Page 1 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide Cisco IOS Release 12.2(44)SE January 2008 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-8915-03...
Page 2 OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.;...
Page 3: Table Of Contents
C H A P T E R Understanding Command Modes Understanding the Help System Understanding Abbreviated Commands Understanding no and default Forms of Commands Understanding CLI Error Messages Using Configuration Logging Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 4 Modifying the Startup Configuration 3-17 Default Bootup Configuration 3-18 Automatically Downloading a Configuration File 3-18 Specifying the Filename to Read and Write the System Configuration 3-18 Booting Up Manually 3-19 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 5 Managing the System Time and Date Understanding the System Clock Understanding Network Time Protocol Configuring NTP Default NTP Configuration Configuring NTP Authentication Configuring NTP Associations Configuring NTP Broadcast Service Configuring NTP Access Restrictions Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 6 Understanding the SDM Templates Dual IPv4 and IPv6 SDM Templates Configuring the Switch SDM Template Default SDM Template SDM Template Configuration Guidelines Setting the SDM Template Displaying the SDM Templates Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 7 Configuring Settings for All RADIUS Servers 7-29 Configuring the Switch to Use Vendor-Specific RADIUS Attributes 7-29 Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 7-31 Displaying the RADIUS Configuration 7-31 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 8 C H A P T E R Understanding IEEE 802.1x Port-Based Authentication Device Roles Authentication Process Authentication Initiation and Message Exchange Ports in Authorized and Unauthorized States IEEE 802.1x Host Mode IEEE 802.1x Accounting Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide viii OL-8915-03...
Page 9 Configuring a Restricted VLAN 8-35 Configuring the Inaccessible Authentication Bypass Feature 8-36 Configuring IEEE 802.1x Authentication with WoL 8-39 Configuring MAC Authentication Bypass 8-39 Configuring NAC Layer 2 IEEE 802.1x Validation 8-40 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 10 Configuring the System MTU 9-21 Monitoring and Maintaining the Interfaces 9-22 Monitoring Interface Status 9-23 Clearing and Resetting Interfaces and Counters 9-23 Shutting Down and Restarting the Interface 9-24 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 11 Creating an Extended-Range VLAN with an Internal VLAN ID 11-15 Displaying VLANs 11-16 Configuring VLAN Trunks 11-16 Trunking Overview 11-16 Encapsulation Types 11-18 IEEE 802.1Q Configuration Considerations 11-19 Default Layer 2 Ethernet Interface VLAN Configuration 11-19 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 12 VTP Pruning 12-4 Configuring VTP 12-6 Default VTP Configuration 12-6 VTP Configuration Options 12-7 VTP Configuration in Global Configuration Mode 12-7 VTP Configuration in VLAN Database Configuration Mode 12-7 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 13 Configuring Voice VLAN 13-3 Default Voice VLAN Configuration 13-3 Voice VLAN Configuration Guidelines 13-3 Configuring a Port Connected to a Cisco 7960 IP Phone 13-4 Configuring Cisco IP Phone Voice Traffic 13-5 Configuring the Priority of Incoming Data Frames 13-6...
Page 14 Forwarding State 16-6 Disabled State 16-7 How a Switch or Port Becomes the Root Switch or Root Port 16-7 Spanning Tree and Redundant Connectivity 16-8 Spanning-Tree Address Management 16-8 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 15 Boundary Ports 17-6 IEEE 802.1s Implementation 17-6 Port Role Naming Change 17-7 Interoperation Between Legacy and Standard Switches 17-7 Detecting Unidirectional Link Failure 17-8 Interoperability with IEEE 802.1D STP 17-8 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 16 Understanding BackboneFast 18-5 Understanding EtherChannel Guard 18-7 Understanding Root Guard 18-8 Understanding Loop Guard 18-9 Configuring Optional Spanning-Tree Features 18-9 Default Optional Spanning-Tree Configuration 18-9 Optional Spanning-Tree Configuration Guidelines 18-10 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 17 Configuring the DHCP Server 20-10 Configuring the DHCP Relay Agent 20-10 Specifying the Packet Forwarding Address 20-10 Enabling DHCP Snooping and Option 82 20-11 Enabling DHCP Snooping on Private VLANs 20-13 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xvii OL-8915-03...
Page 18 Understanding IGMP Snooping 22-2 IGMP Versions 22-3 Joining a Multicast Group 22-3 Leaving a Multicast Group 22-5 Immediate Leave 22-6 IGMP Configurable-Leave Timer 22-6 IGMP Report Suppression 22-6 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xviii OL-8915-03...
Page 19 C H A P T E R Configuring Storm Control 23-1 Understanding Storm Control 23-1 Default Storm Control Configuration 23-3 Configuring Storm Control and Threshold Levels 23-3 Configuring Small-Frame Arrival Rate 23-5 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 20 Configuring LLDP Characteristics 25-4 Disabling and Enabling LLDP Globally 25-5 Disabling and Enabling LLDP on an Interface 25-5 Configuring LLDP-MED TLVs 25-6 Monitoring and Maintaining LLDP and LLDP-MED 25-7 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 21 Creating an RSPAN Source Session 27-17 Creating an RSPAN Destination Session 27-19 Creating an RSPAN Destination Session and Configuring Incoming Traffic 27-20 Specifying VLANs to Filter 27-22 Displaying SPAN and RSPAN Status 27-23 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 22 SNMP Manager Functions 30-3 SNMP Agent Functions 30-4 SNMP Community Strings 30-4 Using SNMP to Access MIB Variables 30-4 SNMP Notifications 30-5 SNMP ifIndex MIB Object Values 30-5 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xxii OL-8915-03...
Page 23 IPv4 ACL Configuration Examples 31-21 Numbered ACLs 31-23 Extended ACLs 31-23 Named ACLs 31-23 Time Range Applied to an IP ACL 31-24 Commented IP ACL Entries 31-24 ACL Logging 31-25 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xxiii OL-8915-03...
Page 24 32-19 Configuring Auto-QoS 32-20 Generated Auto-QoS Configuration 32-21 Effects of Auto-QoS on the Configuration 32-25 Auto-QoS Configuration Guidelines 32-25 Enabling Auto-QoS for VoIP 32-26 Auto-QoS Configuration Example 32-28 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xxiv OL-8915-03...
Page 25 Mapping DSCP or CoS Values to an Ingress Queue and Setting WTD Thresholds 32-67 Allocating Buffer Space Between the Ingress Queues 32-68 Allocating Bandwidth Between the Ingress Queues 32-68 Configuring the Ingress Priority Queue 32-69 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 26 Configuring the PAgP Learn Method and Priority 33-16 Configuring LACP Hot-Standby Ports 33-17 Configuring the LACP System Priority 33-18 Configuring the LACP Port Priority 33-19 Displaying EtherChannel, PAgP, and LACP Status 33-20 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xxvi OL-8915-03...
Page 27 34-17 Configuring RIP 34-17 Default RIP Configuration 34-18 Configuring Basic RIP Parameters 34-19 Configuring RIP Authentication 34-20 Configuring Summary Addresses and Split Horizon 34-21 Configuring Split Horizon 34-22 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xxvii OL-8915-03...
Page 28 35-13 Default IPv6 Configuration 35-13 Configuring IPv6 Addressing and Enabling IPv6 Host 35-14 Configuring IPv6 ICMP Rate Limiting 35-15 Configuring Static Routes for IPv6 35-16 Displaying IPv6 35-18 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xxviii OL-8915-03...
Page 29 38-1 C H A P T E R Understanding HSRP 38-1 Multiple HSRP 38-3 Configuring HSRP 38-4 Default HSRP Configuration 38-5 HSRP Configuration Guidelines 38-5 Enabling HSRP 38-5 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xxix OL-8915-03...
Page 30 Procedure with Password Recovery Disabled 40-6 Preventing Autonegotiation Mismatches 40-7 SFP Module Security and Identification 40-8 Monitoring SFP Module Status 40-8 Monitoring Temperature 40-9 Using Ping 40-9 Understanding Ping 40-9 Executing Ping 40-9 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 31 A P P E N D I X MIB List Using FTP to Access the MIB Files Working with the Cisco IOS File System, Configuration Files, and Software Images A P P E N D I X Working with the Flash File System...
Page 32 Working with Software Images B-23 Image Location on the Switch B-24 tar File Format of Images on a Server or Cisco.com B-24 Copying Image Files By Using TFTP B-25 Preparing to Download or Upload an Image File By Using TFTP...
Page 33 Unsupported Global Configuration Command Unsupported Interface Configuration Command IP Unicast Routing Unsupported Privileged EXEC or User EXEC Commands Unsupported Global Configuration Commands Unsupported Interface Configuration Commands Unsupported Route Map Commands Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xxxiii OL-8915-03...
Page 34 Unsupported Global Configuration Commands Spanning Tree Unsupported Global Configuration Command Unsupported Interface Configuration Command VLAN Unsupported Global Configuration Command Unsupported User EXEC Commands Unsupported Privileged EXEC Command N D E X Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xxxiv OL-8915-03...
Page 35 This guide is for the networking professional managing the Cisco Catalyst Blade Switch 3020 for HP, referred to as the switch. Before using this guide, you should have experience working with the Cisco IOS software and be familiar with the concepts and terminology of Ethernet and local area networking.
Page 36: Related Publications
Means reader be careful. In this situation, you might do something that could result in equipment Caution damage or loss of data. Related Publications For more information about the switch, see the Cisco Catalyst Blade Switch 3020 for HP documentation on Cisco.com: http://www.cisco.com/en/US/products/ps6748/tsd_products_support_series_home.html Note Before installing, configuring, or upgrading the switch, see these documents: •...
Page 37: Obtaining Documentation And Submitting A Service Request
Preface Obtaining Documentation and Submitting a Service Request Release Notes for the Cisco Catalyst Blade Switch 3020 for HP, Cisco IOS Release 12.2(37)SE (not • orderable but available on Cisco.com) Cisco Catalyst Blade Switch 3020 for HP System Message Guide (not orderable, but available on •...
Page 38 Preface Obtaining Documentation and Submitting a Service Request Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xxxviii OL-8915-03...
Page 39: Features
(IPv6). Features Beginning with Cisco IOS Release 12.2(44)SE, the switch ships with the IP base image installed, which provides Layer 2+ features (enterprise-class intelligent services). These features include access control lists (ACLs), quality of service (QoS), static routing, EIGRP and PIM stub routing, the Hot Standby Router Protocol (HSRP), the Routing Information Protocol (RIP), IPv6 host management, and IPv6 MLD snooping.
Page 40: Chapter 1 Overview
Port blocking on forwarding unknown Layer 2 unknown unicast, multicast, and bridged broadcast • traffic Cisco Group Management Protocol (CGMP) server support and Internet Group Management • Protocol (IGMP) snooping for IGMP Versions 1, 2, and 3: (For CGMP devices) CGMP for limiting multicast traffic to specified end stations and reducing –...
Page 41: Management Options
Switch Database Management (SDM) templates for allocating system resources to maximize • support for user-selected features Cisco IOS IP Service Level Agreements (SLAs), a part of Cisco IOS software that uses active traffic • monitoring for measuring network performance Configurable small-frame arrival threshold to prevent storm control when small frames (64 bytes or •...
Page 42: Manageability Features
Network Time Protocol (NTP) for providing a consistent time stamp to all switches from an external • source Cisco IOS File System (IFS) for providing a single interface to all file systems that the switch uses • Configuration logging to log and to view changes to the switch configuration •...
Page 43: Availability And Redundancy Features
• switch configuration or switch image files (requires the cryptographic version of the software) The HTTP client in Cisco IOS supports can send requests to both IPv4 and IPv6 HTTP servers, and • the HTTP server in Cisco IOS can service HTTP requests from both IPv4 and IPv6 HTTP clients.
Page 44: Vlan Features
Link state tracking (Layer 2 trunk failover) to mirror the state of the external Ethernet links and to • allow the failover of the processor blade traffic to an operational external link on a separate Cisco Ethernet switch VLAN Features...
Page 45 VLAN assignment for restricting IEEE 802.1x-authenticated users to a specified VLAN Port security for controlling access to IEEE 802.1x ports – Voice VLAN to permit a Cisco IP Phone to access the voice VLAN regardless of the authorized – or unauthorized state of the port Guest VLAN to provide limited services to non-IEEE 802.1x-compliant users...
Page 46: Qos And Cos Features
Trusted port states (CoS, DSCP, and IP precedence) within a QoS domain and with a port – bordering another QoS domain Trusted boundary for detecting the presence of a Cisco IP Phone, trusting the CoS value – received, and ensuring port security...
Page 47: Layer 3 Features
DHCP relay for forwarding UDP broadcasts, including IP address requests, from DHCP clients • IPv6 unicast host management • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 48: Monitoring Features
Chapter 20, “Configuring DHCP Features and IP Source Guard.” Default domain name is not configured. For more information, see Chapter 3, “Assigning the Switch • IP Address and Default Gateway.” Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 1-10 OL-8915-03...
Page 49 No private VLANs are configured. For more information, see Chapter 14, “Configuring Private – VLANs.” Voice VLAN is disabled. For more information, see Chapter 13, “Configuring Voice VLAN.” – Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 1-11 OL-8915-03...
Page 50 SNMP is enabled (Version 1). For more information, see Chapter 30, “Configuring SNMP.” • No ACLs are configured. For more information, see Chapter 31, “Configuring Network Security • with ACLs.” Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 1-12 OL-8915-03...
Page 51: Design Concepts For Using The Switch
Table 1-2 describes some network demands and how you can meet them. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 1-13 OL-8915-03...
Page 52 1-1)—For • high-speed access to network resources, you can use the Cisco Catalyst Blade Switch 3020 for HP in the access layer to provide Gigabit Ethernet to the blade servers. To prevent congestion, use QoS DSCP marking priorities on these switches. For high-speed IP forwarding at the distribution layer, connect the switches in the access layer to a Gigabit multilayer switch with routing capability, such as a Catalyst 3750 switch, or to a router.
Page 53 Using SFP modules provides flexibility in media and distance options through fiber-optic connections. Figure 1-2 Server Aggregation Campus core Catalyst 6500 switches Catalyst 3750 StackWise switch stacks Blade Switches Blade Servers Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 1-15 OL-8915-03...
Page 54: Where To Go Next
Before configuring the switch, review these sections for startup information: Chapter 2, “Using the Command-Line Interface” • Chapter 3, “Assigning the Switch IP Address and Default Gateway” • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 1-16 OL-8915-03...
Page 55: Understanding Command Modes
C H A P T E R Using the Command-Line Interface This chapter describes the Cisco IOS command-line interface (CLI) and how to use it to configure your switch. It contains these sections: Understanding Command Modes, page 2-1 • Understanding the Help System, page 2-3 •...
Page 56: C H A P T E R 2 Using The Command-Line Interface
To exit to privileged Use this mode to configure Switch(vlan)# EXEC mode, enter EXEC mode, enter VLAN parameters for VLANs the vlan database exit. 1 to 1005 in the VLAN command. database. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 57: Understanding The Help System
Obtain a list of commands that begin with a particular character string. For example: Switch# di? dir disable disconnect abbreviated-command-entry<Tab> Complete a partial command name. For example: Switch# sh conf<tab> Switch# show configuration Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 58: Understanding Abbreviated Commands
However, some commands are enabled by default and have variables set to certain default values. In these cases, the default command enables the command and sets variables to their default values. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 59: Understanding Cli Error Messages
For more information, see the Configuration Change Notification and Logging feature module at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d1e81. html Note Only CLI or HTTP changes are logged. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 60: Using Command History
The number of commands that appear is controlled by the setting of the terminal history global configuration command and the history line configuration command. 1. The arrow keys function only on ANSI-compatible terminals such as VT100s. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 61: Disabling The Command History Feature
Editing Commands through Keystrokes Capability Keystroke Purpose Move around the command line to Press Ctrl-B, or press the Move the cursor back one character. make changes or corrections. left arrow key. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 62 Press Esc U. Capitalize letters from the cursor to the end of the word. Designate a particular keystroke as Press Ctrl-V or Esc Q. an executable command, perhaps as a shortcut. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 63: Editing Command Lines That Wrap
Use line wrapping with the command history feature to recall and modify previous complex command entries. For information about recalling previous command entries, see the “Editing Commands through Keystrokes” section on page 2-7. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 64: Searching And Filtering Output Of Show And More Commands
7-37. The switch supports up to five simultaneous secure SSH sessions. After you connect through the console port, through a Telnet session or through an SSH session, the user EXEC prompt appears on the management station. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 2-10 OL-8915-03...
Page 65: Chapter 3 Assigning The Switch Ip Address And Default Gateway
For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release and the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline >...
Page 66: Assigning Switch Information
IP address and reads the configuration file. If you are an experienced user familiar with the switch configuration steps, manually configure the switch. Otherwise, use the setup program described previously. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 67: Default Switch Information
IP address, and you can manage the switch through the fa0 interface. See the HP BladeSystem documentation at http://www.hp.com/go/bladesystem/documentation for more information about the Onboard Administrator. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 68: Dhcp Client Request Process
This helps ensure that each new switch added to a network receives the same image and configuration. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 69: Dhcp Autoconfiguration
NVRAM unless you enter the write memory or copy running-configuration startup-configuration privileged EXEC command. Note that if the downloaded configuration is saved to the startup configuration, the feature is not triggered during subsequent system restarts. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 70: Configuring Dhcp-Based Autoconfiguration
• Example Configuration, page 3-9 If your DHCP server is a Cisco device, for additional information about configuring DHCP, see the “Configuring DHCP” section of the “IP Addressing and Services” section of the Cisco IOS IP Configuration Guide from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline >...
Page 71: Configuring The Dns
If the relay device is a Cisco router, enable IP routing (ip routing global configuration command), and configure helper addresses by using the ip helper-address interface configuration command.
Page 72: Obtaining Configuration Files
The switch sends a broadcast message to a TFTP server to retrieve the named configuration file from the base directory of the server, and upon receipt, it completes its bootup process. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 73: Example Configuration
00e0.9f1e.2002 00e0.9f1e.2003 00e0.9f1e.2004 Cisco router 10.0.0.10 10.0.0.1 10.0.0.2 10.0.0.3 DHCP server DNS server TFTP server (tftpserver) Table 3-2 shows the configuration of the reserved leases on the DHCP server. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 74 It reads the configuration file that corresponds to its hostname; for example, it reads switch1-confg • from the TFTP server. Switches B through D retrieve their configuration files and IP addresses in the same way. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 3-10 OL-8915-03...
Page 75: Configuring The Dhcp Auto Configuration And Image Update Features
Switch(dhcp-config)# bootfile config-boot.text Switch(dhcp-config)# default-router 10.10.10.1 Switch(dhcp-config)# option 150 10.10.10.1 Switch(dhcp-config)# exit Switch(config)# tftp-server flash:config-boot.text Switch(config)# interface gigabitethernet1/0/4 Switch(config-if)# no switchport Switch(config-if)# ip address 10.10.10.1 255.255.255.0 Switch(config-if)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 3-11 OL-8915-03...
Page 76: Configuring Dhcp Auto-Image Update (Configuration File And Image)
Upload the tarfile for the new image to the switch. Step 10 exit Return to global configuration mode. Step 11 tftp-server flash:config.text Specify the Cisco IOS configuration file on the TFTP server. Step 12 tftp-server flash:imagename.tar Specify the imagename on the TFTP server. Step 13 tftp-server flash:filename.txt...
Page 77: Configuring The Client
Private Config file: flash:/private-config.text Enable Break: Manual Boot: HELPER path-list: NVRAM/Config file buffer size: 32768 Timeout for Config Download: 300 seconds Config Download via DHCP: enabled (next boot: enabled) Switch# Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 3-13 OL-8915-03...
Page 78: Manually Assigning Ip Information
For information on setting the switch system name, protecting access to privileged EXEC commands, and setting time and calendar services, see Chapter 5, “Administering the Switch.” Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 3-14 OL-8915-03...
Page 79: Checking And Saving The Running Configuration
1000 spanning-tree portfast interface GigabitEthernet0/3 speed 1000 spanning-tree portfast interface GigabitEthernet0/4 speed 1000 spanning-tree portfast interface GigabitEthernet0/5 speed 1000 spanning-tree portfast interface GigabitEthernet0/6 speed 1000 spanning-tree portfast Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 3-15 OL-8915-03...
Page 80 20 switchport mode access media-type rj45 interface GigabitEthernet0/20 switchport access vlan 21 switchport trunk native vlan 21 switchport mode access switchport backup interface Gi0/22 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 3-16 OL-8915-03...
Page 81: Modifying The Startup Configuration
EXEC command. For more information about alternative locations from which to copy the configuration file, see Appendix B, “Working with the Cisco IOS File System, Configuration Files, and Software Images.” Modifying the Startup Configuration...
Page 82: Default Bootup Configuration
Specifying the Filename to Read and Write the System Configuration By default, the Cisco IOS software uses the file config.text to read and write a nonvolatile copy of the system configuration. However, you can specify a different filename, which will be loaded during the next bootup cycle.
Page 83: Booting Up Manually
However, you can specify a specific image with which to boot up the switch. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 3-19 OL-8915-03...
Page 84: Controlling Environment Variables
Environment variables store two kinds of data: • Data that controls code, which does not read the Cisco IOS configuration file. For example, the name of a bootloader helper file, which extends or patches the functionality of the bootloader can be stored as an environment variable.
Page 85: Scheduling A Reload Of The Software Image
(for example, to perform a software upgrade on all switches in the network). Note A scheduled reload must take place within approximately 24 days. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 3-21 OL-8915-03...
Page 86: Configuring A Scheduled Reload
Reload scheduled for 02:00:00 UTC Thu Jun 20 1996 (in 344 hours and 53 minutes) Proceed with reload? [confirm] To cancel a previously scheduled reload, use the reload cancel privileged EXEC command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 3-22 OL-8915-03...
Page 87: Displaying Scheduled Reload Information
It displays reload information including the time the reload is scheduled to occur and the reason for the reload (if it was specified when the reload was scheduled). Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 3-23 OL-8915-03...
Page 88 Chapter 3 Assigning the Switch IP Address and Default Gateway Scheduling a Reload of the Software Image Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 3-24 OL-8915-03...
Page 89: Chapter 4 Configuring Cisco Ios Cns Agents
For complete configuration information for the Cisco Configuration Engine, see this URL on Cisco.com Note http://www.cisco.com/en/US/products/sw/netmgtsw/ps4617/tsd_products_support_series_home.html For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Network Management Command Reference, Release 12.4 at this URL on Cisco.com: http://www.cisco.com/en/US/products/ps6350/products_command_reference_book09186a008042df72.
Page 90: Chapter 4 Configuring Cisco Io Cn Agent
(LDAP) URLs that reference the device-specific configuration information stored in a directory. The Cisco IOS agent can perform a syntax check on received configuration files and publish events to show the success or failure of the syntax check. The configuration agent can either apply configurations immediately or delay the application until receipt of a synchronization event from the configuration server.
Page 91: Event Service
Understanding Cisco Configuration Engine Software Event Service The Cisco Configuration Engine uses the Event Service for receipt and generation of configuration events. The event agent is on the switch and facilitates the communication between the switch and the event gateway on the Configuration Engine.
Page 92: Deviceid
Therefore, the DeviceID, as originated on the switch, must match the DeviceID of the corresponding switch definition in the Configuration Engine. The origin of the DeviceID is defined by the Cisco IOS hostname of the switch. However, the DeviceID variable and its usage reside within the event gateway adjacent to the switch.
Page 93: Understanding Cisco Ios Agents
Understanding Cisco IOS Agents The CNS event agent feature allows the switch to publish and subscribe to events on the event bus and works with the Cisco IOS agent. The Cisco IOS agent feature supports the switch by providing these features: Initial Configuration, page 4-5 •...
Page 94: Incremental (Partial) Configuration
NVRAM for use at the next reboot. Configuring Cisco IOS Agents The Cisco IOS agents embedded in the switch Cisco IOS software allow the switch to be connected and automatically configured as described in the “Enabling Automated CNS Configuration” section on page 4-6.
Page 95 Note For more information about running the setup program and creating templates on the Configuration Engine, see the Cisco Configuration Engine Installation and Setup Guide, 1.5 for Linux at this URL: http://www.cisco.com/en/US/products/sw/netmgtsw/ps4617/products_installation_and_configuration_ guide_book09186a00803b59db.html...
Page 96: Enabling The Cns Event Agent
This example shows how to enable the CNS event agent, set the IP address gateway to 10.180.1.27, set 120 seconds as the keepalive interval, and set 10 as the retry count. Switch(config)# cns event 10.180.1.27 keepalive 120 10 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 97: Enabling The Cisco Ios Cns Agent
Configuring Cisco IOS Agents Enabling the Cisco IOS CNS Agent After enabling the CNS event agent, start the Cisco IOS CNS agent on the switch. You can enable the Cisco IOS agent with these commands: The cns config initial global configuration command enables the Cisco IOS agent and initiates an •...
Page 98 Step 11 hostname name Enter the hostname for the switch. Step 12 ip route network-number (Optional) Establish a static route to the Configuration Engine whose IP address is network-number. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 4-10 OL-8915-03...
