stack technique. When both IPv4 and IPv6 routing are enabled and an interface is configured with both an IPv4 and IPv6 address, the interface forwards both IPv4 and IPv6 traffic.
Page 924: Eigrp Ipv6
IPv6 nodes and therefore might not have an available IPv4 router ID. You can use the show ipv6 eigrp command to see whether a router ID has been configured, and you can use the router-id command to set an explicit router ID. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 39-6 OL-12247-01...
Page 925 Configures a summary aggregate address for a specified interface. [admin-distance] For more complete syntax and usage information on these commands, see the Cisco IOS command references. Table 39-2 shows the supported router configuration commands for EIGRP IPv6 on the switch.
Page 926 Adjusts routing wait time. variance multiplier Controls load balancing in an internetwork based on EIGRP. For more complete syntax and usage information on these commands, see the Cisco IOS command references. EIPRP IPv6 supports the existing protocol-independent debug and show commands.
Page 927: Unsupported Ipv6 Unicast Routing Features
Chapter 39 Configuring IPv6 Unicast Routing Understanding IPv6 For complete syntax and usage information on these commands, see the Cisco IOS command references. Unsupported IPv6 Unicast Routing Features The switch does not support these IPv6 features in this release: •...
Page 928: Ipv6 And Switch Stacks
IPv6 host functionality and IPv6 applications • Stack member (must be running the advanced IP services feature set): receives CEFv6 routing tables from the stack master – – programs the routes into hardware Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 39-10 OL-12247-01...
Page 929: Sdm Templates
Dual IPv4 and IPv6 routing template—supports Layer 2, multicast, routing (including policy-based routing), QoS, and ACLs for IPv4; and Layer 2, routing, and ACLs for IPv6 on the switch. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 39-11...
Page 930: Configuring Ipv6
Configuring CEF and dCEF for IPv6, page 39-17 Configuring Static Routing for IPv6, page 39-18 • Configuring RIP for IPv6, page 39-20 • Configuring OSPF for IPv6, page 39-22 • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 39-12 OL-12247-01...
Page 931: Default Ipv6 Configuration
Before configuring IPv6 on the switch, be sure to select a dual IPv4 and IPv6 SDM template. Note For more information about configuring IPv6 routing, see the “Implementing Basic Connectivity for IPv6” chapter in the Cisco IOS IPv6 Configuration Library at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_configuration_guide_chapter0918 6a00801d65f5.html Not all features discussed in this chapter are supported by the switch.
Page 932 To remove an IPv6 address from an interface, use the no ipv6 address ipv6-prefix/prefix length eui-64 or no ipv6 address ipv6-address link-local interface configuration command. To remove all manually configured IPv6 addresses from an interface, use the no ipv6 address interface configuration command Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 39-14 OL-12247-01...
Page 933: Configuring Ipv4 And Ipv6 Protocol Stacks
Enter global configuration mode. Step 2 ip routing Enable routing on the switch. Step 3 ipv6 unicast-routing Enable forwarding of IPv6 data packets on the switch. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 39-15 OL-12247-01...
Page 934 Switch(config)# sdm prefer dual-ipv4-and-ipv6 default Switch(config)# ip routing Switch(config)# ipv6 unicast-routing Switch(config)# interface gigabitethernet1/0/11 Switch(config-if)# no switchport Switch(config-if)# ip address 192.168.99.1 244.244.244.0 Switch(config-if)# ipv6 address 2001:0DB8:c18:1::/64 eui 64 Switch(config-if)# end Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 39-16 OL-12247-01...
Page 935: Configuring Ipv6 Icmp Rate Limiting
Switch(config)#ipv6 icmp error-interval 50 20 Configuring CEF and dCEF for IPv6 Cisco Express Forwarding (CEF) is a Layer 3 IP switching technology used to optimize network performance. CEF implements an advanced IP look-up and forwarding algorithm to deliver maximum Layer 3 switching performance. It is less CPU-intensive than fast-switching route-caching, allowing more CPU processing power to be dedicated to packet forwarding.
Page 936: Configuring Static Routing For Ipv6
IPv6 packets by using the ipv6 unicast-routing global configuration command, and enable IPv6 on at least one Layer 3 interface by configuring an IPv6 address on the interface. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 39-18 OL-12247-01...
Page 937 To configure a floating static route, use an administrative distance greater than that of the dynamic routing protocol. Step 3 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 39-19 OL-12247-01...
Page 938: Configuring Rip For Ipv6