Page 99 ID, enter an arbitrary text string for string string as the unique ID, or enter udi to set the unique device identifier (UDI) as the unique ID. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 4-11 OL-8915-03...
Page 100 Verify your entries. To disable the CNS Cisco IOS agent, use the no cns config initial {ip-address | hostname} global configuration command. This example shows how to configure an initial configuration on a remote switch when the switch configuration is unknown (the CNS Zero Touch feature).
Page 101: Enabling A Partial Configuration
RemoteSwitch(config)# cns id ethernet 0 ipaddress RemoteSwitch(config)# cns config initial 172.28.129.22 no-persist Enabling a Partial Configuration Beginning in privileged EXEC mode, follow these steps to enable the Cisco IOS agent and to initiate a partial configuration on the switch: Command...
Page 102: Displaying Cns Configuration
Displaying CNS Configuration Command Purpose show cns config connections Displays the status of the CNS Cisco IOS agent connections. show cns config outstanding Displays information about incremental (partial) CNS configurations that have started but are not yet completed. show cns config stats Displays statistics about the Cisco IOS agent.
Page 103 You can manage the system time and date on your switch using automatic configuration, such as the Network Time Protocol (NTP), or manual configuration methods. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Configuration Fundamentals Command Reference from the Cisco.com page under Documentation >...
Page 104: Administering The Switch
Cisco’s implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that the time service for your network be derived from the public NTP servers available on the IP Internet.
Page 105: Configuring Ntp
Switch F Workstations If the network is isolated from the Internet, Cisco’s implementation of NTP allows a device to act as if it is synchronized through NTP, when in fact it has learned the time by using other means. Other devices then synchronize to that device through NTP.
Page 106: Default Ntp Configuration
NTP that provide for accurate timekeeping) with other devices for security purposes: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ntp authenticate Enable the NTP authentication feature, which is disabled by default. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 107: Configuring Ntp Associations
(meaning that only this switch synchronizes to the other device, and not the other way around). Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 108: Configuring Ntp Broadcast Service
However, in a LAN environment, NTP can be configured to use IP broadcast messages instead. This alternative reduces configuration complexity because each device can simply be configured to send or receive broadcast messages. However, the information flow is one-way only. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 109 Step 3 ntp broadcast client Enable the interface to receive NTP broadcast packets. By default, no interfaces receive NTP broadcast packets. Step 4 exit Return to global configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 110: Configuring Ntp Access Restrictions
NTP control queries and allows the switch to synchronize to the remote device. For access-list-number, enter a standard IP access list number from 1 to 99. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 111 99. However, the switch restricts access to allow only time requests from access list 42: Switch# configure terminal Switch(config)# ntp access-group peer 99 Switch(config)# ntp access-group serve-only 42 Switch(config)# access-list 99 permit 172.20.130.5 Switch(config)# access list 42 permit 172.20.130.6 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 112: Configuring The Source Ip Address For Ntp Packets
“Configuring NTP Associations” section on page 5-5. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-10 OL-8915-03...
Page 113: Displaying The Ntp Configuration
[detail] show ntp status • For detailed information about the fields in these displays, see the Cisco IOS Configuration Note Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References.
Page 114: Displaying The Time And Date Configuration
Atlantic Canada (AST) is UTC-3.5, where the 3 means 3 hours and .5 means 50 percent. In this case, the necessary command is clock timezone AST -3 30. To set the time to UTC, use the no clock timezone global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-12 OL-8915-03...
Page 115: Configuring Summer Time (Daylight Saving Time)
This example shows how to specify that summer time starts on the first Sunday in April at 02:00 and ends on the last Sunday in October at 02:00: Switch(config)# clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-13 OL-8915-03...
Page 116: Configuring A System Name And Prompt
A greater-than symbol [>] is appended. The prompt is updated whenever the system name changes. For complete syntax and usage information for the commands used in this section, from the Cisco.com page, select Documentation > Cisco IOS Software > 12.2 Mainline > Command References and see the Cisco IOS Configuration Fundamentals Command Reference and the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols.
Page 117: Default System Name And Prompt Configuration
Domain names are pieced together with periods (.) as the delimiting characters. For example, Cisco Systems is a commercial organization that IP identifies by a com domain name, so its domain name is cisco.com. A specific device in this domain, for example, the File Transfer Protocol (FTP) system is identified as ftp.cisco.com.
Page 118: Default Dns Configuration
Internet naming scheme (DNS). Step 5 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-16 OL-8915-03...
Page 119: Displaying The Dns Configuration
If there is a period (.) in the hostname, the Cisco IOS software looks up the IP address without appending any default domain name to the hostname.
Page 120: Configuring A Message-Of-The-Day Login Banner
Trying 172.2.5.4... Connected to 172.2.5.4. Escape character is '^]'. This is a secure site. Only authorized users are allowed. For access, contact technical support. User Access Verification Password: Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-18 OL-8915-03...
Page 121: Configuring A Login Banner
(static or dynamic). Note For complete syntax and usage information for the commands used in this section, see the command reference for this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-19 OL-8915-03...
Page 122: Building The Address Table
Each VLAN maintains its own logical address table. A known address in one VLAN is unknown in another until it is learned or statically associated with a port in the other VLAN. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-20...
Page 123: Default Mac Address Table Configuration
Step 3 Return to privileged EXEC mode. Step 4 show mac address-table aging-time Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-21 OL-8915-03...
Page 124: Removing Dynamic Address Entries
For notification-type, use the mac-notification • keyword. Step 3 snmp-server enable traps mac-notification Enable the switch to send MAC address traps to the NMS. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-22 OL-8915-03...
Page 125 Switch(config-if)# snmp trap mac-notification added You can verify the previous commands by entering the show mac address-table notification interface and the show mac address-table notification privileged EXEC commands. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-23 OL-8915-03...
Page 126: Adding And Removing Static Address Entries
(Optional) Save your entries in the configuration file. To remove static entries from the address table, use the no mac address-table static mac-addr vlan vlan-id [interface interface-id] global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-24 OL-8915-03...
Page 127: Configuring Unicast Mac Address Filtering
For vlan-id, specify the VLAN for which the packet with the • specified MAC address is received. Valid VLAN IDs are 1 to 4094. Step 3 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-25 OL-8915-03...
Page 128: Displaying Address Table Entries
Displays the MAC notification parameters and history table. show mac address-table static Displays only static MAC address table entries. show mac address-table vlan Displays the MAC address table information for the specified VLAN. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-26 OL-8915-03...
Page 129: Managing The Arp Table
ARP entries added manually to the table do not age and must be manually removed. Note For CLI procedures, see the Cisco IOS Release 12.2 documentation from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide...
Page 130 Chapter 5 Administering the Switch Managing the ARP Table Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-28 OL-8915-03...
Page 131: Chapter 6 Configuring Sdm Templates
6-2. You must enable a dual-stack template to configure IPv6 host or IPv6 MLD snooping. Table 6-1 lists the approximate numbers of each resource supported in each IPv4 template. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 132: Dual Ipv4 And Ipv6 Sdm Templates
Layer 2 and ACLs for IPv6 on the switch. Table 6-2 defines the approximate feature resources allocated by each new template. Template estimations are based on a switch with 8 routed interfaces and approximately 1000 VLANs. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 133: Configuring The Switch Sdm Template
• Default SDM Template, page 6-3 SDM Template Configuration Guidelines, page 6-4 • Setting the SDM Template, page 6-4 • Default SDM Template The default template is the default. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 134: Sdm Template Configuration Guidelines
VLAN configuration on the switch with no • routing supported in hardware. The default template balances the use of system resources. Step 3 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 135: Displaying The Sdm Templates
Use the show sdm prefer [access | default | dual-ipv4-and-ipv6 {default | vlan} |routing | vlan] privileged EXEC command to display the resource numbers supported by the specified template. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 136 IPv4/MAC qos aces: 0.75K number of IPv4/MAC security aces: number of IPv6 policy based routing aces: number of IPv6 qos aces: 0.5K number of IPv6 security aces: 0.5K Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 137: Configuring Switch-Based Authentication
If you have defined privilege levels, you can also assign a specific privilege level (with associated rights and privileges) to each username and password pair. For more information, see the “Configuring Username and Password Pairs” section on page 7-6. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 138: C H A P T E R 7 Configuring Switch-Based Authentication
Password protection restricts access to a network or network device. Privilege levels define what commands users can enter after they have logged into a network device. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Security Command Reference, Release 12.2 from the Cisco.com page under Documentation >...
Page 139: Setting Or Changing A Static Enable Password
We recommend that you use the enable secret command because it uses an improved encryption algorithm. If you configure the enable secret command, it takes precedence over the enable password command; the two commands cannot be in effect simultaneously. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 140 To remove a password and level, use the no enable password [level level] or no enable secret [level level] global configuration command. To disable password encryption, use the no service password-encryption global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 141: Disabling Password Recovery
Disable password recovery. This setting is saved in an area of the flash memory that is accessible by the bootloader and the Cisco IOS image, but it is not part of the file system and is not accessible by any user.
Page 142: Setting A Telnet Password For A Terminal Line
If you have defined privilege levels, you can also assign a specific privilege level (with associated rights and privileges) to each username and password pair. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 143: Configuring Multiple Privilege Levels
Configuring Multiple Privilege Levels By default, the Cisco IOS software has two modes of password security: user EXEC and privileged EXEC. You can configure up to 16 hierarchical levels of commands for each mode. By configuring multiple passwords, you can allow different sets of users to have access to specified commands.
Page 144: Setting The Privilege Level For A Command
This example shows how to set the configure command to privilege level 14 and define SecretPswd14 as the password users must enter to use level 14 commands: Switch(config)# privilege exec level 14 configure Switch(config)# enable password level 14 SecretPswd14 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 145: Changing The Default Privilege Level For Lines
Log in to a specified privilege level. For level, the range is 0 to 15. Step 2 disable level Exit to a specified privilege level. For level, the range is 0 to 15. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 146: Controlling Switch Access With Tacacs
TACACS+ is facilitated through authentication, authorization, accounting (AAA) and can be enabled only through AAA commands. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Security Command Reference, Release 12.2.
Page 147 TACACS+ daemon are encrypted. You need a system running the TACACS+ daemon software to use TACACS+ on your switch. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-11 OL-8915-03...
Page 148: Tacacs+ Operation
This process continues until there is successful communication with a listed method or the method list is exhausted. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-12 OL-8915-03...
Page 149: Default Tacacs+ Configuration
TACACS+ daemon. You must configure the same key on the TACACS+ daemon for encryption to be successful. Step 3 aaa new-model Enable AAA. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-13 OL-8915-03...
Page 150: Configuring Tacacs+ Login Authentication
Beginning in privileged EXEC mode, follow these steps to configure login authentication: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-14 OL-8915-03...
Page 151 {default | list-name} method1 [method2...] global configuration command. To either disable TACACS+ authentication for logins or to return to the default value, use the no login authentication {default | list-name} line configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-15 OL-8915-03...
Page 152: Configuring Tacacs+ Authorization For Privileged Exec Access And Network Services
HTTP access by using AAA methods. For more information about the ip http authentication command, see the Cisco IOS Security Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline >...
Page 153: Starting Tacacs+ Accounting
RADIUS is facilitated through AAA and can be enabled only through AAA commands. Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS Security Command Reference, Release 12.2. These sections contain this configuration information: •...
Page 154: Understanding Radius
X.25 PAD connections. Switch-to-switch or router-to-router situations. RADIUS does not provide two-way authentication. • RADIUS can be used to authenticate from one device to a non-Cisco device if the non-Cisco device requires authentication. • Networks using a variety of services. RADIUS generally binds a user to one service model.
Page 155: Radius Operation
REJECT packets includes these items: Telnet, SSH, rlogin, or privileged EXEC services • Connection parameters, including the host or client IP address, access list, and user timeouts • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-19 OL-8915-03...
Page 156: Configuring Radius
Identifying the RADIUS Server Host Switch-to-RADIUS-server communication involves several components: Hostname or IP address • Authentication destination port • • Accounting destination port • Key string • Timeout period Retransmission value • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-20 OL-8915-03...
Page 157 You can configure the switch to use AAA server groups to group existing server hosts for authentication. For more information, see the “Defining AAA Server Groups” section on page 7-25. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-21 OL-8915-03...
Page 158 (Optional) Save your entries in the configuration file. To remove the specified RADIUS server, use the no radius-server host hostname | ip-address global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-22 OL-8915-03...
Page 159: Configuring Radius Login Authentication
Beginning in privileged EXEC mode, follow these steps to configure login authentication. This procedure is required. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-23 OL-8915-03...
Page 160 Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-24 OL-8915-03...
Page 161: Defining Aaa Server Groups
HTTP access by using AAA methods. For more information about the ip http authentication command, see the Cisco IOS Security Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline >...
Page 162 Repeat this step for each RADIUS server in the AAA server group. Each server in the group must be previously defined in Step 2. Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-26 OL-8915-03...
Page 163: Configuring Radius Authorization For User Privileged Access And Network Services
Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa authorization network radius Configure the switch for user RADIUS authorization for all network-related service requests. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-27 OL-8915-03...
Page 164: Starting Radius Accounting
(AV) pairs and is stored on the security server. This data can then be analyzed for network management, client billing, or auditing. Beginning in privileged EXEC mode, follow these steps to enable RADIUS accounting for each Cisco IOS privilege level and for network services:...
Page 165: Configuring Settings For All Radius Servers
1, which is named cisco-avpair. The value is a string with this format: protocol : attribute sep value * Protocol is a value of the Cisco protocol attribute for a particular type of authorization. Attribute and value are an appropriate attribute-value (AV) pair defined in the Cisco TACACS+ specification, and sep is = for mandatory attributes and is * for optional attributes.
Page 166 For a complete list of RADIUS attributes or more information about vendor-specific attribute 26, see the “RADIUS Attributes” appendix in the Cisco IOS Security Configuration Guide, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References.
Page 167: Configuring The Switch For Vendor-Proprietary Radius Server Communication
Although an IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the switch and the RADIUS server, some vendors have extended the RADIUS attribute set in a unique way. Cisco IOS software supports a subset of vendor-proprietary RADIUS attributes.
Page 168: Controlling Switch Access With Kerberos
• Configuring Kerberos, page 7-35 • For Kerberos configuration examples, see the “Kerberos Configuration Examples” section in the “Security Server Protocols” chapter of the Cisco IOS Security Configuration Guide, Release 12.2, at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_book09186a 0080087df1.html For complete syntax and usage information for the commands used in this section, see the “Kerberos Commands”...
Page 169 Also known as a Kerberos identity, this is who you are or what a service is according to the Kerberos server. The Kerberos principal name must be in all lowercase characters. Note Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-33 OL-8915-03...
Page 170: Kerberos Operation
The user must authenticate to the KDC because the TGT that the KDC issues is stored on the switch and cannot be used for additional authentication until the user logs on to the switch. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-34...
Page 171: Obtaining A Tgt From A Kdc
KDC and obtain a TGT from the KDC to access network services. For instructions about how to authenticate to a KDC, see the “Obtaining a TGT from a KDC” section in the “Security Server Protocols” chapter of the Cisco IOS Security Configuration Guide, Release 12.2, at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_book09186a...
Page 172: Configuring The Switch For Local Authentication And Authorization
To secure the switch for HTTP access by using AAA methods, you must configure the switch with the Note ip http authentication aaa global configuration command. Configuring AAA authentication does not secure the switch for HTTP access by using AAA methods. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-36 OL-8915-03...
Page 173: Configuring The Switch For Secure Shell
You can use an SSH client to connect to a switch running the SSH server. The SSH server works with the SSH client supported in this release and with non-Cisco SSH clients. The SSH client also works with the SSH server supported in this release and with non-Cisco SSH servers.
Page 174: Limitations
When generating the RSA key pair, the message might appear. If it does, No host name specified you must configure a hostname by using the hostname global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-38 OL-8915-03...
Page 175: Setting Up The Switch To Run Ssh
Setting Up the Switch to Run SSH Follow these steps to set up your switch to run SSH: Download the cryptographic software image from Cisco.com. This step is required. For more information, see the release notes for this release. Configure a hostname and IP domain name for the switch. Follow this procedure only if you are configuring the switch as an SSH server.
Page 176: Configuring The Ssh Server
(Optional) Save your entries in the configuration file. To return to the default SSH control parameters, use the no ip ssh {timeout | authentication-retries} global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-40 OL-8915-03...
Page 177: Displaying The Ssh Configuration And Status
Displaying Secure HTTP Server and Client Status, page 7-47 • For configuration examples and complete syntax and usage information for the commands used in this section, see the “HTTPS - HTTP Server and Client with SSL 3.0” feature description for Cisco IOS Release 12.2(15)T at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a008015a4c6.
Page 178: Certificate Authority Trustpoints
(pages) back to the HTTP secure server, which, in turn, responds to the original request. The primary role of the HTTP secure client (the web browser) is to respond to Cisco IOS application requests for HTTPS User Agent services, perform HTTPS User Agent services for the application, and pass the response back to the application.
Page 179: Ciphersuites
For additional information on Certificate Authorities, see the “Configuring Certification Authority Interoperability” chapter in the Cisco IOS Security Configuration Guide, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References.
Page 180: Configuring Secure Http Servers And Clients
Specify the URL to which the switch should send certificate requests. Step 7 enrollment http-proxy host-name (Optional) Configure the switch to obtain certificates from the CA port-number through an HTTP proxy server. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-44 OL-8915-03...
Page 181: Configuring The Secure Http Server
HTTPS connection. If you do not have a reason to [rc4-128-sha] [des-cbc-sha]} specify a particularly CipherSuite, you should allow the server and client to negotiate a CipherSuite that they both support. This is the default. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-45 OL-8915-03...
Page 182 IP address or hostname of the server switch. If you configure a port other than the default port, you must also specify the port number after the URL. For example: https://209.165.129:1026 https://host.domain.com:1026 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-46 OL-8915-03...
Page 183: Configuring The Secure Http Client
Shows the HTTP secure client configuration. show ip http server secure status Shows the HTTP secure server configuration. show running-config Shows the generated self-signed certificate for secure HTTP connections. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-47 OL-8915-03...
Page 184: Configuring The Switch For Secure Copy Protocol
A user who has appropriate authorization can use SCP to copy any file in the Cisco IOS File System (IFS) to and from a switch by using the copy command. An authorized administrator can also do this from a workstation.
Page 185: Understanding Ieee 802.1X Port-Based Authentication
For complete syntax and usage information for the commands used in this chapter, see the command reference for this release and the “RADIUS Commands” section in the Cisco IOS Security Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline >...
Page 186: C H A P T E R 8 Configuring Ieee 802.1X Port-Based Authentication
LAN and switch services. Because the switch acts as the proxy, the authentication service is transparent to the client. In this release, the RADIUS security system with Extensible Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 187: Authentication Process
Authentication Protocol (EAP) extensions is the only supported authentication server. It is available in Cisco Secure Access Control Server Version 3.0 or later. RADIUS operates in a client/server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients.
Page 188 After IEEE 802.1x authentication using a RADIUS server is configured, the switch uses timers based on the Session-Timeout RADIUS attribute (Attribute[27]) and the Termination-Action RADIUS attribute (Attribute [29]). The Session-Timeout RADIUS attribute (Attribute[27]) specifies the time after which re-authentication occurs. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 189: Authentication Initiation And Message Exchange
The specific exchange of EAP frames depends on the authentication method being used. Figure 8-3 shows a message exchange initiated by the client when the client uses the One-Time-Password (OTP) authentication method with a RADIUS server. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 190 MAC authentication bypass. Figure 8-4 Message Exchange During MAC Authentication Bypass Authentication server Client (RADIUS) Switch EAPOL Request/Identity EAPOL Request/Identity EAPOL Request/Identity Ethernet packet RADIUS Access/Request RADIUS Access/Accept Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 191: Ports In Authorized And Unauthorized States
The switch detects the client by sending an EAPOL frame when the port link state changes to the up state. If a client leaves or is replaced with another client, the switch changes the port link state to down, and the port returns to the unauthorized state. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 192: Ieee 802.1X Accounting
RADIUS accounting packets are sent by a switch: START–sent when a new user session starts • INTERIM–sent during an existing session for updates • STOP–sent when a session terminates • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 193: Using 802.1X Readiness Check
You can view the AV pairs that are being sent by the switch by entering the debug radius accounting privileged EXEC command. For more information about this command, see the Cisco IOS Debug Command Reference, Release 12.2 at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_reference_book09186a008...
Page 194: Using Ieee 802.1X Authentication With Vlan Assignment
(type 6). Attribute [81] specifies the VLAN name or VLAN ID assigned to the IEEE 802.1x-authenticated user. For examples of tunnel attributes, see the “Configuring the Switch to Use Vendor-Specific RADIUS Attributes” section on page 7-29. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-10 OL-8915-03...
Page 195: Using Ieee 802.1X Authentication With Per-User Acls
If the RADIUS server does not allow the .in or .out syntax, the access list is applied to the outbound ACL by default. Because of limited support of Cisco IOS access lists on the switch, the Filter-Id attribute is supported only for IP ACLs numbered 1 to 199 and 1300 to 2699 (IP standard and IP extended ACLs).
Page 196: Using Ieee 802.1X Authentication With Guest Vlan
The switch supports MAC authentication bypass in Cisco IOS Release 12.2(25)SEE and later. When MAC authentication bypass is enabled on an IEEE 802.1x port, the switch can authorize clients based on the client MAC address when IEEE 802.1x authentication times out while waiting for an EAPOL...
Page 197: Using Ieee 802.1X Authentication With Restricted Vlan
Other port security features such as dynamic ARP Inspection, DHCP snooping, and IP source guard can be configured independently on a restricted VLAN. For more information, see the “Configuring a Restricted VLAN” section on page 8-34. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-13 OL-8915-03...
Page 198: Using Ieee 802.1X Authentication With Inaccessible Authentication Bypass
IEEE 802.1x accounting—Accounting is not affected if the RADIUS servers are unavailable. • Private VLAN—You can configure inaccessible authentication bypass on a private VLAN host port. • The access VLAN must be a secondary private VLAN. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-14 OL-8915-03...
Page 199: Using Ieee 802.1X Authentication With Voice Vlan Ports
If you enable IEEE 802.1x authentication on an access port on which a voice VLAN is configured and Note to which a Cisco IP Phone is connected, the Cisco IP phone loses connectivity to the switch for up to 30 seconds.
Page 200: Using Ieee 802.1X Authentication With Wake-On-Lan
EAPOL packets. The host can receive packets but cannot send packets to other devices in the network. If PortFast is not enabled on the port, the port is forced to the bidirectional state. Note Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-16 OL-8915-03...
Page 201: Using Ieee 802.1X Authentication With Mac Authentication Bypass
Guest VLAN—If a client has an invalid MAC address identity, the switch assigns the client to a • guest VLAN if one is configured. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-17 OL-8915-03...
Page 202: Network Admission Control Layer 2 Ieee 802.1X Validation
Network Admission Control Layer 2 IEEE 802.1x Validation In Cisco IOS Release 12.2(44)SE and later, the switch supports the Network Admission Control (NAC) Layer 2 IEEE 802.1x validation, which checks the antivirus condition or posture of endpoint systems or clients before granting the devices network access.
Page 203: Web Authentication With Automatic Mac Check
• Configuring Periodic Re-Authentication, page 8-28 (optional) • Manually Re-Authenticating a Client Connected to a Port, page 8-29 (optional) • Changing the Quiet Period, page 8-29 (optional) • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-19 OL-8915-03...
Page 204: Default Ieee 802.1X Authentication Configuration
Quiet period 60 seconds (number of seconds that the switch remains in the quiet state following a failed authentication exchange with the client). Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-20 OL-8915-03...
Page 205: Ieee 802.1X Authentication Configuration Guidelines
If the VLAN to which an IEEE 802.1x port is assigned to shut down, disabled, or removed, the port becomes unauthorized. For example, the port is unauthorized after the access VLAN to which a port is assigned shuts down or is removed. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-21 OL-8915-03...
Page 206: Vlan Assignment, Guest Vlan, Restricted Vlan, And Inaccessible Authentication Bypass
IEEE 802.1x authentication process (dot1x timeout quiet-period and dot1x timeout tx-period interface configuration commands). The amount to decrease the settings depends on the connected IEEE 802.1x client type. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-22 OL-8915-03...
Page 207: Mac Authentication Bypass
The readiness check is typically used before IEEE 802.1x is enabled on the switch. • If you use the dot1x test eapol-capable privileged EXEC command without specifying an interface, • all the ports on the switch stack are tested. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-23 OL-8915-03...
Page 208 1 to 65535 seconds. The default is 10 seconds. Step 3 (Optional) Return to privileged EXEC mode. Step 4 show running-config (Optional) Verify your modified timeout values. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-24 OL-8915-03...
Page 209: Configuring Ieee 802.1X Authentication
The switch sends an interim accounting update to the accounting server that is based on the result of Step 6 re-authentication. The user disconnects from the port. Step 7 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-25 OL-8915-03...
Page 210: Configuring The Switch-To-Radius-Server Communication
IP address and specific UDP port numbers. The combination of the IP address and UDP port number creates a unique identifier, which enables RADIUS requests to be sent to multiple UDP ports on Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-26...
Page 211 You also need to configure some settings on the RADIUS server. These settings include the IP address of the switch and the key string to be shared by both the server and the switch. For more information, see the RADIUS server documentation. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-27 OL-8915-03...
Page 212: Configuring The Host Mode
Specify the port to be configured, and enter interface configuration mode. Step 3 dot1x reauthentication Enable periodic re-authentication of the client, which is disabled by default. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-28 OL-8915-03...
Page 213: Manually Re-Authenticating A Client Connected To A Port
Beginning in privileged EXEC mode, follow these steps to change the quiet period. This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the port to be configured, and enter interface configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-29 OL-8915-03...
Page 214: Changing The Switch-To-Client Retransmission Time
This example shows how to set 60 as the number of seconds that the switch waits for a response to an EAP-request/identity frame from the client before resending the request: Switch(config-if)# dot1x timeout tx-period 60 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-30 OL-8915-03...
Page 215: Setting The Switch-To-Client Frame-Retransmission Number
Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the port to be configured, and enter interface configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-31 OL-8915-03...
Page 216: Configuring Ieee 802.1X Accounting
(Optional) Enables system accounting (using the list of all RADIUS start-stop group radius servers) and generates system accounting reload event messages when the switch reloads. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-32 OL-8915-03...
Page 217: Configuring A Guest Vlan
(Optional) Save your entries in the configuration file. To disable and remove the guest VLAN, use the no dot1x guest-vlan interface configuration command. The port returns to the unauthorized state. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-33 OL-8915-03...
Page 218: Configuring A Restricted Vlan
The port returns to the unauthorized state. This example shows how to enable VLAN 2 as an IEEE 802.1x restricted VLAN: Switch(config)# interface gigabitethernet0/2 Switch(config-if)# dot1x auth-fail vlan 2 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-34 OL-8915-03...
Page 219: Configuring The Inaccessible Authentication Bypass Feature
Beginning in privileged EXEC mode, follow these steps to configure the port as a critical port and enable the inaccessible authentication bypass feature. This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-35 OL-8915-03...
Page 220 {0 string | 7 string | string} global configuration command. You can also configure the authentication and encryption key by Note using the radius-server key {0 string | 7 string | string} global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-36 OL-8915-03...
Page 221 Switch(config)# dot1x critical recovery delay 2000 Switch(config)# interface gigabitethernet0/1 Switch(config)# radius-server deadtime 60 Switch(config-if)# dot1x critical Switch(config-if)# dot1x critical recovery action reinitialize Switch(config-if)# dot1x critical vlan 20 Switch(config-if)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-37 OL-8915-03...
Page 222: Configuring Ieee 802.1X Authentication With Wol
For the supported port types, see the “IEEE 802.1x Authentication Configuration Guidelines” section on page 8-21. Step 3 dot1x port-control auto Enable IEEE 802.1x authentication on the port. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-38 OL-8915-03...
Page 223: Configuring Nac Layer 2 Ieee 802.1X Validation
Switch(config-if)# dot1x mac-auth-bypass Configuring NAC Layer 2 IEEE 802.1x Validation In Cisco IOS Release 12.244)SE or later, you can configure NAC Layer 2 IEEE 802.1x validation, which is also referred to as IEEE 802.1x authentication with a RADIUS server. Beginning in privileged EXEC mode, follow these steps to configure NAC Layer 2 IEEE 802.1x validation.
Page 224: Configuring Web Authentication
Switch(config)# aaa authentication login line-console none Switch(config)# line console 0 Switch(config-line)# login authentication line-console Switch(config-line)# end Step 4 aaa authorization auth-proxy default Use RADIUS for authentication-proxy (auth-proxy) authorization. group radius Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-40 OL-8915-03...
Page 225 Step 7 Return to privileged EXEC mode. Step 8 show running-config interface Verify your configuration. interface-id Step 9 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-41 OL-8915-03...
Page 226 Switch(config-fallback-profile)# ip access-group default-policy in Switch(config-fallback-profile)# ip admission rule1 Switch(config-fallback-profile)# exit Switch(config)# interface gigabit0/1 Switch(config-if)# switchport mode access Switch(config-if)# dot1x port-control auto Switch(config-if)# dot1x fallback fallback1 Switch(config-if)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-42 OL-8915-03...
Page 227: Disabling Ieee 802.1X Authentication On The Port
Step 4 Return to privileged EXEC mode. Step 5 show dot1x interface interface-id Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-43 OL-8915-03...
Page 228: Displaying Ieee 802.1X Statistics And Status
EXEC command. For detailed information about the fields in these displays, see the command reference for this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-44 OL-8915-03...
Page 229: Understanding Interface Types
Monitoring and Maintaining the Interfaces, page 9-22 For complete syntax and usage information for the commands used in this chapter, see the switch Note command reference for this release and the online Cisco IOS Interface Command Reference, Release 12.2. Understanding Interface Types This section describes the different types of interfaces supported by the switch with references to chapters that contain more detailed information about configuring these interface types.
Page 230: C H A P T E R 9 Configuring Interface Characteristics
For detailed information about configuring access port and trunk port characteristics, see Chapter 11, “Configuring VLANs.” For more information about tunnel ports, see Chapter 15, “Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling.” Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 231: Internal Gigabit Ethernet Ports
Catalyst 6500 series switch; the Cisco Catalyst Blade Switch 3020 for HP cannot be a VMPS server. You can also configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and another VLAN for data traffic from a device attached to the phone. For more information about voice VLAN ports, see Chapter 13, “Configuring Voice VLAN.”...
Page 232: Tunnel Ports
9-19 for information about what happens when hardware resource limitations are reached. For more information about IP unicast routing and routing protocols, see Chapter 34, “Configuring IP Unicast Routing.” Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 233: Switch Virtual Interfaces
Most protocols operate over either single ports or aggregated switch ports and do not recognize the physical ports within the port group. Exceptions are the DTP, the Cisco Discovery Protocol (CDP), and the Port Aggregation Protocol (PAgP), which operate only on physical ports.
Page 234: Dual-Purpose Uplink Ports
Dual-Purpose Uplink Ports The Cisco Catalyst Blade Switch 3020 for HP supports dual-purpose uplink ports on six of the eight uplink ports. Four of the uplink ports, 17 to 20, are considered as a single interface with dual front ends (an RJ-45 connector and an SFP module connector).
Page 235: Management-Only Interface
To configure a physical interface (port), specify the interface type, module number, and switch port number, and enter interface configuration mode. Type—Gigabit Ethernet (gigabitethernet or gi) for 10/100/1000 Mb/s Ethernet port or small • form-factor pluggable (SFP) module Gigabit Ethernet interfaces. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 236: Procedures For Configuring Interfaces
Chapter 9 Configuring Interface Characteristics Using Interface Configuration Mode Module number—The module or slot number on the switch (always 0 on the Cisco Catalyst Blade • Switch 3020for HP). Port number— the interface number on the switch. The port numbers always begin at 1, starting with •...
Page 237: Configuring A Range Of Interfaces
You must add a space between the first interface number and the hyphen when using the • interface range command. For example, the command interface range gigabitethernet0/1 - 4 is a valid range; the command interface range gigabitethernet0/1-4 is not a valid range. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 238: Configuring And Using Interface Range Macros
Show the defined interface range macro configuration. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no define interface-range macro_name global configuration command to delete a macro. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-10 OL-8915-03...
Page 239 This example shows how to delete the interface-range macro enet_list and to verify that it was deleted. Switch# configure terminal Switch(config)# no define interface-range enet_list Switch(config)# end Switch# show run | include define Switch# Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-11 OL-8915-03...
Page 240: Configuring Ethernet Interfaces
Flow control is set to receive: off. It is always off for sent packets. EtherChannel (PAgP) Disabled on all Ethernet ports. See Chapter 33, “Configuring EtherChannels and Layer 2 Trunk Failover.” Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-12 OL-8915-03...
Page 241: Setting The Type Of A Dual-Purpose Uplink Port
Disabled on SFP module ports; enabled on all other ports. Setting the Type of a Dual-Purpose Uplink Port The Cisco Catalyst Blade Switch 3020 for HP supports dual-purpose uplink ports. For more information, see the “Dual-Purpose Uplink Ports” section on page 9-6.
Page 242 SFP module interface. In all other situations, the switch selects the active link based on which type first links up. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-14...
Page 243: Configuring Interface Speed And Duplex Mode
You cannot configure duplex mode on SFP module ports; they operate in full-duplex mode except • in these situations: You can configure Cisco 1000BASE-T SFP modules for auto, full, or half-duplex mode. – Cisco 1000BASE-SX SFP modules can operate only in full-duplex mode.
Page 244: Setting The Interface Speed And Duplex Parameters
SFP module mode. For interfaces gi0/23 and gi0/24, speed and duplex do not apply when configured for media-type internal. For more information, see the “Internal Gigabit Ethernet Ports” section on page 9-3. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-16 OL-8915-03...
Page 245: Configuring Ieee 802.3X Flow Control
Note Cisco Catalyst Blade Switch 3020 for HP ports can receive, but not send, pause frames. You use the flowcontrol interface configuration command to set the interface’s ability to receive pause frames to on, off, or desired.
Page 246: Configuring Auto-Mdix On An Interface
To disable auto-MDIX, use the no mdix auto interface configuration command. This example shows how to enable auto-MDIX on a port: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# speed auto Switch(config-if)# duplex auto Switch(config-if)# mdix auto Switch(config-if)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-18 OL-8915-03...
Page 247: Adding A Description For An Interface
Routed ports: Routed ports are physical ports configured to be in Layer 3 mode by using the no • switchport interface configuration command. Layer 3 EtherChannel ports: EtherChannel interfaces made up of routed ports. • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-19 OL-8915-03...
Page 248 Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. To remove an IP address from an interface, use the no ip address interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-20 OL-8915-03...
Page 249: Configuring The System Mtu
If Layer 2 Gigabit Ethernet interfaces are configured to accept frames greater than the 10/100 interfaces, Note jumbo frames received on a Layer 2 Gigabit Ethernet interface and sent on a Layer 2 10/100 interface are dropped. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-21 OL-8915-03...
Page 250: Monitoring And Maintaining The Interfaces
These sections contain interface monitoring and maintenance information: Monitoring Interface Status, page 9-23 • Clearing and Resetting Interfaces and Counters, page 9-23 • Shutting Down and Restarting the Interface, page 9-24 • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-22 OL-8915-03...
Page 251: Monitoring Interface Status
(You can display the full list of show commands by using the show ? command at the privileged EXEC prompt.) These commands are fully described in the Cisco IOS Interface Command Reference, Release 12.2. Table 9-3...
Page 252: Shutting Down And Restarting The Interface
Use the no shutdown interface configuration command to restart the interface. To verify that an interface is disabled, enter the show interfaces privileged EXEC command. A disabled interface is shown as administratively down in the display. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-24 OL-8915-03...
Page 253: Chapter 10 Configuring Smartports Macros
When the macro is applied to an interface, the existing interface configurations are not lost. The new commands are added to the interface and are saved in the running configuration file. There are Cisco-default Smartports macros embedded in the switch software (see Table 10-1).
Page 254: Configuring Smartports Macros
Use this interface configuration macro when connecting a desktop device such as a PC with a Cisco IP Phone to a switch port. This macro is an extension of the cisco-desktop macro and provides the same security and resiliency features, but with the addition of dedicated voice VLANs to ensure proper treatment of delay-sensitive voice traffic.
Page 255: Smartports Macro Configuration Guidelines
• to the switch or interface. You can display the applied commands and macro names by using the show running-config user EXEC command. There are Cisco-default Smartports macros embedded in the switch software (see Table 10-1). You can display these macros and the commands they contain by using the show parser macro user EXEC command.
Page 256: Creating Smartports Macros
Cisco-default macro with the required values by using the parameter value keywords. The Cisco-default macros use the $ character to help identify required keywords. There is no restriction on using the $ character to define keywords when you create a macro.
Page 257: Applying Smartports Macros
You can delete a global macro-applied configuration on a switch only by entering the no version of each command that is in the macro. You can delete a macro-applied configuration on an interface by entering the default interface interface-id interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 10-5 OL-8915-03...
Page 258: Applying Cisco-Default Smartports Macros
Enter global configuration mode. Step 4 macro global {apply | trace} Append the Cisco-default macro with the required values by using the macro-name [parameter {value}] parameter value keywords and apply the macro to the switch. [parameter {value}] [parameter...
Page 259 You can delete a macro-applied configuration on an interface by entering the default interface interface-id interface configuration command. This example shows how to display the cisco-desktop macro, how to apply the macro, and to set the access VLAN ID to 25 on an interface:...
Page 260: Displaying Smartports Macros
Displays a specific macro. show parser macro brief Displays the configured macro names. show parser macro description [interface Displays the macro description for all interfaces or for a specified interface-id] interface. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 10-8 OL-8915-03...
Page 261: Chapter 11 Configuring Vlans
Before you create VLANs, you must decide whether to use VLAN Trunking Protocol (VTP) to maintain Note global VLAN configuration for your network. For more information on VTP, see Chapter 12, “Configuring VTP.” Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-1 OL-8915-03...
Page 262: Supported Vlans
VTP only learns normal-range VLANs, with VLAN IDs 1 to 1005; VLAN IDs greater than 1005 are extended-range VLANs and are not stored in the VLAN database. The switch must be in VTP transparent mode when you create VLAN IDs from 1006 to 4094. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-2 OL-8915-03...
Page 263: Vlan Port Membership Modes
For configuration information, see the “Configuring Dynamic-Access Ports on VMPS Clients” section on page 11-30. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-3 OL-8915-03...
Page 264: Configuring Normal-Range Vlans
VLAN Membership Characteristics VTP Characteristics Voice VLAN A voice VLAN port is an access port attached to a Cisco VTP is not required; it has no affect on a IP Phone, configured to use one VLAN for voice traffic voice VLAN.
Page 265 Default Ethernet VLAN Configuration, page 11-8 • Creating or Modifying an Ethernet VLAN, page 11-9 • Deleting a VLAN, page 11-10 • Assigning Static-Access Ports to a VLAN, page 11-11 • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-5 OL-8915-03...
Page 266: Token Ring Vlans
IEEE 802.1s Multiple STP (MSTP) on your switch to map multiple VLANs to a single spanning-tree instance. For more information about MSTP, see Chapter 17, “Configuring MSTP.” Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-6 OL-8915-03...
Page 267: Vlan Configuration Mode Options
VTP mode is transparent, they are also saved in the switch running configuration file. You can enter the copy running-config startup-config privileged EXEC command to save the configuration in the startup configuration file. To display the VLAN configuration, enter the show vlan privileged EXEC command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-7 OL-8915-03...
Page 268: Default Ethernet Vlan Configuration
0 to 1005 Translational bridge 2 0 to 1005 VLAN state active active, suspend Remote SPAN disabled enabled, disabled Private VLANs none configured 2 to 1001, 1006 to 4094. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-8 OL-8915-03...
Page 269: Creating Or Modifying An Ethernet Vlan
This example shows how to use config-vlan mode to create Ethernet VLAN 20, name it test20, and add it to the VLAN database: Switch# configure terminal Switch(config)# vlan 20 Switch(config-vlan)# name test20 Switch(config-vlan)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-9 OL-8915-03...
Page 270: Deleting A Vlan
VTP transparent mode, the VLAN is deleted only on that specific switch. You cannot delete the default VLANs for the different media types: Ethernet VLAN 1 and FDDI or Token Ring VLANs 1002 to 1005. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-10 OL-8915-03...
Page 271: Assigning Static-Access Ports To A Vlan
Verify your entries in the Administrative Mode and the Access Mode VLAN fields of the display. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-11 OL-8915-03...
Page 272: Configuring Extended-Range Vlans
Ethernet VLANs. You can change only the MTU size, private VLAN, and the remote SPAN configuration state on extended-range VLANs; all other characteristics must remain at the default state. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-12 OL-8915-03...
Page 273: Extended-Range Vlan Configuration Guidelines
MTU size, private VLAN, and RSPAN configuration are the only parameters you can change. See the description of the vlan global configuration command in the command reference for the default Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-13...
Page 274 This example shows how to create a new extended-range VLAN with all default characteristics, enter config-vlan mode, and save the new VLAN in the switch startup configuration file: Switch(config)# vtp mode transparent Switch(config)# vlan 2000 Switch(config-vlan)# end Switch# copy running-config startup config Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-14 OL-8915-03...
Page 275: Creating An Extended-Range Vlan With An Internal Vlan Id
Otherwise, if the switch resets, it will default to VTP server mode, and the extended-range VLAN IDs will not be saved. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-15 OL-8915-03...
Page 276: Displaying Vlans
Two trunking encapsulations are available on all Ethernet interfaces: Inter-Switch Link (ISL)—Cisco-proprietary trunking encapsulation. • IEEE 802.1Q— industry-standard trunking encapsulation. • Figure 11-2 shows a network of blade switches that are connected by ISL trunks. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-16 OL-8915-03...
Page 277: Table
You can also specify on DTP interfaces whether the trunk uses ISL or IEEE 802.1Q encapsulation or if the encapsulation type is autonegotiated. The DTP supports autonegotiation of both ISL and IEEE 802.1Q trunks. DTP is not supported on private-VLAN ports or tunnel ports. Note Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-17 OL-8915-03...
Page 278: Encapsulation Types
The trunking mode, the trunk encapsulation type, and the hardware capabilities of the two connected interfaces decide whether a link becomes an ISL or IEEE 802.1Q trunk. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-18 OL-8915-03...
Page 279: Ieee 802.1Q Configuration Considerations
VLAN allowed on the trunks. Non-Cisco devices might support one spanning-tree instance for all VLANs. When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco switch combines the spanning-tree instance of the VLAN of the trunk with the spanning-tree instance of the non-Cisco IEEE 802.1Q switch.
Page 280: Interaction With Other Features
IEEE 802.1x on a dynamic port, an error message appears, and IEEE 802.1x is not enabled. If you try to change the mode of an IEEE 802.1x-enabled port to dynamic, the port mode is not changed. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-20...
Page 281: Configuring A Trunk Port
IEEE 802.1Q trunking. Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface gigabitethernet0/2 Switch(config-if)# switchport mode dynamic desirable Switch(config-if)# switchport trunk encapsulation dot1q Switch(config-if)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-21 OL-8915-03...
Page 282: Defining The Allowed Vlans On A Trunk
VLANs from the allowed list. VLAN 1 is the default VLAN on all trunk ports in all Cisco switches, and it has previously been a Note requirement that VLAN 1 always be enabled on every trunk link. You can use the VLAN 1 minimization feature to disable VLAN 1 on any individual VLAN trunk link so that no user traffic (including spanning-tree advertisements) is sent or received on VLAN 1.
Page 283: Changing The Pruning-Eligible List
VLAN configured for the port. The native VLAN is VLAN 1 by default. The native VLAN can be assigned any VLAN ID. Note Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-23 OL-8915-03...
Page 284: Configuring Trunk Ports For Load Sharing
VLAN is forwarding traffic for that VLAN. The trunk port with the lower priority (higher values) for the same VLAN remains in a blocking state for that VLAN. One trunk port sends or receives all traffic for the VLAN. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-24 OL-8915-03...
Page 285 Step 10 switchport mode trunk Configure the port as a trunk port. Step 11 Return to privileged EXEC mode. Step 12 show interfaces gigabitethernet0/1 Verify the VLAN configuration. switchport Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-25 OL-8915-03...
Page 286: Load Sharing Using Stp Path Cost
– 4 (path cost 30) VLANs 8 – 10 (path cost 30) VLANs 8 – 10 (path cost 19) VLANs 2 – 4 (path cost 19) Switch B Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-26 OL-8915-03...
Page 287: Configuring Vmps
These sections contain this information: “Understanding VMPS” section on page 11-28 • “Default VMPS Client Configuration” section on page 11-29 • “VMPS Configuration Guidelines” section on page 11-29 • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-27 OL-8915-03...
Page 288: Understanding Vmps
VLAN number for the client. If there is no match, the VMPS either denies the request or shuts down the port (depending on the VMPS secure mode setting). Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-28 OL-8915-03...
Page 289: Default Vmps Client Configuration
Private VLAN ports cannot be dynamic-access ports. • Dynamic-access ports cannot be members of an EtherChannel group. • Port channels cannot be configured as dynamic-access ports. • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-29 OL-8915-03...
Page 290: Configuring The Vmps Client
Specify the switch port that is connected to the end station, and enter interface configuration mode. Step 3 switchport mode access Set the port to access mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-30 OL-8915-03...
Page 291: Reconfirming Vlan Memberships
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no vmps reconfirm global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-31 OL-8915-03...
Page 292: Changing The Retry Count
VQP Client Status: -------------------- VMPS VQP Version: Reconfirm Interval: 60 min Server Retry Count: 3 VMPS domain server: 172.20.128.86 (primary, current) 172.20.128.87 Reconfirmation status --------------------- VMPS Action: other Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-32 OL-8915-03...
Page 293: Troubleshooting Dynamic-Access Port Vlan Membership
End stations are connected to the clients, Switch B and Switch I. • The database configuration file is stored on the TFTP server with the IP address 172.20.22.7. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-33 OL-8915-03...
Page 294 Switch F 172.20.26.156 Switch G 172.20.26.157 Switch H Client switch I Dynamic-access port 172.20.26.158 station 2 Trunk port 172.20.26.159 Catalyst 6500 series Secondary VMPS Switch J Server 3 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-34 OL-8915-03...
Page 295: Configuring Vtp
VTP only learns about normal-range VLANs (VLAN IDs 1 to 1005). Extended-range VLANs (VLAN IDs greater than 1005) are not supported by VTP or stored in the VTP VLAN database. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-1...
Page 296: Chapter 12 Configuring Vtp
For domain name and password configuration guidelines, see the “VTP Configuration Guidelines” section on page 12-8. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-2 OL-8915-03...
Page 297: Vtp Modes
“Configuring VLAN Trunks” section on page 11-16. VTP advertisements distribute this global domain information: • VTP domain name • VTP configuration revision number Update identity and update timestamp • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-3 OL-8915-03...
Page 298: Vtp Version 2
VLANs 2 through 1001 are pruning eligible switch trunk ports. If the VLANs are configured as pruning-ineligible, the flooding continues. VTP pruning is supported with VTP Version 1 and Version 2. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-4...
Page 299 Enabling VTP pruning on a VTP server enables pruning for the entire management domain. Making VLANs pruning-eligible or pruning-ineligible affects pruning eligibility for those VLANs on that trunk only (not on all switches in the VTP domain). Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-5 OL-8915-03...
Page 300: Default Vtp Configuration
Table 12-2 Default VTP Configuration Feature Default Setting VTP domain name Null. VTP mode Server. VTP version Version 1 (Version 2 is disabled). VTP password None. VTP pruning Disabled. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-6 OL-8915-03...
Page 301: Vtp Configuration Options
If VTP mode is transparent, the domain name and the mode (transparent) are saved in the switch running configuration, and you can save this information in the switch startup configuration file by entering the copy running-config startup-config privileged EXEC command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-7 OL-8915-03...
Page 302: Vtp Configuration Guidelines
A VTP Version 2-capable switch can operate in the same VTP domain as a switch running VTP • Version 1 if Version 2 is disabled on the Version 2-capable switch (Version 2 is disabled by default). Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-8 OL-8915-03...
Page 303: Configuration Requirements
Step 5 Return to privileged EXEC mode. Step 6 show vtp status Verify your entries in the VTP Operating Mode and the VTP Domain Name fields of the display. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-9 OL-8915-03...
Page 304 When you configure a domain name, it cannot be removed; you can only reassign a switch to a different domain. To return the switch to a no-password state, use the no vtp password VLAN database configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-10 OL-8915-03...
Page 305: Configuring A Vtp Client
Step 5 Return to privileged EXEC mode. Step 6 show vtp status Verify your entries in the VTP Operating Mode and the VTP Domain Name fields of the display. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-11 OL-8915-03...
Page 306: Disabling Vtp (Vtp Transparent Mode)
If extended-range VLANs are configured on the switch, you cannot change the VTP mode to server. You Note receive an error message, and the configuration is not allowed. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-12 OL-8915-03...
Page 307: Enabling Vtp Version 2
VLAN database configuration mode and by entering the vtp v2-mode VLAN database configuration command. To disable VTP Version 2, use the no vtp v2-mode VLAN database configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-13 OL-8915-03...
Page 308: Enabling Vtp Pruning
If you add a switch that has a revision number higher than the revision number in the VTP domain, it can erase all VLAN information from the VTP server and VTP domain. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-14...
Page 309 You can use the vtp mode transparent global configuration command or the vtp transparent VLAN Note database configuration command to disable VTP on the switch, and then change its VLAN information without affecting the other switches in the VTP domain. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-15 OL-8915-03...
Page 310: Monitoring Vtp
VTP Monitoring Commands Command Purpose show vtp status Display the VTP switch configuration information. show vtp counters Display counters about VTP messages that have been sent and received. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-16 OL-8915-03...