130: Switch(config)# ipv6 route 2001:0DB8::/32 gigabitethernet2/0/1 130 For more information about configuring static IPv6 routing, see the “Implementing Static Routes for IPv6” chapter in the Cisco IOS IPv6 Configuration Library at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_configuration_guide_chapter0918 6a00801d7f7d.htmll Configuring RIP for IPv6 Routing Information Protocol (RIP) for IPv6 is a distance-vector protocol that uses hop count as a routing metric.
Page 939 RIP routing process for an interface, use the no ipv6 rip name interface configuration command. This example shows how to enable the RIP routing process cisco, with a maximum of eight equal-cost routes and enable it on an interface:...
Page 940: Configuring Ospf For Ipv6
IPv6 packets by using the ipv6 unicast-routing global configuration command, and enable IPv6 on Layer 3 interfaces on which you are enabling IPv6 OSPF. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 39-22...
Page 941 Display information about OSPF interfaces. [interface-id] show ipv6 ospf [process-id] [area-id] Display general information about OSPF routing processes. Step 10 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 39-23 OL-12247-01...
Page 942: Displaying Ipv6
To disable the OSPF routing process for an interface, use the no ipv6 ospf process-id area area-id interface configuration command. For more information about configuring OSPF routing for IPv6, see the “Implementing OSPF for IPv6” chapter in the Cisco IOS IPv6 Configuration Library at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_configuration_guide_chapter0918 6a00801d660d.html...
Page 943 Holddown lasts 0 seconds, garbage collect after 120 Split horizon is on; poison reverse is off Default routes are not generated Periodic updates 9040, trigger updates 60 Interfaces: Vlan6 GigabitEthernet2/0/4 GigabitEthernet2/0/11 GigabitEthernet1/0/12 Redistribution: None Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 39-25 OL-12247-01...
Page 944 0 fragmented into 0 fragments, 0 failed 0 encapsulation failed, 0 no route, 0 too big 0 RPF drops, 0 RPF suppressed drops Mcast: 1 received, 36861 sent Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 39-26 OL-12247-01...
Page 945 Rcvd: 0 input, 0 checksum errors, 0 length errors 0 no port, 0 dropped Sent: 26749 output TCP statistics: Rcvd: 0 input, 0 checksum errors Sent: 0 output, 0 retransmitted Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 39-27 OL-12247-01...
Page 946 Chapter 39 Configuring IPv6 Unicast Routing Displaying IPv6 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 39-28 OL-12247-01...
Page 947: Understanding Hsrp
Note For complete syntax and usage information for the commands used in this chapter, see the switch command reference for this release and the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2. This chapter consists of these sections: •...
Page 948: Chapter 40 Configuring Hsrp
B’s segment and also continues to perform its normal function of handling packets between the blade server A segment and blade server B. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 40-2...
Page 949: Multiple Hsrp
For MHSRP, you need to enter the standby preempt interface configuration command on the HSRP interfaces so that if a router fails and then comes back up, preemption occurs and restores load sharing Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 40-3...
Page 950: Hsrp And Switch Stacks
HSRP Configuration Guidelines, page 40-5 Enabling HSRP, page 40-5 • Configuring HSRP Priority, page 40-7 • Configuring MHSRP, page 40-9 • Configuring HSRP Authentication and Timers, page 40-9 • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 40-4 OL-12247-01...
Page 951: Default Hsrp Configuration
You must configure at least one routing port on the cable with the designated address. Configuring an IP address always overrides another designated address currently in use. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 40-5 OL-12247-01...
Page 952 This procedure is the minimum number of steps required to enable HSRP. Other configuration is optional. Switch# configure terminal Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# no switchport Switch(config-if)# standby 1 ip Switch(config-if)# end Switch# show standby Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 40-6 OL-12247-01...
Page 953: Configuring Hsrp Priority
Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Enter interface configuration mode, and enter the HSRP interface on which you want to set priority. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 40-7 OL-12247-01...
Page 954 [group-number] [priority priority] preempt [delay delay] interface configuration commands to restore default priority, preempt, and delay values. Use the no standby [group-number] track type number [interface-priority] interface configuration command to remove the tracking. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 40-8 OL-12247-01...
Page 955: Configuring Mhsrp
Switch(config-if)# standby 2 priority 110 Switch(config-if)# standby 2 preempt Switch(config-if)# end Configuring HSRP Authentication and Timers You can optionally configure an HSRP authentication string or change the hello-time interval and holdtime. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 40-9 OL-12247-01...