Page 311: Chapter 13 Configuring Voice Vlan
The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. When the switch is connected to a Cisco 7960 IP Phone, the phone sends voice traffic with Layer 3 IP precedence and Layer 2 class of service (CoS) values, which are both set to 5 by default. Because the sound quality of an IP phone call can deteriorate if the data is unevenly sent, the switch supports quality of service (QoS) based on IEEE 802.1p CoS.
Page 312: Cisco Ip Phone Voice Traffic
Cisco IP Phone Voice Traffic You can configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and another VLAN for data traffic from a device attached to the phone. You can configure access ports on...
Page 313: Configuring Voice Vlan
VLAN, the Port Fast feature is not automatically disabled. • If the Cisco IP Phone and a device attached to the phone are in the same VLAN, they must be in the same IP subnet. These conditions indicate that they are in the same VLAN:...
Page 314: Configuring A Port Connected To A Cisco 7960 Ip Phone
Because a Cisco 7960 IP Phone also supports a connection to a PC or other device, a port connecting the switch to a Cisco IP Phone can carry mixed traffic. You can configure a port to decide how the Cisco IP Phone carries voice traffic and data traffic.
Page 315 Configuring Cisco IP Phone Voice Traffic You can configure a port connected to the Cisco IP Phone to send CDP packets to the phone to configure the way in which the phone sends voice traffic. The phone can carry voice traffic in IEEE 802.1Q frames for a specified voice VLAN with a Layer 2 CoS value.
Page 316 Configuring the Priority of Incoming Data Frames You can connect a PC or other data device to a Cisco IP Phone port. To process tagged data traffic (in IEEE 802.1Q or IEEE 802.1p frames), you can configure the switch to send CDP packets to instruct the phone how to send data packets from the device attached to the access port on the Cisco IP Phone.
Page 317: Displaying Voice Vlan
(Optional) Save your entries in the configuration file. startup-config This example shows how to configure a port connected to a Cisco IP Phone to not change the priority of frames received from the PC or the attached device: Switch# configure terminal Enter configuration commands, one per line.
Page 318 Chapter 13 Configuring Voice VLAN Displaying Voice VLAN Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 13-8 OL-8915-03...
Page 319: Chapter 14 Configuring Private Vlans
C H A P T E R Configuring Private VLANs This chapter describes how to configure private VLANs on the Cisco Blade Switch. For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release.
Page 320 These interfaces are isolated at Layer 2 from all other interfaces in other communities and from isolated ports within their private VLAN. Note Trunk ports carry traffic from regular VLANs and also from primary, isolated, and community VLANs. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-2 OL-8915-03...
Page 321: Ip Addressing Scheme With Private Vlans
VLANs, but in the same primary VLAN. When new devices are added, the DHCP server assigns them the next available address from a large pool of subnet addresses. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-3 OL-8915-03...
Page 322: Private Vlans Across Multiple Switches
• Private VLANs and SVIs, page 14-5 • You should also see the “Secondary and Primary VLAN Configuration” section on page 14-6 under the “Private-VLAN Configuration Guidelines” section. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-4 OL-8915-03...
Page 323: Private Vlans And Unicast, Broadcast, And Multicast Traffic
• Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port, page 14-12 • Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface, page 14-13 • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-5 OL-8915-03...
Page 324: Tasks For Configuring Private Vlans
You must use VLAN configuration (config-vlan) mode to configure private VLANs. You cannot configure private VLANs in VLAN database configuration mode. For more information about VLAN configuration, see “VLAN Configuration Mode Options” section on page 11-7. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-6 OL-8915-03...
Page 325 VLAN is applied. For frames going downstream from a promiscuous port to a host port, the VLAN map – configured on the primary VLAN is applied. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-7 OL-8915-03...
Page 326: Private-Vlan Port Configuration
Do not configure private-VLAN ports on interfaces configured for these other features: • dynamic-access port VLAN membership – Dynamic Trunking Protocol (DTP) – Port Aggregation Protocol (PAgP) – Link Aggregation Control Protocol (LACP) – Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-8 OL-8915-03...
Page 327: Configuring And Associating Vlans In A Private Vlan
VLAN that will be a community VLAN. The VLAN ID range is 2 to 1001 and 1006 to 4094. Step 10 private-vlan community Designate the VLAN as a community VLAN. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-9 OL-8915-03...
Page 328 Switch(config-vlan)# private-vlan isolated Switch(config-vlan)# exit Switch(config)# vlan 502 Switch(config-vlan)# private-vlan community Switch(config-vlan)# exit Switch(config)# vlan 503 Switch(config-vlan)# private-vlan community Switch(config-vlan)# exit Switch(config)# vlan 20 Switch(config-vlan)# private-vlan association 501-503 Switch(config-vlan)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-10 OL-8915-03...
Page 329: Configuring A Layer 2 Interface As A Private-Vlan Host Port
Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-11 OL-8915-03...
Page 330: Configuring A Layer 2 Interface As A Private-Vlan Promiscuous Port
Switch(config-if)# switchport private-vlan mapping 20 add 501-503 Switch(config-if)# end Use the show vlan private-vlan or the show interface status privileged EXEC command to display primary and secondary VLANs and private-VLAN ports on the switch. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-12 OL-8915-03...
Page 331: Mapping Secondary Vlans To A Primary Vlan Layer 3 Vlan Interface
Switch# configure terminal Switch(config)# interface vlan 10 Switch(config-if)# private-vlan mapping 501-502 Switch(config-if)# end Switch# show interfaces private-vlan mapping Interface Secondary VLAN Type --------- -------------- ----------------- vlan10 isolated vlan10 community Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-13 OL-8915-03...
Page 332: Monitoring Private Vlans
This is an example of the output from the show vlan private-vlan command: Switch(config)# show vlan private-vlan Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ isolated Gi0/1, Gi0/2, Gi0/3 community Gi0/1, Gi0/2, Gi0/4 non-operational Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-14 OL-8915-03...
Page 333: Chapter 15 Configuring Ieee 802.1Q And Layer 2 Protocol Tunneling
VLAN ID that is dedicated to tunneling. Each customer requires a separate service-provider VLAN ID, but that VLAN ID supports all of the customer’s VLANs. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-1...
Page 334 Remove the Layer 2 protocol configuration from a trunk port because incoming encapsulated packets Note change that trunk port to error disabled. The outgoing encapsulated VTP (CDP and STP) packets are dropped on that trunk. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-2 OL-8915-03...
Page 335 The priority field on the metro tag is set to the interface class of service (CoS) priority configured on the tunnel port. (The default is zero if none is configured.) Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-3...
Page 336: Configuring Ieee 802.1Q Tunneling
The packet carries only the VLAN 30 tag through the service-provider network to the trunk port of the egress-edge switch (Switch C) and is misdirected through the egress switch tunnel port to Customer Y. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-4 OL-8915-03...
Page 337: System Mtu
MTU size to at least 1504 bytes. The maximum allowable system MTU for Gigabit Ethernet interfaces is 9000 bytes; the maximum system MTU for Fast Ethernet interfaces is 1546 bytes. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-5 OL-8915-03...
Page 338: Ieee 802.1Q Tunneling And Other Features
When a port is configured as an IEEE 802.1Q tunnel port, spanning-tree bridge protocol data unit • (BPDU) filtering is automatically enabled on the interface. Cisco Discovery Protocol (CDP) and the Layer Link Discovery Protocol (LLDP) are automatically disabled on the interface.
Page 339: Understanding Layer 2 Protocol Tunneling
VLAN should build a proper spanning tree that includes the local site and all remote sites across the service-provider network. Cisco Discovery Protocol (CDP) must discover neighboring Cisco devices from local and remote sites. VLAN Trunking Protocol (VTP) must provide consistent VLAN configuration throughout all sites in the customer network.
Page 340 Users on each of a customer’s sites can properly run STP, and every VLAN can build a correct • spanning tree based on parameters from all sites and not just from the local site. CDP discovers and shows information about the other Cisco devices connected through the • service-provider network.
Page 341 When you enable protocol tunneling (PAgP or LACP) on the SP switch, remote customer switches receive the PDUs and can negotiate the automatic creation of EtherChannels. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-9 OL-8915-03...
Page 342: Configuring Layer 2 Protocol Tunneling
When the Layer 2 PDUs that entered the service-provider inbound edge switch through a Layer 2 protocol-enabled port exit through the trunk port into the service-provider network, the switch overwrites the customer PDU-destination MAC address with a well-known Cisco proprietary multicast address (01-00-0c-cd-cd-d0). If IEEE 802.1Q tunneling is enabled, packets are also double-tagged; the outer tag is the customer metro tag, and the inner tag is the customer’s VLAN tag.
Page 343: Default Layer 2 Protocol Tunneling Configuration
If a CoS value is configured on the interface for data packets, that value is the default used for Layer 2 PDUs. If none is configured, the default is 5. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-11 OL-8915-03...
Page 344: Layer 2 Protocol Tunneling Configuration Guidelines
PDUs higher priority within the service-provider network than data packets received from the same tunnel port. By default, the PDUs use the same CoS value as data packets. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-12 OL-8915-03...
Page 345: Configuring Layer 2 Protocol Tunneling
Display the Layer 2 tunnel ports on the switch, including the protocols configured, the thresholds, and the counters. Step 12 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-13 OL-8915-03...
Page 346: Configuring Layer 2 Tunneling For Etherchannels
This should be the edge port in the SP network that connects to the customer switch. Valid interfaces are physical interfaces. Step 3 switchport mode dot1q-tunnel Configure the interface as an IEEE 802.1Q tunnel port. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-14 OL-8915-03...
Page 347 [point-to-point [pagp | lacp | udld]] and the no l2protocol-tunnel drop-threshold [[point-to-point [pagp | lacp | udld]] commands to return the shutdown and drop thresholds to the default settings. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-15 OL-8915-03...
Page 348: Configuring The Customer Switch
Switch(config-if)# l2protocol-tunnel drop-threshold point-to-point pagp 1000 Switch(config-if)# exit Switch(config)# interface gigabitethernet0/2 Switch(config-if)# switchport access vlan 18 Switch(config-if)# switchport mode dot1q-tunnel Switch(config-if)# l2protocol-tunnel point-to-point pagp Switch(config-if)# l2protocol-tunnel point-to-point udld Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-16 OL-8915-03...
Page 349 Switch(config-if)# switchport trunk encapsulation dot1q Switch(config-if)# switchport mode trunk Switch(config-if)# udld enable Switch(config-if)# channel-group 1 mode desirable Switch(config-if)# exit Switch(config)# interface port-channel 1 Switch(config-if)# shutdown Switch(config-if)# no shutdown Switch(config-if)# exit Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-17 OL-8915-03...
Page 350: Monitoring And Maintaining Tunneling Status
Display the status of native VLAN tagging on the switch. For detailed information about these displays, see the command reference for this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-18 OL-8915-03...
Page 351: Understanding Spanning-Tree Features
This chapter describes how to configure the Spanning Tree Protocol (STP) on port-based VLANs on the switch. The switch can use either the per-VLAN spanning-tree plus (PVST+) protocol based on the IEEE 802.1D standard and Cisco proprietary extensions, or the rapid per-VLAN spanning-tree plus (rapid-PVST+) protocol based on the IEEE 802.1w standard.
Page 352: Configuring Stp
The path cost value represents the media speed. The switch sends keepalive messages (to ensure the connection is up) only on interfaces that do not have Note small form-factor pluggable (SFP) modules. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-2 OL-8915-03...
Page 353: Spanning-Tree Topology And Bpdus
LAN is called the designated port. All paths that are not needed to reach the root switch from anywhere in the switched network are placed in the spanning-tree blocking mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-3 OL-8915-03...
Page 354: Bridge Id, Switch Priority, And Extended System Id
• Disabled—The interface is not participating in spanning tree because of a shutdown port, no link on • the port, or no spanning-tree instance running on the port. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-4 OL-8915-03...
Page 355: Blocking State
BPDU is sent to each switch interface. A switch initially functions as the root until it exchanges BPDUs with other switches. This exchange establishes which switch in the network is the root or root switch. If Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-5...
Page 356: Listening State
An interface in the forwarding state performs these functions: • Receives and forwards frames received on the interface Forwards frames switched from another interface • Learns addresses • Receives BPDUs • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-6 OL-8915-03...
Page 357: Disabled State
Ethernet link. By changing the spanning-tree port priority on the Gigabit Ethernet port to a higher priority (lower numerical value) than the root port, the Gigabit Ethernet port becomes the new root port. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-7...
Page 358: Spanning Tree And Redundant Connectivity
The accelerated aging is the same as the forward-delay parameter value (spanning-tree vlan vlan-id forward-time seconds global configuration command) when the spanning tree reconfigures. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-8 OL-8915-03...
Page 359: Spanning-Tree Modes And Protocols
Spanning-Tree Modes and Protocols The switch supports these spanning-tree modes and protocols: PVST+—This spanning-tree mode is based on the IEEE 802.1D standard and Cisco proprietary • extensions. It is the default spanning-tree mode used on all Ethernet port-based VLANs. The PVST+ runs on each VLAN on the switch up to the maximum supported, ensuring that each has a loop-free path through the network.
Page 360: Spanning-Tree Interoperability And Backward Compatibility
VLAN allowed on the trunks. When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco switch uses PVST+ to provide spanning-tree interoperability. If rapid PVST+ is enabled, the switch uses it instead of PVST+.
Page 361: Default Spanning-Tree Configuration
1000 Mb/s: 4. 100 Mb/s: 19. 10 Mb/s: 100. Spanning-tree timers Hello time: 2 seconds. Forward-delay time: 15 seconds. Maximum-aging time: 20 seconds. Transmit hold count: 6 BPDUs Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-11 OL-8915-03...
Page 362: Spanning-Tree Configuration Guidelines
Configuration Guidelines” section on page 18-10. Loop guard works only on point-to-point links. We recommend that each end of the link has a directly Caution connected device that is running STP. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-12 OL-8915-03...
Page 363: Changing The Spanning-Tree Mode
To return to the default setting, use the no spanning-tree mode global configuration command. To return the port to its default setting, use the no spanning-tree link-type interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-13...
Page 364: Disabling Spanning Tree
ID support will become the root switch. The extended system ID increases the switch priority value every time the VLAN number is greater than the priority of the connected switches running older software. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-14 OL-8915-03...
Page 365 Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id root global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-15 OL-8915-03...
Page 366: Configuring A Secondary Root Switch
(higher numerical values) that you want selected last. If all interfaces have the same priority value, spanning tree puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-16 OL-8915-03...
Page 367 For information on how to configure load sharing on trunk ports by using spanning-tree port priorities, see the “Configuring Trunk Ports for Load Sharing” section on page 11-24. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-17 OL-8915-03...
Page 368: Configuring Path Cost
The show spanning-tree interface interface-id privileged EXEC command displays information only Note for ports that are in a link-up operative state. Otherwise, you can use the show running-config privileged EXEC command to confirm the configuration. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-18 OL-8915-03...
Page 369: Configuring The Switch Priority Of A Vlan
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id priority global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-19 OL-8915-03...
Page 370: Configuring Spanning-Tree Timers
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id hello-time global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-20 OL-8915-03...
Page 371: Configuring The Forwarding-Delay Time For A Vlan
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id max-age global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-21 OL-8915-03...
Page 372: Configuring The Transmit Hold-Count
You can clear spanning-tree counters by using the clear spanning-tree [interface interface-id] privileged EXEC command. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-22 OL-8915-03...
Page 373: Chapter 17 Configuring Mstp
C H A P T E R Configuring MSTP This chapter describes how to configure the Cisco implementation of the IEEE 802.1s Multiple STP (MSTP) on the switch. The multiple spanning-tree (MST) implementation in Cisco IOS Release 12.2(37)SE is based on the Note IEEE 802.1s standard.
Page 374: Understanding Mstp
65 spanning-tree instances. Instances can be identified by any number in the range from 0 to 4094. You can assign a VLAN to only one spanning-tree instance at a time. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-2 OL-8915-03...
Page 375: Ist, Cist, And Cst
IST information, they leave their old subregions and join the new subregion that contains the true CIST regional root. Thus all subregions shrink, except for the one that contains the true CIST regional root. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-3 OL-8915-03...
Page 376: Operations Between Mst Regions
Only the CST instance sends and receives BPDUs, and MST instances add their spanning-tree information into the BPDUs to interact with neighboring switches and compute the final spanning-tree topology. Because of this, the spanning-tree parameters related to BPDU transmission (for example, Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-4 OL-8915-03...
Page 377: Ieee 802.1S Terminology
IEEE 802.1D switches. MSTP switches use MSTP BPDUs to communicate with MSTP switches. IEEE 802.1s Terminology Some MST naming conventions used in Cisco’s prestandard implementation have been changed to identify some internal or regional parameters. These parameters are significant only within an MST region, as opposed to external parameters that are relevant to the whole network.
Page 378: Boundary Ports
The primary change from the Cisco prestandard implementation is that a designated port is not defined as boundary, unless it is running in an STP-compatible mode.
Page 379: Port Role Naming Change
The boundary role is no longer in the final MST standard, but this boundary concept is maintained in Cisco’s implementation. However, an MST instance port at a boundary of the region might not follow the state of the corresponding CIST port. Two cases exist now: The boundary port is the root port of the CIST regional root—When the CIST instance port is...
Page 380: Detecting Unidirectional Link Failure
Detecting Unidirectional Link Failure This feature is not yet present in the IEEE MST standard, but it is included in this Cisco IOS release. The software checks the consistency of the port role and state in the received BPDUs to detect unidirectional link failures that could cause bridging loops.
Page 381: Port Roles And The Active Topology
Forwarding Disabled Disabled Discarding To be consistent with Cisco STP implementations, this guide defines the port state as blocking instead of discarding. Designated ports start in the listening state. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-9...
Page 382: Rapid Convergence
You can override the default setting that is controlled by the duplex setting by using the spanning-tree link-type interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-10 OL-8915-03...
Page 383: Synchronization Of Port Roles
RSTP forces it to synchronize with new root information. In general, when the RSTP forces a port to synchronize with root information and the port does not satisfy any of the above conditions, its port state is set to blocking. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-11 OL-8915-03...
Page 384: Bridge Protocol Data Unit Format And Processing
RSTP flag fields. Table 17-3 RSTP BPDU Flags Function Topology change (TC) Proposal 2–3: Port role: Unknown Alternate port Root port Designated port Learning Forwarding Agreement Topology change acknowledgement (TCA) Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-12 OL-8915-03...
Page 385: Processing Superior Bpdu Information
IEEE 802.1D switch and a configuration BPDU with the TCA bit set is received, the TC-while timer is reset. This behavior is only required to support IEEE 802.1D switches. The RSTP BPDUs never have the TCA bit set. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-13 OL-8915-03...
Page 386: Configuring Mstp Features
MSTP configuration. Table 17-4 Default MSTP Configuration Feature Default Setting Spanning-tree mode PVST+ (Rapid PVST+ and MSTP are disabled). Switch priority (configurable on a per-CIST port basis) 32768. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-14 OL-8915-03...
Page 387: Mstp Configuration Guidelines
MST cloud than a path through the PVST+ or rapid-PVST+ cloud. You might have to manually configure the switches in the clouds. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-15...
Page 388: Specifying The Mst Region Configuration And Enabling Mstp
You cannot run both MSTP and PVST+ or both MSTP and rapid PVST+ at the same time. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-16 OL-8915-03...
Page 389: Configuring The Root Switch
ID support will become the root switch. The extended system ID increases the switch priority value every time the VLAN number is greater than the priority of the connected switches running older software. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-17 OL-8915-03...
Page 390: Configuring A Secondary Root Switch
This is assuming that the other network switches use the default switch priority of 32768 and therefore are unlikely to become the root switch. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-18...
Page 391: Configuring Port Priority
(higher numerical values) that you want selected last. If all interfaces have the same priority value, the MSTP puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-19 OL-8915-03...
Page 392: Configuring Path Cost
If all interfaces have the same cost value, the MSTP puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-20 OL-8915-03...
Page 393: Configuring The Switch Priority
Exercise care when using this command. For most situations, we recommend that you use the Note spanning-tree mst instance-id root primary and the spanning-tree mst instance-id root secondary global configuration commands to modify the switch priority. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-21 OL-8915-03...
Page 394: Configuring The Hello Time
(Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst hello-time global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-22 OL-8915-03...
Page 395: Configuring The Forwarding-Delay Time
(Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst max-age global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-23 OL-8915-03...
Page 396: Configuring The Maximum-Hop Count
Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To return the port to its default setting, use the no spanning-tree link-type interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-24 OL-8915-03...
Page 397: Designating The Neighbor Type
EXEC command. To restart the protocol migration process on a specific interface, use the clear spanning-tree detected-protocols interface interface-id privileged EXEC command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-25 OL-8915-03...
Page 398: Displaying The Mst Configuration And Status
Displays MST information for the specified interface. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-26 OL-8915-03...
Page 399: Understanding Optional Spanning-Tree Features
Understanding UplinkFast, page 18-3 • Understanding BackboneFast, page 18-5 • Understanding EtherChannel Guard, page 18-7 • Understanding Root Guard, page 18-8 • Understanding Loop Guard, page 18-9 • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-1 OL-8915-03...
Page 400: Understanding Port Fast
To prevent the port from shutting down, you can use the errdisable detect cause bpduguard shutdown vlan global configuration command to shut down just the offending VLAN on the port where the violation occurred. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-2 OL-8915-03...
Page 401: Understanding Bpdu Filtering
Figure 18-2 shows a complex network where distribution switches and access switches each have at least one redundant link that spanning tree blocks to prevent loops. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-3 OL-8915-03...
Page 402 Switch B over link L1 and to Switch C over link L2. The Layer 2 interface on Switch C that is connected directly to Switch B is in a blocking state. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-4...
Page 403: Understanding Backbonefast
Under spanning-tree rules, the switch ignores inferior BPDUs for the configured maximum aging time specified by the spanning-tree vlan vlan-id max-age global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-5 OL-8915-03...
Page 404 Delay time if the default Forward Delay time of 15 seconds is set. Figure 18-6 shows how BackboneFast reconfigures the topology to account for the failure of link L1. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-6 OL-8915-03...
Page 405: Understanding Etherchannel Guard
If the switch detects a misconfiguration on the other device, EtherChannel guard places the switch interfaces in the error-disabled state, and displays an error message. You can enable this feature by using the spanning-tree etherchannel guard misconfig global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-7 OL-8915-03...
Page 406: Understanding Root Guard
Enable the root-guard feature on these interfaces to prevent switches in the customer network from becoming the root switch or being in the path to the root. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-8 OL-8915-03...
Page 407: Understanding Loop Guard
Globally disabled (unless they are individually configured per interface). UplinkFast Globally disabled. BackboneFast Globally disabled. EtherChannel guard Globally enabled. Root guard Disabled on all interfaces. Loop guard Disabled on all interfaces. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-9 OL-8915-03...
Page 408: Optional Spanning-Tree Configuration Guidelines
Return to privileged EXEC mode. Step 5 show spanning-tree interface interface-id Verify your entries. portfast Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-10 OL-8915-03...
Page 409: Enabling Bpdu Guard
Enable the Port Fast feature. Step 5 Return to privileged EXEC mode. Step 6 show running-config Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-11 OL-8915-03...
Page 410: Enabling Bpdu Filtering
To disable BPDU filtering, use the no spanning-tree portfast bpdufilter default global configuration command. You can override the setting of the no spanning-tree portfast bpdufilter default global configuration command by using the spanning-tree bpdufilter enable interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-12 OL-8915-03...
Page 411: Enabling Uplinkfast For Use With Redundant Links
If you use BackboneFast, you must enable it on all switches in the network. BackboneFast is not Note supported on Token Ring VLANs. This feature is supported for use with third-party switches. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-13 OL-8915-03...
Page 412: Enabling Etherchannel Guard
EXEC command to verify the EtherChannel configuration. After the configuration is corrected, enter the shutdown and no shutdown interface configuration commands on the port-channel interfaces that were misconfigured. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-14 OL-8915-03...
Page 413: Enabling Root Guard
Beginning in privileged EXEC mode, follow these steps to enable loop guard. This procedure is optional. Command Purpose Step 1 show spanning-tree active Verify which interfaces are alternate or root ports. show spanning-tree mst Step 2 configure terminal Enter global configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-15 OL-8915-03...
Page 414: Displaying The Spanning-Tree Status
You can clear spanning-tree counters by using the clear spanning-tree [interface interface-id] privileged EXEC command. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-16 OL-8915-03...
Page 415: Chapter 19 Configuring Flex Links And The Mac Address-Table Move Update Feature
STP on the switch. If the switch is running STP, Flex Links is not necessary because STP already provides link-level redundancy or backup. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-1 OL-8915-03...
Page 416: Vlan Flex Link Load Balancing And Support
This way, apart from providing the redundancy, this Flex Link pair can be used for load balancing. Also, Flex Link VLAN load-balancing does not impose any restrictions on uplink switches. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-2 OL-8915-03...
Page 417: Mac Address-Table Move Update
100 milliseconds (ms). The PC is directly connected to switch A, and the connection status does not change. Switch A does not need to update the PC entry in the MAC address table. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-3...
Page 418: Configuring Flex Links And Mac Address-Table Move Update
Default Configuration, page 19-5 • • Configuring Flex Links, page 19-6 • Configuring VLAN Load Balancing on Flex Links, page 19-7 Configuring the MAC Address-Table Move Update Feature, page 19-9 • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-4 OL-8915-03...
Page 419: Configuration Guidelines
The Flex Links are not configured, and there are no backup interfaces defined. The preemption mode is off. The preemption delay is 35 seconds. The MAC address-table move update feature is not configured on the switch. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-5 OL-8915-03...
Page 420: Configuring Flex Links
Configure a physical Layer 2 interface (or port channel) as part of a Flex Links pair with the interface. When one link is forwarding traffic, the other interface is in standby mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-6 OL-8915-03...
Page 421: Configuring Vlan Load Balancing On Flex Links
Specify the interface, and enter interface configuration mode. The interface can be a physical Layer 2 interface or a port channel (logical interface). The port-channel range is 1 to 48. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-7 OL-8915-03...
Page 422: Configuring Flex Links
Switch Backup Interface Pairs: Active Interface Backup Interface State ------------------------------------------------------------------------ GigabitEthernet0/6 GigabitEthernet0/8 Active Up/Backup Standby Vlans Preferred on Active Interface: 1-50 Vlans Preferred on Backup Interface: 60, 100-120 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-8 OL-8915-03...
Page 423: Configuring The Mac Address-Table Move Update Feature
Return to privileged EXEC mode. Step 7 show mac address-table move update Verify the configuration. Step 8 copy running-config startup config (Optional) Save your entries in the switch startup configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-9 OL-8915-03...
Page 424 To disable the MAC address-table move update feature, use the no mac address-table move update receive configuration command. To display the MAC address-table move update information, use the show mac address-table move update privileged EXEC command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-10 OL-8915-03...
Page 425: Monitoring Flex Links And The Mac Address-Table Move Update Information
Flex Links and the state of each active and backup interface (up or standby mode). show mac address-table move update Displays the MAC address-table move update information on the switch. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-11 OL-8915-03...
Page 426 Chapter 19 Configuring Flex Links and the MAC Address-Table Move Update Feature Monitoring Flex Links and the MAC Address-Table Move Update Information Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-12 OL-8915-03...
Page 427: Understanding Dhcp Features
For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release, and see the “DHCP Commands” section in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2 from the Cisco.com page under Documentation >...
Page 428: C H A P T E R 20 Configuring Dhcp Features And Ip Source Guard
For information about the DHCP client, see the “Configuring DHCP” section of the “IP Addressing and Services” section of the Cisco IOS IP Configuration Guide, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Configuration Guides.
Page 429: Option-82 Data Insertion
DHCP server do not reside on the same IP network or subnet, a DHCP relay agent (the Catalyst switch) is configured with a helper address to enable broadcast forwarding and to transfer DHCP messages between the clients and the server. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 20-3 OL-8915-03...
Page 430 – Length of the circuit-ID type Remote-ID suboption fields • Suboption type – Length of the suboption type – Remote-ID type – Length of the remote-ID type – Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 20-4 OL-8915-03...
Page 431 Understanding DHCP Features In the port field of the circuit ID suboption, the port numbers start at 1. For example, on a Cisco Catalyst Blade Switch 3020 for HP, which as 24 ports, port 1 is the Gigabit Ethernet 0/1 port, port 2 is the Gigabit Ethernet 0/2 port, port 3 is the Gigabit Ethernet 0/3 port, and so on.
Page 432: Cisco Ios Dhcp Server Database
An address binding is a mapping between an IP address and a MAC address of a host in the Cisco IOS DHCP server database. You can manually assign the client IP address, or the DHCP server can allocate an IP address from a DHCP address pool.
Page 433: Configuring Dhcp Features
DHCP Snooping Configuration Guidelines, page 20-8 • Configuring the DHCP Server, page 20-10 • Configuring the DHCP Relay Agent, page 20-10 • Specifying the Packet Forwarding Address, page 20-10 • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 20-7 OL-8915-03...
Page 434: Default Dhcp Configuration
These are the configuration guidelines for DHCP snooping. • You must globally enable DHCP snooping on the switch. DHCP snooping is not active until DHCP snooping is enabled on a VLAN. • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 20-8 OL-8915-03...
Page 435 • DHCP server and the DHCP relay agent are configured and enabled. When you globally enable DHCP snooping on the switch, these Cisco IOS commands are not • available until snooping is disabled. If you enter these commands, the switch returns an error message, and the configuration is not applied.
Page 436: Configuring The Dhcp Server
Configuring DHCP Features Configuring the DHCP Server The switch can act as a DHCP server. By default, the Cisco IOS DHCP server and relay agent features are enabled on your switch but are not configured. These features are not operational.
Page 437: Enabling Dhcp Snooping And Option 82
Enable the switch to insert and remove DHCP relay information (option-82 field) in forwarded DHCP request messages to the DHCP server. This is the default setting. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 20-11 OL-8915-03...
Page 438 MAC address matches the client hardware address in the packet. Step 13 Return to privileged EXEC mode. Step 14 show running-config Verify your entries. Step 15 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 20-12 OL-8915-03...
Page 439: Enabling Dhcp Snooping On Private Vlans
VLANs, on which DHCP snooping is enabled. Enabling the Cisco IOS DHCP Server Database For procedures to enable and configure the Cisco IOS DHCP server database, see the “DHCP Configuration Task List” section in the “Configuring DHCP” chapter of the Cisco IOS IP Configuration Guide, Release 12.2.
Page 440: Enabling The Dhcp Snooping Binding Database Agent
To delete binding entries from the DHCP snooping binding database, use the no ip dhcp snooping binding mac-address vlan vlan-id ip-address interface interface-id privileged EXEC command. Enter this command for each entry that you want to delete. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 20-14 OL-8915-03...
Page 441: Displaying Dhcp Snooping Information
IP source guard with source IP address filtering or with source IP and MAC address filtering. These sections contain this information: • Source IP Address Filtering, page 20-16 Source IP and MAC Address Filtering, page 20-16 • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 20-15 OL-8915-03...
Page 442: Source Ip Address Filtering
Static IP source binding can only be configured on switch port. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 20-16 OL-8915-03...
Page 443: Enabling Ip Source Guard
Add a static IP source binding. vlan-id ip-address inteface interface-id Enter this command for each static binding. Step 6 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 20-17 OL-8915-03...
Page 444: Displaying Ip Source Guard Information
Commands for Displaying IP Source Guard Information Command Purpose show ip source binding Display the IP source bindings on a switch. show ip verify source Display the IP source guard configuration on the switch. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 20-18 OL-8915-03...
Page 445: Chapter 21 Configuring Dynamic Arp Inspection
Figure 21-1 shows an example of ARP cache poisoning. Figure 21-1 ARP Cache Poisoning Host A Host B (IA, MA) (IB, MB) Host C (man-in-the-middle) (IC, MC) Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-1 OL-8915-03...
Page 446 Ethernet header. Use the ip arp inspection validate {[src-mac] [dst-mac] [ip]} global configuration command. For more information, see the “Performing Validation Checks” section on page 21-12. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-2 OL-8915-03...
Page 447: Interface Trust States And Network Security
However, to validate the bindings of packets from nondynamic ARP inspection switches, configure the switch running dynamic ARP inspection with ARP ACLs. When you cannot determine such bindings, at Layer 3, isolate switches Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-3 OL-8915-03...
Page 448: Rate Limiting Of Arp Packets
You specify the type of packets that are logged by using the ip arp inspection vlan logging global configuration command. For configuration information, see the “Configuring the Log Buffer” section on page 21-13. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-4 OL-8915-03...
Page 449: Default Dynamic Arp Inspection Configuration
The number of entries in the log is 32. The number of system messages is limited to 5 per second. The logging-rate interval is 1 second. Per-VLAN logging All denied or dropped ARP packets are logged. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-5 OL-8915-03...
Page 450: Dynamic Arp Inspection Configuration Guidelines
When you enable dynamic ARP inspection on the switch, policers that were configured to police ARP traffic are no longer effective. The result is that all ARP traffic is sent to the CPU. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-6...
Page 451: Configuring Dynamic Arp Inspection In Dhcp Environments
For more information, see the “Configuring the Log Buffer” section on page 21-13. Step 6 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-7 OL-8915-03...
Page 452: Configuring Arp Acls For Non-Dhcp Environments
By default, no ARP access lists are defined. At the end of the ARP access list, there is an Note implicit deny ip any mac any command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-8 OL-8915-03...
Page 453 Step 6 interface interface-id Specify the Switch A interface that is connected to Switch B, and enter interface configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-9 OL-8915-03...
Page 454: Limiting The Rate Of Incoming Arp Packets
If you enter the no ip arp inspection limit interface configuration command, the interface reverts to its default rate limit. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-10...
Page 455 To return to the default rate-limit configuration, use the no ip arp inspection limit interface configuration command. To disable error recovery for dynamic ARP inspection, use the no errdisable recovery cause arp-inspection global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-11 OL-8915-03...
Page 456: Performing Validation Checks
To disable checking, use the no ip arp inspection validate [src-mac] [dst-mac] [ip] global configuration command. To display statistics for forwarded, dropped, and MAC and IP validation failure packets, use the show ip arp inspection statistics privileged EXEC command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-12 OL-8915-03...
Page 457: Configuring The Log Buffer
The logs and interval settings interact. If the logs number X is greater than interval seconds Y, X divided by Y (X/Y) system messages are sent every second. Otherwise, one system message is sent every Y divided by X (Y/X) seconds. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-13 OL-8915-03...
Page 458: Displaying Dynamic Arp Inspection Information
Displays the configuration and the operating state of dynamic ARP inspection for the specified VLAN. If no VLANs are specified or if a range is specified, displays information only for VLANs with dynamic ARP inspection enabled (active). Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-14 OL-8915-03...
Page 459 Displays the configuration and contents of the dynamic ARP inspection log buffer. For more information about these commands, see the command reference for this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-15 OL-8915-03...
Page 460 Chapter 21 Configuring Dynamic ARP Inspection Displaying Dynamic ARP Inspection Information Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-16 OL-8915-03...
Page 461 For complete syntax and usage information for the commands used in this chapter, see the switch command reference for this release and the “IP Multicast Routing Commands” section in the Cisco IOS IP Command Reference, Volume 3 of 3:Multicast, Release 12.2 from the Cisco.com page under Documentation >...
Page 462: Chapter 22 Configuring Igmp Snooping And Mvr
Joining a Multicast Group, page 22-3 • Leaving a Multicast Group, page 22-5 • • Immediate Leave, page 22-6 • IGMP Configurable-Leave Timer, page 22-6 • IGMP Report Suppression, page 22-6 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-2 OL-8915-03...
Page 463: Igmp Versions
The CPU also adds the interface where the join message was received to the forwarding-table entry. The blade server associated with that interface receives multicast traffic for that multicast group. See Figure 22-1. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-3 OL-8915-03...
Page 464 CPU, the message is not flooded to other ports on the switch. Any known multicast traffic is forwarded to the group and not to the CPU. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-4...
Page 465: Leaving A Multicast Group
If the router receives no reports from a VLAN, it removes the group for the VLAN from its IGMP cache. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-5...
Page 466: Immediate Leave
If you disable IGMP report suppression, all IGMP reports are forwarded to the multicast routers. For configuration steps, see the “Disabling IGMP Report Suppression” section on page 22-16. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-6 OL-8915-03...
Page 467: Configuring Igmp Snooping
IGMP snooping Immediate Leave Disabled Static groups None configured flood query count TCN query solicitation Disabled IGMP snooping querier Disabled IGMP report suppression Enabled 1. TCN = Topology Change Notification Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-7 OL-8915-03...
Page 468: Enabling Or Disabling Igmp Snooping
Snooping on IGMP queries, Protocol Independent Multicast (PIM) packets, and Distance Vector • Multicast Routing Protocol (DVMRP) packets Listening to Cisco Group Management Protocol (CGMP) packets from other routers • Statically connecting to a multicast router port with the ip igmp snooping mrouter global •...
Page 469: Configuring A Multicast Router Port
To add a multicast router port (add a static connection to a multicast router), use the ip igmp snooping vlan mrouter global configuration command on the switch. Static connections to multicast routers are supported only on switch ports. Note Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-9 OL-8915-03...
Page 470: Configuring A Blade Server Statically To Join A Group
Step 4 show ip igmp snooping groups Verify the member port and the IP address. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-10 OL-8915-03...
Page 471: Enabling Igmp Immediate Leave
The actual leave latency in the network is usually the configured leave time. However, the leave time • might vary around the configured time, depending on real-time CPU load conditions, network delays and the amount of traffic sent through the interface. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-11 OL-8915-03...
Page 472: Configuring Tcn-Related Commands
1 general query. If you set the count to 7, the flooding until 7 general queries are received. Groups are relearned based on the general queries received during the TCN event. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-12 OL-8915-03...
Page 473: Recovering From Flood Mode
(Optional) Save your entries in the configuration file. To return to the default query solicitation, use the no ip igmp snooping tcn query solicit global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-13 OL-8915-03...
Page 474: Disabling Multicast Flooding During A Tcn Event
When it is administratively enabled, the IGMP snooping querier moves to the operationally disabled • state under these conditions: IGMP snooping is disabled in the VLAN. – PIM is enabled on the SVI of the corresponding VLAN. – Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-14 OL-8915-03...
Page 475 Switch(config)# end This example shows how to set the IGMP snooping querier feature to version 2: Switch# configure terminal Switch(config)# no ip igmp snooping querier version 2 Switch(config)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-15 OL-8915-03...
Page 476: Disabling Igmp Report Suppression
• command options instead of the actual entries. dynamic—Display entries learned through IGMP snooping. • user—Display only the user-configured multicast entries. • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-16 OL-8915-03...
Page 477: Understanding Multicast Vlan Registration
IGMP snooping, the two features operate independently of each other. One can be enabled or disabled without affecting the behavior of the other feature. However, if IGMP Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-17...
Page 478: Using Mvr In A Multicast Television Application
VLAN as a forwarding destination of the specified multicast stream when it is received from the multicast VLAN. Uplink ports that send and receive multicast data to and from the multicast VLAN are called MVR source ports. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-18 OL-8915-03...
Page 479 Multicast traffic for all channels is only sent around the VLAN trunk once—only on the multicast VLAN. The IGMP leave and join messages are in the VLAN to which the subscriber port is assigned. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-19...
Page 480: Configuring Mvr
(that is, the maximum number of television channels that can be received) is 256. MVR multicast data received in the source VLAN and leaving from receiver ports has its • time-to-live (TTL) decremented by 1 in the switch. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-20 OL-8915-03...
Page 481: Configuring Mvr Global Parameters
Catalyst 3500 XL and Catalyst 2900 XL • switches and does not support IGMP dynamic joins on source ports. The default is compatible mode. Step 7 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-21 OL-8915-03...
Page 482: Configuring Mvr Interfaces
IGMP leave and join messages. Receiver ports cannot belong to the multicast VLAN. The default configuration is as a non-MVR port. If you attempt to configure a non-MVR port with MVR characteristics, the operation fails. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-22 OL-8915-03...
Page 483 Switch(config-if)# mvr vlan 22 group 228.1.23.4 Switch(config-if)# mvr immediate Switch(config)# end Switch# show mvr interface Port Type Status Immediate Leave ---- ---- ------- --------------- Gi0/2 RECEIVER ACTIVE/DOWN ENABLED Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-23 OL-8915-03...
Page 484: Displaying Mvr Information
It does not control general IGMP queries. IGMP filtering has no relationship with the function that directs the forwarding of IP multicast traffic. The filtering feature operates in the same manner whether CGMP or MVR is used to forward the multicast traffic. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-24 OL-8915-03...
Page 485: Default Igmp Filtering And Throttling Configuration
Specifies that matching addresses are denied; this is the default. • exit: Exits from igmp-profile configuration mode. • • no: Negates a command or returns to its defaults. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-25 OL-8915-03...
Page 486 Switch(config)# ip igmp profile 4 Switch(config-igmp-profile)# permit Switch(config-igmp-profile)# range 229.9.9.0 Switch(config-igmp-profile)# end Switch# show ip igmp profile 4 IGMP Profile 4 permit range 229.9.9.0 229.9.9.0 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-26 OL-8915-03...
Page 487: Applying Igmp Profiles
Specify the interface to be configured, and enter interface configuration mode. The interface can be a Layer 2 port that does not belong to an EtherChannel group or a EtherChannel interface. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-27 OL-8915-03...
Page 488: Configuring The Igmp Throttling Action
IGMP report. To prevent the switch from removing the forwarding-table entries, you can configure the IGMP throttling action before an interface adds entries to the forwarding table. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-28 OL-8915-03...
Page 489: Displaying Igmp Filtering And Throttling Configuration
Displays the configuration of the specified interface or the configuration of all interfaces interface-id] on the switch, including (if configured) the maximum number of IGMP groups to which an interface can belong and the IGMP profile applied to the interface. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-29 OL-8915-03...
Page 490 Chapter 22 Configuring IGMP Snooping and MVR Displaying IGMP Filtering and Throttling Configuration Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-30 OL-8915-03...
Page 491: Configuring Storm Control
The switch counts the number of packets of a specified type received within the 1-second time interval and compares the measurement with a predefined suppression-level threshold. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-1 OL-8915-03...
Page 492 Traffic rate in packets per second and for small frames. This feature is enabled globally. The • threshold for small frames is configured for each interface. (Cisco IOS Release 12.2(44)SE or later) With each method, the port blocks traffic when the rising threshold is reached. The port remains blocked until the traffic rate drops below the falling threshold (if one is specified) and then resumes normal forwarding.
Page 493: C H A P T E R 23 Configuring Port-Based Traffic Control
Beginning in privileged EXEC mode, follow these steps to storm control and threshold levels: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the interface to be configured, and enter interface configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-3 OL-8915-03...
Page 494 Select the shutdown keyword to error-disable the port during • a storm. Select the trap keyword to generate an SNMP trap when a • storm is detected. Step 5 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-4 OL-8915-03...
Page 495: Configuring Small-Frame Arrival Rate
Incoming VLAN-tagged packets smaller than 67 bytes are considered small frames. They are forwarded by the switch, but they do not cause the switch storm-control counters to increment. In Cisco IOS Release 12.2(44)SE and later, you can configure a port to be error disabled if small frames arrive at a specified rate (threshold).
Page 496: Configuring Protected Ports
• These sections contain this configuration information: Default Protected Port Configuration, page 23-7 • Protected Port Configuration Guidelines, page 23-7 • Configuring a Protected Port, page 23-7 • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-6 OL-8915-03...
Page 497: Default Protected Port Configuration
To disable protected port, use the no switchport protected interface configuration command. This example shows how to configure a port as a protected port: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# switchport protected Switch(config-if)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-7 OL-8915-03...
Page 498: Configuring Port Blocking
This example shows how to block unicast and multicast flooding on a port: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# switchport block multicast Switch(config-if)# switchport block unicast Switch(config-if)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-8 OL-8915-03...
Page 499: Configuring Port Security
If these addresses are saved in the configuration file, when the switch restarts, the interface does not need to dynamically reconfigure them. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-9 OL-8915-03...
Page 500: Security Violations
This is the default mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-10 OL-8915-03...
Page 501: Default Port Security Configuration
Port security can only be configured on static access ports or trunk ports. A secure port cannot be a • dynamic access port. A secure port cannot be a destination port for Switched Port Analyzer (SPAN). • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-11 OL-8915-03...
Page 502 IP phone requires one MAC address. The Cisco IP phone address is learned on the voice VLAN, but is not learned on the access VLAN. If you connect a single PC to the Cisco IP phone, no additional MAC addresses are required. If you connect more than one PC to the Cisco IP phone, you must configure enough secure addresses to allow one for each PC and one for the phone.
Page 503: Enabling And Configuring Port Security
Note a port and if that port is not the access VLAN. If an interface is configured for voice VLAN, configure a maximum of two secure MAC addresses. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-13 OL-8915-03...
Page 504 You can manually re-enable it by entering the shutdown and no shutdown interface configuration commands or by using the clear errdisable interface vlan privileged EXEC command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-14 OL-8915-03...
Page 505 VLAN. Step 11 Return to privileged EXEC mode. Step 12 show port-security Verify your entries. Step 13 copy running-config (Optional) Save your entries in the configuration file. startup-config Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-15 OL-8915-03...
Page 506 This example shows how to configure a static secure MAC address on VLAN 3 on a port: Switch(config)# interface gigabitethernet0/11 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security mac-address 0000.02000.0004 vlan 3 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-16 OL-8915-03...
Page 507: Enabling And Configuring Port Security Aging
Beginning in privileged EXEC mode, follow these steps to configure port security aging: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the interface to be configured, and enter interface configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-17 OL-8915-03...
Page 508 Switch(config-if)# switchport port-security aging time 2 Switch(config-if)# switchport port-security aging type inactivity Switch(config-if)# switchport port-security aging static You can verify the previous commands by entering the show port-security interface interface-id privileged EXEC command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-18 OL-8915-03...
Page 509: Port Security And Private Vlans
VLANs, and similarly, secure addresses learned on promiscuous ports automatically get replicated on all associated secondary VLANs. Static addresses (using mac-address-table static command) cannot be user configured on a secure port. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-19 OL-8915-03...
Page 510: Displaying Port-Based Traffic Control Settings
Displays the number of secure MAC addresses configured per VLAN on the specified interface. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-20 OL-8915-03...
Page 511: Chapter 24 Configuring Cdp
• Understanding CDP CDP is a device discovery protocol that runs over Layer 2 (the data link layer) on all Cisco-manufactured devices (routers, bridges, access servers, and switches) and allows network management applications to discover Cisco devices that are neighbors of already known devices. With CDP, network management applications can learn the device type and the Simple Network Management Protocol (SNMP) agent address of neighboring devices running lower-layer, transparent protocols.
Page 512: Configuring Cdp
The range is 10 to 255 seconds; the default is 180 seconds. Step 4 cdp advertise-v2 (Optional) Configure CDP to send Version-2 advertisements. This is the default state. Step 5 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 24-2 OL-8915-03...
Page 513: Disabling And Enabling Cdp
Enable CDP after disabling it. Step 3 Return to privileged EXEC mode. This example shows how to enable CDP if it has been disabled. Switch# configure terminal Switch(config)# cdp run Switch(config)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 24-3 OL-8915-03...
Page 514: Disabling And Enabling Cdp On An Interface
(Optional) Save your entries in the configuration file. This example shows how to enable CDP on a port when it has been disabled. Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# cdp enable Switch(config-if)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 24-4 OL-8915-03...
Page 515: Monitoring And Maintaining Cdp
You can limit the display to neighbors of a specific interface or expand the display to provide more detailed information. show cdp traffic Display CDP counters, including the number of packets sent and received and checksum errors. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 24-5 OL-8915-03...
Page 516 Chapter 24 Configuring CDP Monitoring and Maintaining CDP Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 24-6 OL-8915-03...
Page 517: Chapter 25 Configuring Lldp And Lldp-Med
• Understanding LLDP The Cisco Discovery Protocol (CDP) is a device discovery protocol that runs over Layer 2 (the data link layer) on all Cisco-manufactured devices (routers, bridges, access servers, and switches). CDP allows network management applications to automatically discover and learn about other Cisco devices connected to the network.
Page 518: Understanding Lldp-Med
Allows an endpoint to transmit detailed inventory information about itself to the switch, including information hardware revision, firmware version, software version, serial number, manufacturer name, model name, and asset ID TLV. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 25-2 OL-8915-03...
Page 519: Configuring Lldp And Lldp-Med
2 seconds LLDP tlv-select Disabled to send and receive all TLVs LLDP interface state Disabled LLDP receive Disabled LLDP transmit Disabled LLDP med-tlv-select Disabled to send all LLDP-MED TLVs Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 25-3 OL-8915-03...
Page 520: Configuring Lldp Characteristics
Switch(config)# lldp holdtime 120 Switch(config)# lldp reinit 2 Switch(config)# lldp timer 30 Switch(config)# end For additional LLDP show commands, see the “Monitoring and Maintaining LLDP and LLDP-MED” section on page 25-7. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 25-4 OL-8915-03...
Page 521: Disabling And Enabling Lldp Globally
No LLDP packets are received on the interface. Step 5 Return to privileged EXEC mode. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 25-5 OL-8915-03...
Page 522: Configuring Lldp-Med Tlvs
Specify the TLV to disable. Step 4 Return to privileged EXEC mode. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 25-6 OL-8915-03...
Page 523: Monitoring And Maintaining Lldp And Lldp-Med
Display LLDP counters, including the number of packets sent and received, number of packets discarded, and number of unrecognized TLVs. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 25-7 OL-8915-03...
Page 524 Chapter 25 Configuring LLDP and LLDP-MED Monitoring and Maintaining LLDP and LLDP-MED Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 25-8 OL-8915-03...