Page 956 This example shows how to configure word as the authentication string required to allow Hot Standby routers in group 1 to interoperate: Switch# configure terminal Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# no switchport Switch(config-if)# standby 1 authentication word Switch(config-if)# end Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 40-10 OL-12247-01...
Page 957: Enabling Hsrp Support For Icmp Redirect Messages
This feature filters outgoing ICMP redirect messages through HSRP, in which the next hop IP address might be changed to an HSRP virtual IP address. For more information, see the Cisco IOS IP Configuration Guide, Release 12.2.
Page 958 Next hello sent in 00:00:02.262 Hot standby IP address is 172.20.138.51 configured Active router is local Standby router is unknown expired Standby virtual mac address is 0000.0c07.ac64 Name is test Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 40-12 OL-12247-01...
Page 959: Understanding Cisco Ios Ip Slas
This chapter describes how to use Cisco IOS IP Service Level Agreements (SLAs) on the switch. Cisco IP SLAs is a part of Cisco IOS software that allows Cisco customers to analyze IP service levels for IP applications and services by using active traffic monitoring—the generation of traffic in a continuous, reliable, and predictable manner—for measuring network performance.
Page 960: C H A P T E R 41 Configuring Cisco Ios Ip Slas Operations
Virtual Private Network (VPN) routing/forwarding instance (VRF), and URL web address. Because Cisco IP SLAs is Layer 2 transport independent, you can configure end-to-end operations over disparate networks to best reflect the metrics that an end user is likely to experience. IP SLAs collects a...
Page 961: Using Cisco Ios Ip Slas To Measure Network Performance
Schedule the operation to run, then let the operation run for a period of time to gather statistics. Display and interpret the results of the operation using the Cisco IOS CLI or a network management system (NMS) system with SNMP.
Page 962: Ip Slas Responder And Ip Slas Control Protocol
Understanding Cisco IOS IP SLAs IP SLAs Responder and IP SLAs Control Protocol The IP SLAs responder is a component embedded in the destination Cisco device that allows the system to anticipate and respond to IP SLAs request packets. The responder provides accurate measurements without the need for dedicated probes.
Page 963: Ip Slas Operation Scheduling
IP SLAs operation or a group of operations at one time. You can schedule several IP SLAs operations by using a single command through the Cisco IOS CLI or the CISCO RTTMON-MIB. Scheduling the operations to run at evenly distributed times allows you to control the amount of IP SLAs monitoring traffic.
Page 964: Configuring Ip Slas Operations
Determining the type of threshold and the level to set can be complex, and depends on the type of IP service being used in the network. For more details on using thresholds with Cisco IOS IP SLAs operations, see the “IP SLAs—Proactive Threshold Monitoring” chapter of the Cisco IOS IP SLAs Configuration Guide at this URL: http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_book09186a0080707055...
Page 965 Type of Operation to Perform: pathEcho Type of Operation to Perform: pathJitter Type of Operation to Perform: tcpConnect Type of Operation to Perform: udpEcho IP SLAs low memory water mark: 21741224 Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 41-7 OL-12247-01...
Page 966: Configuring The Ip Slas Responder
The IP SLAs responder is available only on Cisco IOS software-based devices, including some Layer 2 switches that do not support full IP SLAs functionality, such as the Catalyst 2960 or the Cisco ME 2400 switch. Beginning in privileged EXEC mode, follow these steps to configure the IP SLAs responder on...
Page 967 Beginning in privileged EXEC mode, follow these steps to configure UDP jitter operation on the source device: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ip sla operation-number Create an IP SLAs operation, and enter IP SLAs configuration mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 41-9 OL-12247-01...
Page 968 The range is 0 to 2073600 seconds, the default is 0 seconds (never ages out). • (Optional) recurring—Set the operation to automatically run every day. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 41-10 OL-12247-01...
Page 969: Analyzing Ip Service Levels By Using The Icmp Echo Operation
Analyzing IP Service Levels by Using the ICMP Echo Operation The ICMP echo operation measures end-to-end response time between a Cisco device and any devices using IP. Response time is computed by measuring the time taken between sending an ICMP echo request message to the destination and receiving an ICMP echo reply.
Page 970 0 to 2073600 seconds; the default is 0 seconds (never ages out). (Optional) recurring—Set the operation to automatically run every day. • Step 7 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 41-12 OL-12247-01...
Page 971 Number of statistic distribution buckets kept: 1 Statistic distribution interval (milliseconds): 20 History Statistics: Number of history Lives kept: 0 Number of history Buckets kept: 15 History Filter Type: None Enhanced History: Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 41-13 OL-12247-01...
Page 972: Monitoring Ip Slas Operations
Display information about the IP SLAs responder. show ip sla statistics [entry-number | aggregated | details] Display current or aggregated operational status and statistics. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 41-14 OL-12247-01...
Page 973: Understanding Enhanced Object Tracking
A tracked list with a Boolean “OR” function needs only one object in the list to be in the up state for the tracked object to be up. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 42-1...
Page 974: C H A P T E R 42 Configuring Enhanced Object Tracking
IP packets. The object-number identifies the tracked object and can be from 1 to 500. • The interface interface-id is the interface being tracked. • Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 42-2 OL-12247-01...
Page 975: Configuring A Tracked List
Configuring a tracked list with a Boolean expression enables calculation by using either “AND” or “OR” operators. For example, when tracking two interfaces using the “AND” operator, up means that both interfaces are up, and down means that either interface is down. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 42-3 OL-12247-01...
Page 976: Configuring A Tracked List With A Weight Threshold
You cannot use the Boolean “NOT” operator in a weight threshold list. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 42-4...
Page 977: Configuring A Tracked List With A Percentage Threshold
The state of the list is determined by comparing the assigned percentage of each object to the list. You cannot use the Boolean “NOT” operator in a percentage threshold list. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 42-5 OL-12247-01...
Page 978 This example configures tracked list 4 with three objects and a specified percentages to measure the state of the list: Switch(config)# track 4 list threshold percentage Switch(config-track)# object 1 Switch(config-track)# object 2 Switch(config-track)# object 3 Switch(config-track)# threshold percentage up 51 down 10 Switch(config-track)# exit Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 42-6 OL-12247-01...
Page 979: Configuring Hsrp Object Tracking
(Optional) secondary—Specify that the IP address is a secondary hot • standby router interface. If this keyword is omitted, the configured address is the primary IP address. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 42-7 OL-12247-01...
Page 980: Configuring Other Tracking Characteristics
Use the show track privileged EXEC command to verify enhanced object tracking configuration. For more information about enhanced object tracking and the commands used to configure it, see this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00801541be. html Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 42-8 OL-12247-01...
Page 981: Configuring Ip Slas Object Tracking
Configuring Enhanced Object Tracking Features Configuring IP SLAs Object Tracking Cisco IOS IP Service Level Agreements (IP SLAs) is a network performance measurement and diagnostics tool that uses active monitoring by generating traffic to measure network performance. Cisco IP SLAs operations collects real-time metrics that you can use for network troubleshooting, design, and analysis.
Page 982: Monitoring Enhanced Object Tracking
[object-number] [brief] route Display information about tracked IP-route objects. show track resolution Display the resolution of tracked parameters. show track timers Display tracked polling interval timers. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 42-10 OL-12247-01...
Page 983 Chapter 42 Configuring Enhanced Object Tracking Monitoring Enhanced Object Tracking Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 42-11 OL-12247-01...
Page 984 Chapter 42 Configuring Enhanced Object Tracking Monitoring Enhanced Object Tracking Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 42-12 OL-12247-01...
Page 985: Understanding Wccp
WCCP This chapter describes how to configure your switch to redirect traffic to wide-area application engines (such as the Cisco Cache Engine 550) by using the Web Cache Communication Protocol (WCCP). This software release supports only WCCP version 2 (WCCPv2).
Page 986: Wccp Message Exchange
A stable view is established after the membership of the cluster remains the same for a certain amount of time. When a stable view is established, the application engine in the cluster with the lowest IP address is elected as the designated application engine. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 43-2 OL-12247-01...