Page 525: Chapter 26 Configuring Udld
A unidirectional link occurs whenever traffic sent by a local device is received by its neighbor but traffic from the neighbor is not received by the local device. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 26-1 OL-8915-03...
Page 526: Methods To Detect Unidirectional Links
UDLD sends at least one message to inform the neighbors to flush the part of their caches affected by the status change. The message is intended to keep the caches synchronized. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 26-2...
Page 527: Configuring Udld
Configuration Guidelines, page 26-4 • Enabling UDLD Globally, page 26-5 • Enabling UDLD on an Interface, page 26-5 • • Resetting an Interface Disabled by UDLD, page 26-6 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 26-3 OL-8915-03...
Page 528: Default Udld Configuration
Loop guard works only on point-to-point links. We recommend that each end of the link has a directly Caution connected device that is running STP. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 26-4 OL-8915-03...
Page 529: Enabling Udld Globally
UDLD on a port: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the port to be enabled for UDLD, and enter interface configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 26-5 OL-8915-03...
Page 530: Resetting An Interface Disabled By Udld
To display the UDLD status for the specified port or for all ports, use the show udld [interface-id] privileged EXEC command. For detailed information about the fields in the command output, see the command reference for this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 26-6 OL-8915-03...
Page 531: Chapter 27 Configuring Span And Rspan
You can use the SPAN or RSPAN destination port to inject traffic from a network security device. For example, if you connect a Cisco Intrusion Detection System (IDS) sensor appliance to a destination port, the IDS device can send TCP reset packets to close down the TCP session of a suspected attacker.
Page 532: Local Span
VLAN to a destination session monitoring the RSPAN VLAN. Each RSPAN source switch must have either ports or VLANs as RSPAN sources. The destination is always a physical port, as shown on Switch C in the figure. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-2 OL-8915-03...
Page 533: Span And Rspan Concepts And Terminology
RSPAN VLAN. To configure an RSPAN destination session on another device, you associate the destination port with the RSPAN VLAN. The destination session collects all RSPAN VLAN traffic and sends it out the RSPAN destination port. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-3 OL-8915-03...
Page 534: Monitored Traffic
SPAN; the destination port receives a copy of the packet even if the actual incoming packet is dropped. These features include IP standard and extended input access control lists (ACLs), ingress QoS policing, VLAN ACLs, and egress QoS policing. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-4 OL-8915-03...
Page 535: Source Ports
The default configuration for local SPAN session ports is to send all packets untagged. SPAN also does not normally monitor bridge protocol data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol (PAgP).
Page 536: Source Vlans
SPAN traffic coming from other port types is not affected by VLAN filtering; that is, all VLANs are • allowed on other ports. VLAN filtering affects only traffic forwarded to the destination SPAN port and does not affect the • switching of normal traffic. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-6 OL-8915-03...
Page 537: Destination Port
For RSPAN, the original VLAN ID is lost because it is overwritten by the RSPAN VLAN • identification. Therefore, all packets appear on the destination port as untagged. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-7 OL-8915-03...
Page 538: Rspan Vlan
If a physical port is added to a monitored EtherChannel group, the new port is added to the SPAN source port list. If a port is removed from a monitored EtherChannel group, it is automatically removed from the source port list. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-8 OL-8915-03...
Page 539: Configuring Span And Rspan
SPAN state (SPAN and RSPAN) Disabled. Source port traffic to monitor Both received and sent traffic (both). Encapsulation type (destination port) Native form (untagged packets). Ingress forwarding (destination port) Disabled Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-9 OL-8915-03...
Page 540: Configuring Local Span
VLAN 1. This problem does not appear with local SPAN when the encapsulation replicate option is used. This limitation does not apply to bridged packets. The workaround is to use the encapsulate replicate keywords in the monitor session global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-10 OL-8915-03...
Page 541: Creating A Local Span Session
This is the default. rx—Monitor received traffic. • tx—Monitor sent traffic. • You can use the monitor session session_number source Note command multiple times to configure multiple source ports. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-11 OL-8915-03...
Page 542 Switch(config)# no monitor session 1 source interface gigabitethernet0/1 rx The monitoring of traffic received on port 1 is disabled, but traffic sent from this port continues to be monitored. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-12 OL-8915-03...
Page 543: Creating A Local Span Session And Configuring Incoming Traffic
VLANs and the destination ports, and to enable incoming traffic on the destination port for a network security device (such as a Cisco IDS Sensor Appliance). For details about the keywords not related to incoming traffic, see the “Creating a Local SPAN Session”...
Page 544: Specifying Vlans To Filter
(Optional) Use a comma (,) to specify a series of VLANs, or use a hyphen (-) to specify a range of VLANs. Enter a space before and after the comma; enter a space before and after the hyphen. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-14 OL-8915-03...
Page 545: Configuring Rspan
As RSPAN VLANs have special properties, you should reserve a few VLANs across your network for use as RSPAN VLANs; do not assign access ports to these VLANs. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-15 OL-8915-03...
Page 546: Configuring A Vlan As An Rspan Vlan
Use VTP pruning to get an efficient flow of RSPAN traffic, or manually delete the RSPAN VLAN from all trunks that do not need to carry the RSPAN traffic. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-16...
Page 547: Creating An Rspan Source Session
For session_number, the range is 1 to 66. Specify all to remove all RSPAN sessions, local to remove all local sessions, or remote to remove all remote SPAN sessions. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-17 OL-8915-03...
Page 548 Switch(config)# monitor session 1 source interface gigabitethernet0/1 tx Switch(config)# monitor session 1 source interface gigabitethernet0/2 rx Switch(config)# monitor session 1 source interface port-channel 2 Switch(config)# monitor session 1 destination remote vlan 901 Switch(config)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-18 OL-8915-03...
Page 549: Creating An Rspan Destination Session
To remove a destination port from the SPAN session, use the no monitor session session_number destination interface interface-id global configuration command. To remove the RSPAN VLAN from the session, use the no monitor session session_number source remote vlan vlan-id. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-19 OL-8915-03...
Page 550: Creating An Rspan Destination Session And Configuring Incoming Traffic
RSPAN VLAN and the destination port, and to enable incoming traffic on the destination port for a network security device (such as a Cisco IDS Sensor Appliance). For details about the keywords not related to incoming traffic, see the “Creating an RSPAN Destination...
Page 551 VLAN 6 as the default receiving VLAN. Switch(config)# monitor session 2 source remote vlan 901 Switch(config)# monitor session 2 destination interface gigabitethernet0/2 ingress vlan 6 Switch(config)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-21 OL-8915-03...
Page 552: Specifying Vlans To Filter
Switch(config)# monitor session 2 source interface gigabitethernet0/2 rx Switch(config)# monitor session 2 filter vlan 1 - 5 , 9 Switch(config)# monitor session 2 destination remote vlan 902 Switch(config)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-22 OL-8915-03...
Page 553: Displaying Span And Rspan Status
To display the current SPAN or RSPAN configuration, use the show monitor user EXEC command. You can also use the show running-config privileged EXEC command to display configured SPAN or RSPAN sessions. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-23 OL-8915-03...
Page 554 Chapter 27 Configuring SPAN and RSPAN Displaying SPAN and RSPAN Status Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-24 OL-8915-03...
Page 555: Chapter 28 Configuring Rmon
For complete syntax and usage information for the commands used in this chapter, see the “System Note Management Commands” section in the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References. This chapter consists of these sections: Understanding RMON, page 28-1 •...
Page 556: Configuring Rmon
Configuring RMON Alarms and Events, page 28-3 (required) Collecting Group History Statistics on an Interface, page 28-5 (optional) • Collecting Group Ethernet Statistics on an Interface, page 28-5 (optional) • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 28-2 OL-8915-03...
Page 557: Default Rmon Configuration
(Optional) For event-number, specify the event • number to trigger when the rising or falling threshold exceeds its limit. • (Optional) For owner string, specify the owner of the alarm. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 28-3 OL-8915-03...
Page 558 This example also generates an SNMP trap when the event is triggered. Switch(config)# rmon event 1 log trap eventtrap description "High ifOutErrors" owner jjones Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 28-4 OL-8915-03...
Page 559: Collecting Group History Statistics On An Interface
This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the interface on which to collect statistics, and enter interface configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 28-5 OL-8915-03...
Page 560: Displaying Rmon Status
For information about the fields in these displays, see the “System Management Commands” section in the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References.
Page 561: Chapter 29 Configuring System Message Logging
Configuring System Message Logging This chapter describes how to configure system message logging on the switch. For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Note Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation >...
Page 562: Configuring System Message Logging
The part of the message preceding the percent sign depends on the setting of the service sequence-numbers, service timestamps log datetime, service timestamps log datetime [localtime] [msec] [show-timezone], or service timestamps log uptime global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 29-2 OL-8915-03...
Page 563: Default System Message Logging Configuration
Console severity Debugging (and numerically lower levels; see Table 29-3 on page 29-9). Logging file configuration No filename specified. Logging buffer size 4096 bytes. Logging history size 1 message. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 29-3 OL-8915-03...
Page 564: Disabling Message Logging
When this command is enabled, messages appear only after you press Return. For more information, see the “Synchronizing Log Messages” section on page 29-6. To re-enable message logging after it has been disabled, use the logging on global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 29-4 OL-8915-03...
Page 565: Setting The Message Display Destination Device
You must perform this step for each session to see the debugging messages. Step 7 show running-config Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 29-5 OL-8915-03...
Page 566: Synchronizing Log Messages
For example, to change the setting for vty line 2, enter: line vty 2 When you enter this command, the mode changes to line configuration. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 29-6 OL-8915-03...
Page 567: Enabling And Disabling Time Stamps On Log Messages
This example shows part of a logging display with the service timestamps log datetime global configuration command enabled: *Mar 1 18:46:11: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 29-7 OL-8915-03...
Page 568: Enabling And Disabling Sequence Numbers In Log Messages
Step 3 logging monitor level Limit messages logged to the terminal lines. By default, the terminal receives debugging messages and numerically lower levels (see Table 29-3 on page 29-9). Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 29-8 OL-8915-03...
Page 569 Technical Assistance Center. Interface up or down transitions and system restart messages, displayed at the notifications level. • This message is only for information; switch functionality is not affected. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 29-9 OL-8915-03...
Page 570: Limiting Syslog Messages Sent To The History Table And To Snmp
100). You can clear the log at any time by entering the no logging enable command followed by the logging enable command to disable and reenable logging. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 29-10...
Page 571 [end-number] | statistics} [provisioning] privileged EXEC command to display the complete configuration log or the log for specified parameters. The default is that configuration logging is disabled. For information about the commands, see the Cisco IOS Configuration Fundamentals and Network Management Command Reference, Release 12.3 T at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_command_reference_chapter0918 6a00801a8086.html#wp1114989...
Page 572: Configuring Unix Syslog Servers
Log messages to a UNIX syslog server host by entering its IP address. To build a list of syslog servers that receive logging messages, enter this command more than once. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 29-12 OL-8915-03...
Page 573: Displaying The Logging Configuration
To display the logging configuration and the contents of the log buffer, use the show logging privileged EXEC command. For information about the fields in this display, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation >...
Page 574 Chapter 29 Configuring System Message Logging Displaying the Logging Configuration Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 29-14 OL-8915-03...
Page 575: Chapter 30 Configuring Snmp
For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release and the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References. This chapter consists of these sections: Understanding SNMP, page 30-1 •...
Page 576: Snmp Versions
A combination of the security level and the security model determine which security mechanism is used when handling an SNMP packet. Available security models are SNMPv1, SNMPv2C, and SNMPv3. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-2 OL-8915-03...
Page 577: Snmp Manager Functions
1. With this operation, an SNMP manager does not need to know the exact variable name. A sequential search is performed to find the needed variable from within a table. 2. The get-bulk command only works with SNMPv2 or later. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-3 OL-8915-03...
Page 578: Snmp Agent Functions
SNMP Network Get-request, Get-next-request, Network device Get-bulk, Set-request Get-response, traps SNMP Agent SNMP Manager For information on supported MIBs and how to access them, see Appendix A, “Supported MIBs.” Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-4 OL-8915-03...
Page 579: Snmp Notifications
-module interfaces) 10000–14500 Null 14501 1. SVI = switch virtual interface 2. SFP = small form-factor pluggable Note The switch might not use sequential values within a range. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-5 OL-8915-03...
Page 580: Configuring Snmp
An SNMP group is a table that maps SNMP users to SNMP views. An SNMP user is a member of an SNMP group. An SNMP host is the recipient of an SNMP trap operation. An SNMP engine ID is a name for the local or remote SNMP engine. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-6 OL-8915-03...
Page 581: Disabling The Snmp Agent
The no snmp-server global configuration command disables all running versions (Version 1, Version 2C, and Version 3) on the device. No specific Cisco IOS command exists to enable SNMP. The first snmp-server global configuration command that you enter enables all versions of SNMP.
Page 582: Configuring Community Strings
Recall that the access list is always terminated by an implicit deny statement for everything. Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-8 OL-8915-03...
Page 583: Configuring Snmp Groups And Users
If you select remote, specify the ip-address of the device that • contains the remote copy of SNMP and the optional User Datagram Protocol (UDP) port on the remote device. The default is 162. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-9 OL-8915-03...
Page 584 64 characters) that is the name of the view in which you specify a notify, inform, or trap. (Optional) Enter access access-list with a string (not to exceed • 64 characters) that is the name of the access list. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-10 OL-8915-03...
Page 585: Configuring Snmp Notifications
By default, no trap manager is defined, and no traps are sent. Switches running this Cisco IOS release can have an unlimited number of trap managers. Many commands use the word traps in the command syntax. Unless there is an option in the command Note to select either traps or informs, the keyword traps refers to either traps, informs, or both.
Page 586 Generates a trap for Open Shortest Path First (OSPF) changes. You can enable any or all of these traps: Cisco specific, errors, link-state advertisement, rate limit, retransmit, and state changes. Generates a trap for Protocol-Independent Multicast (PIM) changes. You can enable any or all of these traps: invalid PIM messages, neighbor changes, and rendezvous point (RP)-mapping changes.
Page 587 When version 3 is specified, enter the SNMPv3 username. • (Optional) For notification-type, use the keywords listed in Table 30-5 on page 30-11. If no type is specified, all notifications are sent. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-13 OL-8915-03...
Page 588: Setting The Agent Contact And Location Information
Step 1 configure terminal Enter global configuration mode. Step 2 snmp-server contact text Set the system contact string. For example: snmp-server contact Dial System Operator at beeper 21555. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-14 OL-8915-03...
Page 589: Limiting Tftp Servers Used Through Snmp
Step 4 Return to privileged EXEC mode. Step 5 show running-config Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-15 OL-8915-03...
Page 590: Snmp Examples
Switch(config)# snmp-server enable traps entity Switch(config)# snmp-server host cisco.com restricted entity This example shows how to enable the switch to send all traps to the host myhost.cisco.com using the community string public: Switch(config)# snmp-server enable traps Switch(config)# snmp-server host myhost.cisco.com public...
Page 591: Displaying Snmp Status
EXEC command. You also can use the other privileged EXEC commands in Table 30-6 to display SNMP information. For information about the fields in the displays, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2. Table 30-6 Commands for Displaying SNMP Information...
Page 592 Chapter 30 Configuring SNMP Displaying SNMP Status Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-18 OL-8915-03...
Page 593: Chapter 31 Configuring Network Security With Acls
“Configuring IP Services” section in the “IP Addressing and Services” chapter of the Cisco IOS IP Configuration Guide, Release 12.2, and the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2. The Cisco IOS documentation is available from the Cisco.com page under Documentation >...
Page 594: Supported Acls
ACL is applied are filtered by the port ACL. Incoming routed IP packets received on other ports are filtered by the router ACL. Other packets are not filtered. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-2 OL-8915-03...
Page 595: Port Acls
Blade Server A to access the Human Resources network, but prevent Blade Server B from accessing the same network. Port ACLs can only be applied to Layer 2 interfaces in the inbound direction. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-3 OL-8915-03...
Page 596: Router Acls
Standard IP access lists use source addresses for matching operations. • Extended IP access lists use source and destination addresses and optional protocol type information • for matching operations. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-4 OL-8915-03...
Page 597: Vlan Maps
Permit ACEs that check the Layer 3 information in the fragment (including protocol type, such as TCP, UDP, and so on) are considered to match the fragment regardless of what the missing Layer 4 information might have been. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-5 OL-8915-03...
Page 598: Configuring Ipv4 Acls
ACEs were checking different hosts. Configuring IPv4 ACLs Configuring IP v4ACLs on the switch is the same as configuring IPv4 ACLs on other Cisco switches and routers. The process is briefly described here. For more detailed information on configuring ACLs, see the “Configuring IP Services”...
Page 599: Creating Standard And Extended Ipv4 Acls
Resequencing ACEs in an ACL, page 31-14 • Creating Named Standard and Extended ACLs, page 31-14 • • Using Time Ranges with ACLs, page 31-16 • Including Comments in ACLs, page 31-18 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-7 OL-8915-03...
Page 600: Access List Numbers
ACE containing a log keyword, the software might not be able to match the hardware processing rate, and not all packets will be logged. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-8 OL-8915-03...
Page 601: Creating A Numbered Standard Acl
With standard access lists, if you omit the mask from an associated IP host address ACL specification, 0.0.0.0 is assumed to be the mask. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-9 OL-8915-03...
Page 602: Creating A Numbered Extended Acl
Note For more details on the specific keywords for each protocol, see these command references: Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2 • Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2 •...
Page 603 DSCP value specified by a number • from 0 to 63, or use the question mark (?) to see a list of available values. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-11 OL-8915-03...
Page 604 TCP port. To see TCP port names, use the ? or see the “Configuring IP Services” section in the “IP Addressing and Services” chapter of the Cisco IOS IP Configuration Guide, Release 12.2. Use only TCP port numbers or names when filtering TCP.
Page 605 ICMP message type and code name. To see a list of ICMP message type names and code names, use the ?, or see the “Configuring IP Services” section of the Cisco IOS IP Configuration Guide, Release 12.2. Step 2e access-list access-list-number (Optional) Define an extended IGMP access list and the access conditions.
Page 606: Resequencing Aces In An Acl
Define a standard IPv4 access list using a name, and enter access-list configuration mode. The name can be a number from 1 to 99. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-14 OL-8915-03...
Page 607 For standard ACLs, if you omit the mask from an associated IP host address access list specification, 0.0.0.0 is assumed to be the mask. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-15 OL-8915-03...
Page 608: Using Time Ranges With Acls
Assign a meaningful name (for example, workhours) to the time range to be created, and enter time-range configuration mode. The name cannot contain a space or quotation mark and must begin with a letter. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-16 OL-8915-03...
Page 609 Switch(config)# access-list 188 permit tcp any any time-range workhours Switch(config)# end Switch# show access-lists Extended IP access list 188 10 deny tcp any any time-range new_year_day_2006 (inactive) 20 permit tcp any any time-range workhours (inactive) Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-17 OL-8915-03...
Page 610: Including Comments In Acls
For procedures for applying ACLs to interfaces, see the “Applying an IPv4 ACL to an Interface” section on page 31-19. For applying ACLs to VLANs, see the “Configuring VLAN Maps” section on page 31-28. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-18 OL-8915-03...
Page 611: Applying An Ipv4 Acl To An Interface
These access-group denied packets are not dropped in hardware but are bridged to the switch CPU so that it can generate the ICMP-unreachable message. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-19...
Page 612 When you apply an undefined ACL to an interface, the switch acts as if the ACL has not been applied to the interface and permits all packets. Remember this behavior if you use undefined ACLs for network security. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-20 OL-8915-03...
Page 613: Hardware And Software Treatment Of Ip Acls
This section provides examples of configuring and applying IPv4 ACLs. For detailed information about compiling ACLs, see the Cisco IOS Security Configuration Guide, Release 12.2 and to the Configuring IP Services” section in the “IP Addressing and Services” chapter of the Cisco IOS IP Configuration Guide, Release 12.2.
Page 614 Switch(config)# access-list 106 permit ip any 172.20.128.64 0.0.0.31 Switch(config)# end Switch# show access-lists Extended IP access list 106 10 permit ip any 172.20.128.64 0.0.0.31 Switch(config)# interface gigabitethernet0/1 Switch(config-if)# ip access-group 106 in Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-22 OL-8915-03...
Page 615: Numbered Acls
This example creates a standard ACL named internet_filter and an extended ACL named marketing_group. The internet_filter ACL allows all traffic from the source address 1.2.3.4. Switch(config)# ip access-list standard Internet_filter Switch(config-ext-nacl)# permit 1.2.3.4 Switch(config-ext-nacl)# exit Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-23 OL-8915-03...
Page 616: Time Range Applied To An Ip Acl
Switch(config)# access-list 100 deny host 171.69.3.85 any eq www Switch(config)# access-list 100 remark Do not allow Smith to browse the web Switch(config)# access-list 100 deny host 171.69.3.13 any eq www Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-24 OL-8915-03...
Page 617: Acl Logging
This is a an example of a log for an extended ACL: 01:24:23:%SEC-6-IPACCESSLOGDP:list ext1 permitted icmp 10.1.1.15 -> 10.1.1.61 (0/0), 1 packet 01:25:14:%SEC-6-IPACCESSLOGDP:list ext1 permitted icmp 10.1.1.15 -> 10.1.1.61 (0/0), 7 packets Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-25 OL-8915-03...
Page 618: Creating Named Mac Extended Acls
Beginning in privileged EXEC mode, follow these steps to create a named MAC extended ACL: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 mac access-list extended name Define an extended MAC access list using a name. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-26 OL-8915-03...
Page 619: Applying A Mac Acl To A Layer 2 Interface
Layer 3 ACL applied to the VLAN interface or a VLAN map applied to the VLAN. Incoming packets received on the Layer 2 port are always filtered by the port ACL. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-27...
Page 620: Configuring Vlan Maps
If there is no match clause for that type of packet, the default is to forward the packet. For complete syntax and usage information for the commands used in this section, see the command reference for this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-28 OL-8915-03...
Page 621: Vlan Map Configuration Guidelines
VLAN map to a VLAN that the port belongs to, the port ACL takes precedence over the VLAN map. If VLAN map configuration cannot be applied in hardware, all packets in that VLAN must be routed • by software. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-29 OL-8915-03...
Page 622: Creating A Vlan Map
Use the no action access-map configuration command to enforce the default action, which is to forward. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-30 OL-8915-03...
Page 623: Examples Of Acls And Vlan Maps
Switch(config)# vlan access-map drop-ip-default 10 Switch(config-access-map)# match ip address 101 Switch(config-access-map)# action forward Switch(config-access-map)# exit Switch(config)# vlan access-map drop-ip-default 20 Switch(config-access-map)# match ip address igmp-match Switch(config-access-map)# action drop Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-31 OL-8915-03...
Page 624 Switch(config)# vlan access-map drop-all-default 10 Switch(config-access-map)# match ip address tcp-match Switch(config-access-map)# action forward Switch(config-access-map)# exit Switch(config)# vlan access-map drop-all-default 20 Switch(config-access-map)# match mac address good-hosts Switch(config-access-map)# action forward Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-32 OL-8915-03...
Page 625: Applying A Vlan Map To A Vlan
Host X to Host Y is eventually being routed by Switch B, a Layer 3 switch with routing enabled. Traffic from Host X to Host Y can be access-controlled at the traffic entry point, Switch A. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-33...
Page 626 Switch(config)# vlan access-map map2 20 Switch(config-access-map)# match ip address match_all Switch(config-access-map)# action forward Then, apply VLAN access map map2 to VLAN 1. Switch(config)# vlan filter map2 vlan 1 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-34 OL-8915-03...
Page 627: Denying Access To A Server On Another Vlan
Switch(config-access-map)# action drop Switch(config)# vlan access-map SERVER1_MAP 20 Switch(config-access-map)# action forward Switch(config-access-map)# exit Step 3 Apply the VLAN map to VLAN 10. Switch(config)# vlan filter SERVER1_MAP vlan-list 10. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-35 OL-8915-03...
Page 628: Using Vlan Maps With Router Acls
To define multiple actions in an ACL (permit, deny), group each action type together to reduce the • number of entries. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-36 OL-8915-03...
Page 629: Examples Of Router Acls And Vlan Maps Applied To Vlans
Applying ACLs on Switched Packets Input Output VLAN 10 router router VLAN 20 Frame Host A (VLAN 10) Routing function or fallback bridge Host C (VLAN 10) VLAN 10 VLAN 20 Packet Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-37 OL-8915-03...
Page 630: Acls And Routed Packets
(numbered or named). show ip access-lists [number | name] Display the contents of all current IP access lists or a specific IP access list (numbered or named). Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-38 OL-8915-03...
Page 631 Show information about all VLAN access maps or the specified access map. show vlan filter [access-map name | vlan vlan-id] Show information about all VLAN filters or about a specified VLAN or VLAN access map. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-39 OL-8915-03...
Page 632 Chapter 31 Configuring Network Security with ACLs Displaying IPv4 ACL Configuration Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-40 OL-8915-03...