Page 987: C H A P T E R 43 Configuring Web Cache Services By Using Wccp
(GRE), the switch receives the returned packet through a GRE tunnel that is configured in the application engine. The switch CPU uses Cisco express forwarding to send these packets to the target web server. If the return method is Layer 2 rewrite, the packets are forwarded in hardware to the target web server.
Page 988: Wccp And Switch Stacks
It distributes the WCCP information to any switch that joins the stack. It programs its hardware with the WCCP information it processes. • Stack members receive the WCCP information from the master switch and program their hardware. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 43-4 OL-12247-01...
Page 989: Unsupported Wccp Features
PBR: access, routing, and dual IPv4/v6 routing. When TCAM entries are not available to add WCCP entries, packets are not redirected and are • forwarded by using the standard routing tables. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 43-5 OL-12247-01...
Page 990: Enabling The Web Cache Service
This procedure shows how to configure these features on routed ports. To configure these features on SVIs, see the configuration examples that follow the procedure. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 43-6 OL-12247-01...
Page 991 Step 9 no switchport Enter Layer 3 mode. Step 10 ip address ip-address subnet-mask Configure the IP address and subnet mask. Step 11 no shutdown Enable the interface. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 43-7 OL-12247-01...
Page 992 Switch(config)# interface gigabitethernet1/0/4 Switch(config-if)# no switchport Switch(config-if)# ip address 175.20.40.30 255.255.255.0 Switch(config-if)# no shutdown Switch(config-if)# ip wccp web-cache redirect in Switch(config-if)# exit Switch(config)# interface gigabitethernet1/0/5 Switch(config-if)# no switchport Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 43-8 OL-12247-01...
Page 993 Switch(config-if)# ip address 175.20.30.20 255.255.255.0 Switch(config-if)# ip wccp web-cache redirect in Switch(config-if)# exit Switch(config)# interface range gigabitethernet1/0/3 - 6 Switch(config-if-range)# switchport mode access Switch(config-if-range)# switchport access vlan 301 Switch(config-if-range)# exit Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 43-9 OL-12247-01...
Page 994: Monitoring And Maintaining Wccp
Web Cache Redirect is enabled / disabled. show ip wccp web-cache view Displays which other members have or have not been detected. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 43-10 OL-12247-01...
Page 995: Configuring Ip Multicast Routing
IP base image. Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS IP Note Command Reference, Volume 3 of 3: Multicast, Release 12.2.
Page 996: C H A P T E R 44 Configuring Ip Multicast Routing
• Internet (MBONE). The software supports PIM-to-DVMRP interaction. • Cisco Group Management Protocol (CGMP) is used on Cisco routers and multilayer switches connected to Layer 2 Catalyst switches to perform tasks similar to those performed by IGMP. Figure 44-1 shows where these protocols operate within the IP multicast environment.
Page 997: Understanding Igmp
IGMPv2 also adds the capability for routers to elect the IGMP querier without depending on the multicast protocol to perform this task. For more information, see RFC 2236. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 44-3 OL-12247-01...
Page 998: Understanding Pim
Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 44-4...
Page 999: Pim Stub Routing
IP services feature set. You must also configure EIGRP stub routing when configuring PIM stub routing on the switch. For more information, see the “EIGRP Stub Routing” section on page 38-43. Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide 44-5 OL-12247-01...
Page 1000: Igmp Helper
This proprietary feature eliminates the need to manually configure the RP information in every router and multilayer switch in the network. For auto-RP to work, you configure a Cisco router or multilayer switch as the mapping agent. It uses IP multicast to learn which routers or switches in the network are possible candidate RPs to receive candidate RP announcements.

Cisco Catalyst 3120 Software Manual

Table of Contents

Chapter 1 Overview

Using the Command-Line Interface

CHAPTER 2 C H a P T E R 2 Using the Command-Line Interface

CHAPTER 3 Assigning the Switch IP Address and Default Gateway

Chapter 4 Configuring Cisco IO CN Agent

Managing Switch Stack

Chapter 5 Managing Switch Stack

Administering the Switch

Chapter 6 Administering the Switch

CHAPTER 7 Configuring Switch-Based Authentication

Chapter 8 Configuring SDM Template

CHAPTER 9 Configuring IEEE 802.1X Port-Based Authentication

Configuring Ieee 802.1X Authentication

CHAPTER 10 Configuring Interface Characteristics

CHAPTER 11 Configuring Smartports Macros 11-1

Chapter 12 Configuring VLAN

Quick Links

Chapters

Troubleshooting

Related Manuals for Cisco Catalyst 3120

Summary of Contents for Cisco Catalyst 3120