Page 633: Chapter 32 Configuring Qos
The switch supports some of the modular QoS CLI (MQC) commands. For more information about the MQC commands, see the “Modular Quality of Service Command-Line Interface Overview” at this site: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter0918 6a00800bd908.html Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-1 OL-8915-03...
Page 634: Understanding Qos
IP precedence values. IP precedence values range from 0 to 7. DSCP values range from 0 to 63. Note IPv6 QoS is not supported in this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-2 OL-8915-03...
Page 635: Basic Qos Model
(police and mark), and provide different treatment (queue and schedule) in all situations where resource contention exists. The switch also needs to ensure that traffic sent from it meets a specific traffic profile (shape). Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-3 OL-8915-03...
Page 636 • One of the queues (queue 1) can be the expedited queue, which is serviced until empty before the other queues are serviced. Figure 32-2 Basic QoS Model Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-4 OL-8915-03...
Page 637: Classification
For information on the maps described in this section, see the “Mapping Tables” section on page 32-12. For configuration information on port trust states, see the “Configuring Classification Using Port Trust States” section on page 32-36. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-5 OL-8915-03...
Page 638 Assign the DSCP or CoS as specified Assign the default Generate the DSCP by using by ACL action to generate the QoS label. DSCP (0). the CoS-to-DSCP map. Done Done Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-6 OL-8915-03...
Page 639: Classification Based On Qos Acls
In this mode, you specify the actions to take on a specific traffic class by using the class, trust, or set policy-map configuration and policy-map class configuration commands. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-7 OL-8915-03...
Page 640: Policing And Marking
“Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps” section on page 32-52, and the “Classifying, Policing, and Marking Traffic by Using Aggregate Policers” section on page 32-58. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-8 OL-8915-03...
Page 641: Policing On Physical Ports
A nonhierarchical policy map on a physical port. • The interface level of a hierarchical policy map attached to an SVI. The physical ports are specified in this secondary policy map. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-9 OL-8915-03...
Page 642: Policing On Svis
SVI. The second level, the interface level, specifies the actions to be taken against the traffic on the physical ports that belong to the SVI and are specified in the interface-level policy map. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-10 OL-8915-03...
Page 643 Pass through Drop Verify the out-of-profile action Drop packet. configured for this policer. Mark Modify DSCP according to the policed-DSCP map. Generate a new QoS label. Done Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-11 OL-8915-03...
Page 644: Mapping Tables
Scheduling on Ingress Queues” section on page 32-15. For information about the DSCP and CoS output queue threshold maps, see the “Queueing and Scheduling on Egress Queues” section on page 32-17. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-12 OL-8915-03...
Page 645: Queueing And Scheduling Overview
Suppose the queue is already filled with 600 frames, and a new frame arrives. It contains CoS values 4 and 5 and is subjected to the 60-percent threshold. If this frame is added to the queue, the threshold will be exceeded, so the switch drops it. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-13 OL-8915-03...
Page 646: Srr Shaping And Sharing
“Allocating Bandwidth Between the Ingress Queues” section on page 32-68, the “Configuring SRR Shaped Weights on Egress Queues” section on page 32-75, and the “Configuring SRR Shared Weights on Egress Queues” section on page 32-76. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-14 OL-8915-03...
Page 647: Queueing And Scheduling On Ingress Queues
The expedite queue has guaranteed bandwidth. 1. The switch uses two nonconfigurable queues for traffic that is essential for proper network operation. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-15 OL-8915-03...
Page 648 For configuration information, see the “Configuring Ingress Queue Characteristics” section on page 32-66. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-16 OL-8915-03...
Page 649: Queueing And Scheduling On Egress Queues
All traffic exiting the switch flows through one of these four queues and is subjected to a threshold based on the QoS label assigned to the packet. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-17...
Page 650 The switch can allocate the needed buffers from the common pool if the common pool is not empty. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-18...
Page 651: Packet Modification
DSCP to the CPU where it is again processed through software. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-19...
Page 652: Configuring Auto-Qos
The switch uses the resulting classification to choose the appropriate egress queue. You use auto-QoS commands to identify ports connected to Cisco IP Phones and to devices running the Cisco SoftPhone application. You also use the commands to identify ports that receive trusted traffic through an uplink.
Page 653: Generated Auto-Qos Configuration
The switch uses the Cisco Discovery Protocol (CDP) to detect the presence or absence of a Cisco IP Phone. When a Cisco IP Phone is detected, the ingress classification on the port is set to Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide...
Page 654 Configuring QoS Configuring Auto-QoS trust the QoS label received in the packet. When a Cisco IP Phone is absent, the ingress classification is set to not trust the QoS label in the packet. The switch configures ingress and egress queues on...
Page 655 Switch(config)# mls qos srr-queue input bandwidth 90 Switch(config)# mls qos srr-queue input threshold 1 8 16 Switch(config)# mls qos srr-queue input threshold 2 34 66 Switch(config)# mls qos srr-queue input buffers 67 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-23 OL-8915-03...
Page 656 DSCP value received in the packet on a routed port by using the mls qos trust dscp command. If you entered the auto qos voip cisco-phone command, the Switch(config-if)# mls qos trust device cisco-phone switch automatically enables the trusted boundary feature, which uses the CDP to detect the presence or absence of a Cisco IP Phone.
Page 657: Effects Of Auto-Qos On The Configuration
Before configuring auto-QoS, you should be aware of this information: • Auto-QoS configures the switch for VoIP with Cisco IP Phones on nonrouted and routed ports. Auto-QoS also configures the switch for VoIP with devices running the Cisco SoftPhone application.
Page 658: Enabling Auto-Qos For Voip
By default, the CDP is enabled on all ports. For auto-QoS to function properly, do not disable the • CDP. When enabling auto-QoS with a Cisco IP Phone on a routed port, you must assign a static IP address • to the IP phone.
Page 659 This example shows how to enable auto-QoS and to trust the QoS labels received in incoming packets when the switch or router connected to a port is a trusted device: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# auto qos voip trust Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-27 OL-8915-03...
Page 660: Auto-Qos Configuration Example
VoIP traffic is prioritized over all other traffic. Auto-QoS is enabled on the switches in the wiring closets at the edge of the QoS domain. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-28...
Page 661 Step 6 exit Return to global configuration mode. Step 7 Repeat Steps 4 to 6 for as many ports as are connected to the Cisco IP Phone. Step 8 interface interface-id Specify the switch port identified as connected to a trusted switch or router, and enter interface configuration mode.
Page 662: Displaying Auto-Qos Information
(optional, unless you need to use the • DSCP-to-DSCP-mutation map or the policed-DSCP map) Configuring Ingress Queue Characteristics, page 32-66 (optional) • Configuring Egress Queue Characteristics, page 32-70 (optional) • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-30 OL-8915-03...
Page 663: Default Standard Qos Configuration
DSCP input queue threshold map when QoS is enabled. Table 32-8 Default DSCP Input Queue Threshold Map DSCP Value Queue ID–Threshold ID 0–39 1–1 40–47 2–1 48–63 1–1 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-31 OL-8915-03...
Page 664: Default Egress Queue Configuration
DSCP output queue threshold map when QoS is enabled. Table 32-11 Default DSCP Output Queue Threshold Map DSCP Value Queue ID–Threshold ID 0–15 2–1 16–31 3–1 32–39 4–1 40–47 1–1 48–63 4–1 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-32 OL-8915-03...
Page 665: Default Mapping Table Configuration
• traffic is bridged, routed, or sent to the CPU. It is possible for bridged frames to be dropped or to have their DSCP and CoS values modified. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-33 OL-8915-03...
Page 666: Policing Guidelines
QoS processing. You are likely to lose data when you change queue settings; therefore, try to make changes when • traffic is at a minimum. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-34 OL-8915-03...
Page 667: Enabling Qos Globally
(Optional) Save your entries in the configuration file. Use the no mls qos vlan-based interface configuration command to disable VLAN-based QoS on the physical port. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-35 OL-8915-03...
Page 668: Configuring Classification Using Port Trust States
QoS domain. Figure 32-12 shows a sample network topology. Figure 32-12 Port Trusted States within the QoS Domain Trusted interface Trunk Traffic classification performed here Trusted boundary Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-36 OL-8915-03...
Page 669 “Configuring the CoS Value for an Interface” section on page 32-38. For information on how to configure the CoS-to-DSCP map, see the “Configuring the CoS-to-DSCP Map” section on page 32-60. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-37 OL-8915-03...
Page 670: Configuring The Cos Value For An Interface
To return to the default setting, use the no mls qos cos {default-cos | override} interface configuration command. Configuring a Trusted Boundary to Ensure Port Security In a typical network, you connect a Cisco IP Phone to a switch port, as shown in Figure 32-12 on page 32-36, and cascade devices that generate data packets from the back of the telephone.
Page 671 CoS setting). By contrast, trusted boundary uses CDP to detect the presence of a Cisco IP Phone (such as the Cisco IP Phone 7910, 7935, 7940, and 7960) on a switch port. If the telephone is not detected, the trusted boundary feature disables the trusted setting on the switch port and prevents misuse of a high-priority queue.
Page 672: Enabling Dscp Transparency Mode
QoS. If the two domains use different DSCP values, you can configure the DSCP-to-DSCP-mutation map to translate a set of DSCP values to match the definition in the other domain. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-40 OL-8915-03...
Page 673 Return to privileged EXEC mode. Step 7 show mls qos maps dscp-mutation Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-41 OL-8915-03...
Page 674: Configuring A Qos Policy
Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps, page 32-48 Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps, page 32-52 • Classifying, Policing, and Marking Traffic by Using Aggregate Policers, page 32-58 • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-42 OL-8915-03...
Page 675: Classifying Traffic By Using Acls
Switch(config)# access-list 1 permit 192.5.255.0 0.0.0.255 Switch(config)# access-list 1 permit 128.88.0.0 0.0.255.255 Switch(config)# access-list 1 permit 36.0.0.0 0.0.0.255 ! (Note: all other access implicitly denied) Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-43 OL-8915-03...
Page 676 This example shows how to create an ACL that permits PIM traffic from any source to a destination group address of 224.0.0.2 with a DSCP set to 32: Switch(config)# access-list 102 permit pim any 224.0.0.2 dscp 32 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-44 OL-8915-03...
Page 677 MAC address 0001.0000.0002 to the host with MAC address 0002.0000.0002. Switch(config)# mac access-list extended maclist1 Switch(config-ext-macl)# permit 0001.0000.0001 0.0.0 0002.0000.0001 0.0.0 Switch(config-ext-macl)# permit 0001.0000.0002 0.0.0 0002.0000.0002 0.0.0 xns-idp ! (Note: all other access implicitly denied) Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-45 OL-8915-03...
Page 678: Classifying Traffic By Using Class Maps
If neither the match-all or match-any keyword is specified, the default is match-all. Because only one match command per class map is supported, Note the match-all and match-any keywords function the same. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-46 OL-8915-03...
Page 679 This example shows how to create a class map called class3, which matches incoming traffic with IP-precedence values of 5, 6, and 7: Switch(config)# class-map class3 Switch(config-cmap)# match ip precedence 5 6 7 Switch(config-cmap)# end Switch# Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-47 OL-8915-03...
Page 680: Classifying, Policing, And Marking Traffic On Physical Ports By Using Policy Maps
Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps, page 32-52. Beginning with Cisco IOS Release 12.2(44)SE, a policy-map and a port trust state can both run on a • physical interface. The policy-map is applied before the port trust state.
Page 681 By default, no policy map class-maps are defined. If a traffic class has already been defined by using the class-map global configuration command, specify its name for class-map-name in this command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-49 OL-8915-03...
Page 682 DSCP value (by using the policed-DSCP map) and to send the packet. For more information, see the “Configuring the Policed-DSCP Map” section on page 32-62. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-50 OL-8915-03...
Page 683 Switch(config-ext-mac)# permit 0001.0000.0001 0.0.0 0002.0000.0001 0.0.0 Switch(config-ext-mac)# permit 0001.0000.0002 0.0.0 0002.0000.0002 0.0.0 xns-idp Switch(config-ext-mac)# exit Switch(config)# mac access-list extended maclist2 Switch(config-ext-mac)# permit 0001.0000.0003 0.0.0 0002.0000.0003 0.0.0 Switch(config-ext-mac)# permit 0001.0000.0004 0.0.0 0002.0000.0004 0.0.0 aarp Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-51 OL-8915-03...
Page 684: Classifying, Policing, And Marking Traffic On Svis By Using Hierarchical Policy Maps
• • Beginning with Cisco IOS Release 12.2(44)SE, a policy-map and a port trust state can both run on a physical interface. The policy-map is applied before the port trust state. A policy-map trust state and a port trust state are mutually exclusive, and whichever is configured •...
Page 685 For ip precedence ip-precedence-list, enter a list of up to eight IP-precedence values to match against incoming packets. Separate each value with a space. The range is 0 to 7. Step 4 exit Return to class-map configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-53 OL-8915-03...
Page 686 By default, no policy-map class-maps are defined. If a traffic class has already been defined by using the class-map global configuration command, specify its name for class-map-name in this command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-54 OL-8915-03...
Page 687 By default, no policy-map class-maps are defined. If a traffic class has already been defined by using the class-map global configuration command, specify its name for class-map-name in this command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-55 OL-8915-03...
Page 688 Step 21 exit Return to global configuration mode. Step 22 interface interface-id Specify the SVI to which to attach the hierarchical policy map, and enter interface configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-56 OL-8915-03...
Page 689 Switch(config)#class-map cm-interface-1 Switch(config-cmap)#match input g3/0/1 - g3/0/2 Switch(config-cmap)#exit Switch(config)#policy-map port-plcmap Switch(config-pmap)#class-map cm-interface-1 Switch(config-pmap-c)#police 900000 9000 exc policed-dscp-transmit Switch(config-pmap-c)#exit Switch(config-pmap)#exit Switch(config)#policy-map vlan-plcmap Switch(config-pmap)#class-map cm-1 Switch(config-pmap-c)#set dscp 7 Switch(config-pmap-c)#service-policy port-plcmap-1 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-57 OL-8915-03...
Page 690: Classifying, Policing, And Marking Traffic By Using Aggregate Policers
[match-all | match-any] Create a class map to classify traffic as necessary. For more class-map-name information, see the “Classifying Traffic by Using Class Maps” section on page 32-46. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-58 OL-8915-03...
Page 691 Switch(config)# mls qos aggregate-police transmit1 48000 8000 exceed-action policed-dscp-transmit Switch(config)# class-map ipclass1 Switch(config-cmap)# match access-group 1 Switch(config-cmap)# exit Switch(config)# class-map ipclass2 Switch(config-cmap)# match access-group 2 Switch(config-cmap)# exit Switch(config)# policy-map aggflow1 Switch(config-pmap)# class ipclass1 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-59 OL-8915-03...
Page 692: Configuring Dscp Maps
If these values are not appropriate for your network, you need to modify them. Beginning in privileged EXEC mode, follow these steps to modify the CoS-to-DSCP map. This procedure is optional. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-60 OL-8915-03...
Page 693: Configuring The Ip-Precedence-To-Dscp Map
IP-precedence-to-DSCP map: Table 32-13 Default IP-Precedence-to-DSCP Map IP Precedence Value DSCP Value If these values are not appropriate for your network, you need to modify them. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-61 OL-8915-03...
Page 694: Configuring The Policed-Dscp Map
Return to privileged EXEC mode. Step 4 show mls qos maps policed-dscp Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-62 OL-8915-03...
Page 695: Configuring The Dscp-To-Cos Map
Default DSCP-to-CoS Map DSCP Value CoS Value 0–7 8–15 16–23 24–31 32–39 40–47 48–55 56–63 If these values are not appropriate for your network, you need to modify them. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-63 OL-8915-03...
Page 696: Configuring The Dscp-To-Dscp-Mutation Map
You can configure multiple DSCP-to-DSCP-mutation maps on an ingress port. The default DSCP-to-DSCP-mutation map is a null map, which maps an incoming DSCP value to the same DSCP value. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-64 OL-8915-03...
Page 697 30 30 30 30 30 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-65 OL-8915-03...
Page 698: Configuring Ingress Queue Characteristics
Allocating Buffer Space Between the Ingress Queues, page 32-68 (optional) • Allocating Bandwidth Between the Ingress Queues, page 32-68 (optional) • Configuring the Ingress Priority Queue, page 32-69 (optional) • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-66 OL-8915-03...
Page 699 To return to the default WTD threshold percentages, use the no mls qos srr-queue input threshold queue-id global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-67 OL-8915-03...
Page 700: Allocating Buffer Space Between The Ingress Queues
SRR scheduler sends packets from each queue. The bandwidth and the buffer allocation control how much data can be buffered before packets are dropped. On ingress queues, SRR operates only in shared mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-68 OL-8915-03...
Page 701: Configuring The Ingress Priority Queue
Then, SRR shares the remaining bandwidth with both ingress queues and services them as specified by the weights configured with the mls qos srr-queue input bandwidth weight1 weight2 global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-69 OL-8915-03...
Page 702: Configuring Egress Queue Characteristics
Does the bandwidth of the port need to be rate limited? • How often should the egress queues be serviced and which technique (shaped, shared, or both) • should be used? Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-70 OL-8915-03...
Page 703: Configuration Guidelines
The egress queue default settings are suitable for most situations. You should change them only when you have a thorough understanding of the egress queues and if these settings do not meet your QoS solution. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-71 OL-8915-03...
Page 704 For qset-id, enter the ID of the queue-set specified in Step 2. The range is 1 to 2. The default is 1. Step 6 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-72 OL-8915-03...
Page 705: Mapping Dscp Or Cos Values To An Egress Queue And To A Threshold Id
The egress queue default settings are suitable for most situations. You should change them only when Note you have a thorough understanding of the egress queues and if these settings do not meet your QoS solution. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-73 OL-8915-03...
Page 706 This example shows how to map DSCP values 10 and 11 to egress queue 1 and to threshold 2: Switch(config)# mls qos srr-queue output dscp-map queue 1 threshold 2 10 11 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-74...
Page 707: Configuring Srr Shaped Weights On Egress Queues
2, 3, and 4 are set to 0, these queues operate in shared mode. The bandwidth weight for queue 1 is 1/8, which is 12.5 percent: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# srr-queue bandwidth shape 8 0 0 0 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-75 OL-8915-03...
Page 708: Configuring Srr Shared Weights On Egress Queues
1, 2, 3, and 4. This means that queue 4 has four times the bandwidth of queue 1, twice the bandwidth of queue 2, and one-and-a-third times the bandwidth of queue 3. Switch(config)# interface gigabitethernet0/1 Switch(config-if)# srr-queue bandwidth share 1 2 3 4 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-76 OL-8915-03...
Page 709: Configuring The Egress Expedite Queue
Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the port to be rate limited, and enter interface configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-77 OL-8915-03...
Page 710: Displaying Standard Qos Information
| dscp-output-q | ip-prec-dscp | policed-dscp] show mls qos queue-set [qset-id] Display QoS settings for the egress queues. show mls qos vlan vlan-id Display the policy maps attached to the specified SVI. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-78 OL-8915-03...
Page 711 The control-plane and interface keywords are not supported, and the statistics shown in the display should be ignored. show running-config | include rewrite Display the DSCP transparency setting. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-79 OL-8915-03...
Page 712 Chapter 32 Configuring QoS Displaying Standard QoS Information Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-80 OL-8915-03...
Page 713: Chapter 33 Configuring Etherchannels And Layer 2 Trunk Failover
• Port Aggregation Protocol, page 33-4 • Link Aggregation Control Protocol, page 33-5 • EtherChannel On Mode, page 33-6 • Load Balancing and Forwarding Methods, page 33-6 • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-1 OL-8915-03...
Page 714: Etherchannel Overview
In previous releases, the incompatible ports were suspended. Beginning with Cisco IOS Release 12.2(35)SE, instead of a suspended state, the local port is put into an independent state and continues to carry data traffic as would any other single link.
Page 715: Port-Channel Interfaces
To change the parameters of all ports in an EtherChannel, apply configuration commands to the port-channel interface, for example, spanning-tree commands or commands to configure a Layer 2 EtherChannel as a trunk. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-3 OL-8915-03...
Page 716: Port Aggregation Protocol
Understanding EtherChannels Port Aggregation Protocol The Port Aggregation Protocol (PAgP) is a Cisco-proprietary protocol that can be run only on Cisco switches and on those switches licensed by vendors to support PAgP. PAgP facilitates the automatic creation of EtherChannels by exchanging PAgP packets between Ethernet ports.
Page 717: Pagp Interaction With Other Features
Link Aggregation Control Protocol The LACP is defined in IEEE 802.3ad and enables Cisco switches to manage Ethernet channels between switches that conform to the IEEE 802.3ad protocol. LACP facilitates the automatic creation of EtherChannels by exchanging LACP packets between Ethernet ports.
Page 718: Lacp Interaction With Other Features
MAC-address forwarding, packets sent from host A to host B, host A to host C, and host C to host B could all use different ports in the channel. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-6...
Page 719 MAC address, using the destination-MAC address always chooses the same link in the channel. Using source addresses or IP addresses might result in better load balancing. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-7...
Page 720: Configuring Etherchannels
Note to all the physical ports assigned to the port-channel interface, and configuration changes applied to the physical port affect only the port where you apply the configuration. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-8 OL-8915-03...
Page 721: Default Etherchannel Configuration
Spanning-tree port priority for each VLAN – Spanning-tree Port Fast setting – Do not configure a port to be a member of more than one EtherChannel group. • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-9 OL-8915-03...
Page 722: Configuring Layer 2 Etherchannels
For a LACP EtherChannel, you can configure up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in standby mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-10 OL-8915-03...
Page 723 Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. To remove a port from the EtherChannel group, use the no channel-group interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-11 OL-8915-03...
Page 724: Configuring Layer 3 Etherchannels
Switch(config-if)# end Configuring the Physical Interfaces Beginning in privileged EXEC mode, follow these steps to assign an Ethernet port to a Layer 3 EtherChannel. This procedure is required. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-12 OL-8915-03...
Page 725 Step 3 no ip address Ensure that there is no IP address assigned to the physical port. Step 4 no switchport Put the port into Layer 3 mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-13 OL-8915-03...
Page 726 33-5. Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-14 OL-8915-03...
Page 727: Configuring Etherchannel Load Balancing
IP address. • src-mac—Load distribution is based on the source-MAC address of the incoming packet. Step 3 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-15 OL-8915-03...
Page 728: Configuring The Pagp Learn Method And Priority
When the link partner of the Cisco Catalyst Blade Switch 3020 for HP is a physical learner (such as a Catalyst 1900 series switch), we recommend that you configure the Cisco Catalyst Blade Switch 3020 for HP as a physical-port learner by using the pagp learn-method physical-port interface configuration command.
Page 729: Configuring Lacp Hot-Standby Ports
16 ports. Only eight LACP links can be active at one time. The software places any additional links in a hot-standby mode. If one of the active links becomes inactive, a link that is in the hot-standby mode becomes active in its place. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-17 OL-8915-03...
Page 730: Configuring The Lacp System Priority
(Optional) Save your entries in the configuration file. To return the LACP system priority to the default value, use the no lacp system-priority global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-18 OL-8915-03...
Page 731: Configuring The Lacp Port Priority
(Optional) Save your entries in the configuration file. To return the LACP port priority to the default value, use the no lacp port-priority interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-19 OL-8915-03...
Page 732: Displaying Etherchannel, Pagp, And Lacp Status
Upstream interfaces can be bundled together, and each downstream interface can be associated with a single group consisting of multiple upstream interfaces. These groups are referred to as link-state groups. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-20 OL-8915-03...
Page 733: Configuring Layer 2 Trunk Failover
Configuring Layer 2 Trunk Failover, page 33-22 • Default Layer 2 Trunk Failover Configuration There are no link-state groups defined, and trunk failover is not enabled for any group. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-21 OL-8915-03...
Page 734: Layer 2 Trunk Failover Configuration Guidelines
Switch(config-if)# interface gigabitethernet0/1 Switch(config-if)# link state group 1 downstream Switch(config-if)# interface gigabitethernet0/3 Switch(config-if)# link state group 1 downstream Switch(config-if)# interface gigabitethernet0/5 Switch(config-if)# link state group 1 downstream Switch(config-if)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-22 OL-8915-03...
Page 735: Displaying Layer 2 Trunk Failover Status
Status: Disabled, Down Upstream Interfaces Downstream Interfaces : (Up):Interface up (Dwn):Interface Down (Dis):Interface disabled For detailed information about the fields in the display, see the command reference for this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-23 OL-8915-03...
Page 736 Chapter 33 Configuring EtherChannels and Layer 2 Trunk Failover Understanding Layer 2 Trunk Failover Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-24 OL-8915-03...
Page 737: Chapter 34 Configuring Ip Unicast Routing
For more detailed IP unicast configuration information, see the Cisco IOS IP Configuration Guide, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Configuration Guides. For complete syntax and usage information for the commands used in this chapter, see these command references from the Cisco.com page under Documentation >...
Page 738: Types Of Routing
The switch supports only the Routing Information Protocol (RIP), which uses a single distance metric (cost) to determine the best path. It also supports default routing and static routing. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-2...
Page 739: Steps For Configuring Routing
By default, IP routing is disabled on the switch, and you must enable it before routing can take place. For detailed IP routing configuration information, see the Cisco IOS IP Configuration Guide, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Configuration Guides.
Page 740: Default Addressing Configuration
Maximum interval between advertisements: 600 seconds. • Minimum interval between advertisements: 0.75 times max interval Preference: 0. • IP proxy ARP Enabled. IP routing Disabled. IP subnet-zero Disabled. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-4 OL-8915-03...
Page 741: Assigning Ip Addresses To Network Interfaces
(Optional) Save your entry in the configuration file. Use the no ip subnet-zero global configuration command to restore the default and disable the use of subnet zero. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-5 OL-8915-03...
Page 742: Classless Routing
128.20.3.0. If the host sends a packet to 120.20.4.1, because there is no network default route, the router discards the packet. Figure 34-3 No IP Classless Routing 128.0.0.0/8 128.20.4.1 128.20.0.0 Bit bucket 128.20.1.0 128.20.3.0 128.20.2.0 128.20.4.1 Host Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-6 OL-8915-03...
Page 743: Configuring Address Resolution Methods
For more information on RARP, see the Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.2 under Documentation > Cisco IOS Software > 12.2 Mainline > Configuration Guides from the Cisco.com page.
Page 744: Define A Static Arp Cache
To remove an entry from the ARP cache, use the no arp ip-address hardware-address type global configuration command. To remove all nonstatic entries from the ARP cache, use the clear arp-cache privileged EXEC command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-8 OL-8915-03...
Page 745: Set Arp Encapsulation
Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To disable proxy ARP on the interface, use the no ip proxy-arp interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-9 OL-8915-03...
Page 746: Routing Assistance When Ip Routing Is Disabled
Display the address of the default gateway router to verify the setting. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no ip default-gateway global configuration command to disable this function. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-10 OL-8915-03...
Page 747: Icmp Router Discovery Protocol (Irdp)
Return to privileged EXEC mode. Step 11 show ip irdp Verify settings by displaying IRDP values. Step 12 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-11 OL-8915-03...
Page 748: Configuring Broadcast Packet Handling
For more information on access lists, see Chapter 31, “Configuring Network Security with ACLs.” Beginning in privileged EXEC mode, follow these steps to enable forwarding of IP-directed broadcasts on an interface: Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-12 OL-8915-03...
Page 749: Forwarding Udp Broadcast Packets And Protocols
You can specify a UDP destination port to control which UDP services are forwarded. You can specify multiple UDP protocols. You can also specify the Network Disk (ND) protocol, which is used by older diskless Sun workstations and the network security protocol SDNS. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-13 OL-8915-03...
Page 750: Establishing An Ip Broadcast Address
By default, both UDP and ND forwarding are enabled if a helper address has been defined for an interface. The description for the ip forward-protocol interface configuration command in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2 lists the ports that are forwarded by default if you do not specify any UDP ports.
Page 751: Flooding Ip Broadcasts
CPU. For those packets that do go to the CPU, you can speed up spanning tree-based UDP flooding by a factor of about four to five times by using turbo-flooding. This feature is supported over Ethernet interfaces configured for ARP encapsulation. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-15 OL-8915-03...
Page 752: Monitoring And Maintaining Ip Addressing
[address [mask]] | [protocol] Display the current state of the routing table. show ip route summary Display the current state of the routing table in summary form. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-16 OL-8915-03...
Page 753: Enabling Ip Unicast Routing
Protocol (UDP) data packets to exchange routing information. The protocol is documented in RFC 1058. You can find detailed information about RIP in IP Routing Fundamentals, published by Cisco Press. RIP is the only routing protocol supported by the switch.
Page 754: Default Rip Configuration
Update: 30 seconds. • Invalid: 180 seconds. • Hold-down: 180 seconds. • Flush: 240 seconds. • Validate-update-source Enabled. Version Receives RIP Version 1 and 2 packets; sends Version 1 packets. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-18 OL-8915-03...
Page 755: Configuring Basic Rip Parameters
(Optional) Disable automatic summarization. By default, the switch summarizes subprefixes when crossing classful network boundaries. Disable summarization (RIP Version 2 only) to advertise subnet and host routing information to classful network boundaries. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-19 OL-8915-03...
Page 756: Configuring Rip Authentication
Step 5 Return to privileged EXEC mode. Step 6 show running-config interface [interface-id] Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-20 OL-8915-03...
Page 757: Configuring Summary Addresses And Split Horizon
In the example, if the interface is still in Layer 2 mode (the default), you must enter a no switchport interface configuration command before entering the ip address interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-21 OL-8915-03...
Page 758: Configuring Split Horizon
Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. To enable the split horizon mechanism, use the ip split-horizon interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-22 OL-8915-03...
Page 759: Configuring Stub Routing
VLAN 100 interfaces and on Host 3. This configuration allows the directly connected hosts to receive traffic from multicast source 200.1.1.3. See the “Configuring PIM Stub Routing” section on page 34-24 for more information. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-23 OL-8915-03...
Page 760: Configuring Pim Stub Routing
Specify the interface on which you want to enable PIM stub routing, and enter interface configuration mode. Step 3 ip pim passive Configure the PIM stub feature on the interface. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-24 OL-8915-03...
Page 761 • group. • show ip igmp mroute verifies that the multicast stream forwards from the source to the interested clients. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-25 OL-8915-03...
Page 762: Understanding Eigrp Stub Routing
By default, the ip classless command is enabled in all Cisco IOS images that support the EIGRP stub routing feature. Without the stub feature, even after the routes that are sent from the distribution router to the remote router have been filtered or summarized, a problem might occur.
Page 763: Configuring Eigrp Stub Routing
“IP Routing Protocol-Independent Commands” chapter of the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References.
Page 764: Configuring Cisco Express Forwarding
• Configuring Cisco Express Forwarding Cisco Express Forwarding (CEF) is a Layer 3 IP switching technology used to optimize network performance. CEF implements an advanced IP look-up and forwarding algorithm to deliver maximum Layer 3 switching performance. CEF is less CPU-intensive than fast switching route caching, allowing more CPU processing power to be dedicated to packet forwarding.
Page 765: Configuring The Number Of Equal-Cost Routing Paths
Verify the setting in the Maximum path field. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no maximum-paths router configuration command to restore the default value. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-29 OL-8915-03...
Page 766: Configuring Static Unicast Routes
When the software can no longer find a valid next hop for the address specified as the forwarding router's address in a static route, the static route is also removed from the IP routing table. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-30...
Page 767: Specifying Default Routes And Networks
When default information is passed through a dynamic routing protocol, no further configuration is required. The system periodically scans its routing table to choose the optimal default network as its default route. Cisco routers use administrative distance and metric information to set the default route or the gateway of last resort.
Page 768 Each can be an integer from 0 to 4294967295. Step 7 match interface type number [...type number] Match the specified next hop route out one of the specified interfaces. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-32 OL-8915-03...
Page 769 RIP can automatically redistribute static routes. It assigns static routes a metric of 1 (directly • connected). Any protocol can redistribute other routing protocols if a default mode is in effect. • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-33 OL-8915-03...
Page 770: Filtering Routing Information
You can also use a distribute-list router configuration command to avoid processing certain routes listed in incoming updates. Beginning in privileged EXEC mode, follow these steps to control the advertising or processing of routing updates: Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-34 OL-8915-03...
Page 771: Filtering Sources Of Routing Information
Step 5 show ip protocols Display the default administrative distance for a specified routing process. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-35 OL-8915-03...
Page 772: Managing Authentication Keys
Display authentication key information. Step 9 copy running-config startup-config (Optional) Save your entries in the configuration file. To remove the key chain, use the no key chain name-of-chain global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-36 OL-8915-03...
Page 773: Monitoring And Maintaining The Ip Network
Display supernets. show ip cache Display the routing table used to switch IP traffic. show route-map [map-name] Display all route maps configured or only the one specified. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-37 OL-8915-03...
Page 774 Chapter 34 Configuring IP Unicast Routing Monitoring and Maintaining the IP Network Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-38 OL-8915-03...
Page 775: Chapter 35 Configuring Ipv6 Host Functions
35-12. For more information about SDM templates, see Chapter 6, “Configuring SDM Templates.” For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Note documentation referenced in the procedures This chapter consists of these sections: “Understanding IPv6”...
Page 776: Ipv6 Addresses
Routing optimized for mobile devices Duplicate Address Detection (DAD) feature • For information about how Cisco Systems implements IPv6, go to this URL: http://www.cisco.com//warp/public/732/Tech/ipv6/ This section describes IPv6 implementation on the switch. These sections are included: IPv6 Addresses, page 35-2 •...
Page 777: Supported Ipv6 Unicast Host Features
IPv6 routers do not forward packets with link-local source or destination addresses to other links. See the section on IPv6 Unicast Addresses in the “Implementing Addressing and Basic Connectivity for IPv6” chapter in the Cisco IOS IPv6 Configuration Library at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00807fcf4b. html Each IPv6 host interface can support up to three addresses in hardware (one aggregatable global unicast address, one link-local unicast address, and zero or more privacy addresses).
Page 778: Dns For Ipv6
Stateful autoconfiguration using Dynamic Host Configuration Protocol (DHCP) IPv6. • The switch supports stateless autoconfiguration to manage link, subnet, and site addressing changes, such as management of host and mobile IP addresses. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 35-4 OL-8915-03...
Page 779 Router advertisements contain zero or more prefix information options that contain information that the stateless address autoconfiguration uses to generate site-local and global addresses. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 35-5 OL-8915-03...
Page 780 Building configuration... Current configuration : 104 bytes interface FastEthernet1/0/16 no switchport no ip address ipv6 address autoconfig Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 35-6 OL-8915-03...
Page 781 FF02::1:FF2E:9047 switch2# show running-config internet gigabitethernet1/0/16 Building configuration... Current configuration : 137 bytes interface GigabitEthernet1/0/16 no switchport no ip address no keepalive ipv6 address 1016:1::1/64 ipv6 address 1016:2::1/72 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 35-7 OL-8915-03...
Page 782 ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 35-8 OL-8915-03...
Page 783: Ipv6 Applications
Cisco Discovery Protocol (CDP) support for IPv6 addresses • For more information about managing these applications with Cisco IOS, see the “Managing Cisco IOS Applications over IPv6” section in the Cisco IOS IPv6 Configuration Library at this URL: Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide...
Page 784: Dual Ipv4 And Ipv6 Protocol Stacks
New and upgraded applications can use both IPv4 and IPv6 protocol stacks. The Cisco IOS software supports the dual IPv4 and IPv6 protocol stack technique. When both IPv4 and IPv6 routing are enabled and an interface is configured with both an IPv4 and IPv6 address, the interface forwards both IPv4 and IPv6 traffic.
Page 785 Syslog configures the connection to the logging host by using a Cisco IOS socket interface and starts a socket connection on the UDP or TCP transport by using Cisco IOS sockets. Syslog supports common address data types that support both IPv4 and IPv6 transports. The syslog supports socket structures and APIs based on the user’s CLI configurations.
Page 786: Http(S) Over Ipv6
Understanding IPv6 HTTP(S) Over IPv6 The HTTP client in Cisco IOS supports sending requests to both IPv4 and IPv6 HTTP servers. The HTTP server in Cisco IOS can service HTTP requests from both IPv4 and IPv6 HTTP clients. URLs with literal IPv6 addresses must be formatted by using the rules listed in RFC 2732.
Page 787: Configuring Ipv6
| vlan} global configuration command and reload the switch to configure a dual template. Default IPv6 Configuration Table 35-2 shows the default IPv6 configuration. Table 35-2 Default IPv6 Configuration Feature Default Setting SDM template Default IPv6 addresses None configured Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 35-13 OL-8915-03...
Page 788: Configuring Ipv6 Addressing And Enabling Ipv6 Host
Before configuring IPv6 on the switch, be sure to select a dual IPv4 and IPv6 SDM template. For more information about configuring IPv6 routing, see the “Implementing Addressing and Basic Connectivity for IPv6” chapter in the Cisco IOS IPv6 Configuration Library at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00807fcf4b.
Page 789: Configuring Ipv6 Icmp Rate Limiting
ICMP rate limiting is enabled by default with a default interval between error messages of 100 milliseconds and a bucket size (maximum number of tokens to be stored in a bucket) of 10. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 35-15...
Page 790: Configuring Static Routes For Ipv6
Fully specified static routes—Both the output interface and the next hop are specified. The next hop • is assumed to be directly attached to the specified output interface. A fully specified route is valid when the specified IPv6 interface is IPv6-enabled and up. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 35-16 OL-8915-03...
Page 791 To configure a floating static route, use an administrative distance greater than that of the dynamic routing protocol. Step 3 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 35-17 OL-8915-03...
Page 792: Displaying Ipv6
This example shows how to configure a floating static route to an interface with an administrative distance of 130: Switch(config)# ipv6 route 2001:0DB8::/32 gigabitethernet0/1 130 For more information about configuring static IPv6 routing, see the “Implementing Static Routes for IPv6” chapter in the Cisco IOS IPv6 Configuration Library at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00807fcf4b. html Displaying IPv6 Table 35-3 shows the privileged EXEC commands for monitoring IPv6 on the switch.
Page 793 0 fragmented into 0 fragments, 0 failed 0 encapsulation failed, 0 no route, 0 too big 0 RPF drops, 0 RPF suppressed drops Mcast: 1 received, 36861 sent Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 35-19 OL-8915-03...
Page 794 Rcvd: 0 input, 0 checksum errors, 0 length errors 0 no port, 0 dropped Sent: 26749 output TCP statistics: Rcvd: 0 input, 0 checksum errors Sent: 0 output, 0 retransmitted Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 35-20 OL-8915-03...
Page 795: Chapter 36 Configuring Ipv6 Mld Snooping
For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release or the Cisco IOS documentation referenced in the procedures. This chapter includes these sections: “Understanding MLD Snooping” section on page 36-1 •...
Page 796: Mld Messages
Message timers and state transitions resulting from messages being sent or received are the same as those of IGMPv2 messages. MLD messages that do not have valid link-local IPv6 source addresses are ignored by MLD routers and switches. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 36-2 OL-8915-03...
Page 797: Mld Queries
5 minutes. IPv6 multicast router discovery only takes place when MLD snooping is enabled on the switch. • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 36-3 OL-8915-03...
Page 798: Mld Reports
If the deleted port is the last member of the multicast address, the multicast address is also deleted, and the switch sends the address leave information to all detected multicast routers. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 36-4 OL-8915-03...
Page 799: Topology Change Notification Processing
Last listener query count Global: 2; Per VLAN: 0. The VLAN value overrides the global setting. When the Note VLAN value is 0, the VLAN uses the global count. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 36-5 OL-8915-03...
Page 800: Mld Snooping Configuration Guidelines
You can enable and disable MLD snooping on a per-VLAN basis or for a range of VLANs, but if you globally disable MLD snooping, it is disabled in all VLANs. If global snooping is enabled, you can enable or disable VLAN snooping. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 36-6 OL-8915-03...
Page 801 (Optional) Save your entries in the configuration file. To disable MLD snooping on a VLAN interface, use the no ipv6 mld snooping vlan vlan-id global configuration command for the specified VLAN number. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 36-7 OL-8915-03...
Page 802: Configuring A Static Multicast Group
(add a static connection to a multicast router), use the ipv6 mld snooping vlan mrouter global configuration command on the switch. Static connections to multicast routers are supported only on switch ports. Note Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 36-8 OL-8915-03...
Page 803: Enabling Mld Immediate Leave
This example shows how to enable MLD Immediate Leave on VLAN 130: Switch# configure terminal Switch(config)# ipv6 mld snooping vlan 130 immediate-leave Switch(config)# exit Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 36-9 OL-8915-03...
Page 804: Configuring Mld Snooping Queries
(Optional) Verify that the MLD snooping querier information for the vlan-id] switch or for the VLAN. Step 12 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 36-10 OL-8915-03...
Page 805: Disabling Mld Listener Message Suppression
VLAN interfaces. You can also display MAC address multicast entries for a VLAN configured for MLD snooping. To display MLD snooping information, use one or more of the privileged EXEC commands in Table 36-2. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 36-11 OL-8915-03...
Page 806 • information for the switch or for a VLAN. show ipv6 mld snooping multicast-address vlan Display MLD snooping for the specified VLAN and IPv6 multicast vlan-id [ipv6-multicast-address] address. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 36-12 OL-8915-03...
Page 807: Chapter 37 Configuring Ipv6 Acls
For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release or the Cisco IOS documentation referenced in the procedures. This chapter contains these sections: Understanding IPv6 ACLs, page 37-1 •...
Page 808: Supported Acl Features
With IPv4, you can configure standard and extended numbered IP ACLs, named IP ACLs, and MAC ACLs. IPv6 supports only named ACLs. The switch supports most Cisco IOS-supported IPv6 ACLs with some exceptions: IPv6 source and destination addresses—ACL matching is supported only on prefixes from /0 to /64 •...
Page 809: Configuring Ipv6 Acls
You cannot use MAC ACLs to filter IPv6 frames. MAC ACLs can only filter non-IP frames. • If the TCAM is full, for any additional configured ACLs, packets are forwarded to the CPU, and the • ACLs are applied in software. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 37-3 OL-8915-03...
Page 810: Creating Ipv6 Acls
(Optional) Enter sequence value to specify the sequence number for the • access list statement. The acceptable range is from 1 to 4294967295. (Optional) Enter time-range name to specify a time range for the statement. • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 37-4 OL-8915-03...
Page 811 Return to privileged EXEC mode. Step 5 show ipv6 access-list Verify the access list configuration. Step 6 copy running-config (Optional) Save your entries in the configuration file. startup-config Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 37-5 OL-8915-03...
Page 812: Applying An Ipv6 Acl To An Interface
This example configures the IPv6 access list named CISCO. The first deny entry in the list denies all packets that have a destination TCP port number greater than 5000. The second deny entry denies packets that have a source UDP port number less than 5000.
Page 813: Displaying Ipv6 Acls
Chapter 37 Configuring IPv6 ACLs Displaying IPv6 ACLs This example shows how to apply the access list Cisco to inbound traffic on a Layer 3 interface: Switch(config)# interface gigabitethernet 0/3 Switch(config-if)# no switchport Switch(config-if)# ipv6 address 2001::/64 eui-64 Switch(config-if)# ipv6 traffic-filter CISCO in...
Page 814 Chapter 37 Configuring IPv6 ACLs Displaying IPv6 ACLs Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 37-8 OL-8915-03...
Page 815: Chapter 38 Configuring Hsrp And Enhanced Object Tracking
For complete syntax and usage information for the commands used in this chapter, see the switch Note command reference for this release and the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software >...
Page 816 Host C’s segment that need to communicate with users on Host B’s segment and also continues to perform its normal function of handling packets between the Host A segment and Host B. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-2 OL-8915-03...
Page 817: Multiple Hsrp
For MHSRP, you need to enter the standby preempt interface configuration command on the HSRP interfaces so that if a router fails and then comes back up, preemption occurs and restores load sharing Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-3...
Page 818: Configuring Hsrp
Configuring HSRP Priority, page 38-6 • • Configuring MHSRP, page 38-9 • Configuring HSRP Authentication and Timers, page 38-9 Enabling HSRP Support for ICMP Redirect Messages, page 38-11 • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-4 OL-8915-03...
Page 819: Default Hsrp Configuration
Hot Standby state is active, proxy ARP requests are answered using the Hot Standby group MAC address. If the interface is in a different state, proxy ARP responses are suppressed. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-5...
Page 820: Configuring Hsrp Priority
The standby priority, standby preempt, and standby track interface configuration commands are all used to set characteristics for finding active and standby routers and behavior regarding when a new active router takes over. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-6 OL-8915-03...
Page 821 The range is 0 to 3600(1 hour); the default is 0 (no delay before taking over). Use the no form of the command to restore the default values. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-7 OL-8915-03...
Page 822 300 seconds (5 minutes) before attempting to become the active router: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# no switchport Switch(config-if)# standby ip 172.20.128.3 Switch(config-if)# standby priority 120 preempt delay 300 Switch(config-if)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-8 OL-8915-03...
Page 823: Configuring Mhsrp
All routers in a Hot Standby group should use the same timer values. Normally, the holdtime is • greater than or equal to 3 times the hellotime. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-9 OL-8915-03...
Page 824 15 seconds: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# no switchport Switch(config-if)# standby 1 ip Switch(config-if)# standby 1 timers 5 15 Switch(config-if)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-10 OL-8915-03...
Page 825: Enabling Hsrp Support For Icmp Redirect Messages
ICMP redirect messages are automatically enabled on interfaces configured with HSRP. This feature filters outgoing ICMP redirect messages through HSRP, in which the next hop IP address might be changed to an HSRP virtual IP address. For more information, see the Cisco IOS IP Configuration Guide, Release 12.2.
Page 826: Configuring Enhanced Object Tracking
Tracking Interface Line-Protocol or IP Routing State, page 38-13 • • Configuring a Tracked List, page 38-13 • Configuring HSRP Object Tracking, page 38-17 Configuring Other Tracking Characteristics, page 38-18 • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-12 OL-8915-03...
Page 827: Tracking Interface Line-Protocol Or Ip Routing State
You can configure a tracked list of objects with a Boolean expression, a weight threshold, or a percentage threshold. A tracked list contains one or more objects. An object must exist before it can be added to the tracked list. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-13 OL-8915-03...
Page 828 If the list is up, the list detects that object 2 is down: Switch(config)# track 4 list boolean and Switch(config-track)# object 1 Switch(config-track)# object 2 not Switch(config-track)# exit Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-14 OL-8915-03...
Page 829 10, which in this example means that all connections are down. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-15...
Page 830 This example configures tracked list 4 with three objects and a specified percentages to measure the state of the list: Switch(config)# track 4 list threshold percentage Switch(config-track)# object 1 Switch(config-track)# object 2 Switch(config-track)# object 3 Switch(config-track)# threshold percentage up 51 down 10 Switch(config-track)# exit Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-16 OL-8915-03...
Page 831: Configuring Hsrp Object Tracking
(Optional) secondary—The IP address is a secondary hot standby router • interface. If this keyword is omitted, the configured address is the primary IP address. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-17 OL-8915-03...
Page 832: Configuring Other Tracking Characteristics
Commands for Displaying Tracking Information Command Purpose show track [object-number] Display information about the all tracking lists or the specified list. show track brief Display a single line of tracking information output. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-18 OL-8915-03...
Page 833 [object-number] [brief] route Display information about tracked IP-route objects. show track resolution Display the resolution of tracked parameters. show track timers Display tracked polling interval timers. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-19 OL-8915-03...
Page 834 Chapter 38 Configuring HSRP and Enhanced Object Tracking Configuring Enhanced Object Tracking Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-20 OL-8915-03...
Page 835: Chapter 39 Configuring Cisco Ios Ip Slas Operations
This chapter describes how to use Cisco IOS IP Service Level Agreements (SLAs) on the switch. Cisco IP SLAs is a part of Cisco IOS software that allows Cisco customers to analyze IP service levels for IP applications and services by using active traffic monitoring—the generation of traffic in a continuous, reliable, and predictable manner—for measuring network performance.
Page 836 Depending on the specific Cisco IOS IP SLAs operation, various network performance statistics are monitored within the Cisco device and stored in both command-line interface (CLI) and Simple Network Management Protocol (SNMP) MIBs. IP SLAs packets have configurable IP and application layer...
Page 837: Using Cisco Ios Ip Slas To Measure Network Performance
Schedule the operation to run, then let the operation run for a period of time to gather statistics. Display and interpret the results of the operation using the Cisco IOS CLI or a network management system (NMS) system with SNMP.
Page 838: Ip Slas Responder And Ip Slas Control Protocol
Understanding Cisco IOS IP SLAs IP SLAs Responder and IP SLAs Control Protocol The IP SLAs responder is a component embedded in the destination Cisco device that allows the system to anticipate and respond to IP SLAs request packets. The responder provides accurate measurements without the need for dedicated probes.
Page 839: Configuring Ip Slas Operations
This section does not include configuration information for all available operations as the configuration information details are included in the Cisco IOS IP SLAs Configuration Guide. It includes only the procedure for configuring the responder, because the switch includes only responder support. For details about configuring other operations, see he Cisco IOS IP SLAs Configuration Guide at this URL: http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_book09186a0080707055...
Page 840: Configuring The Ip Slas Responder
Monitoring IP SLAs Operations Configuring the IP SLAs Responder The IP SLAs responder is available only on Cisco IOS software-based devices, including some switches that do not support full IP SLAs functionality. Beginning in privileged EXEC mode, follow these steps...
Page 841: Chapter 40 Troubleshooting
C H A P T E R Troubleshooting This chapter describes how to identify and resolve software problems related to the Cisco IOS software on the switch. Depending on the nature of the problem, you can use the command-line interface (CLI) or the device manager to identify and solve problems.
Page 842: Recovering From A Software Failure
From your PC, download the software image tar file (image_filename.tar) from Cisco.com. The Cisco IOS image is stored as a bin file in a directory in the tar file. For information about locating the software image files on Cisco.com, see the release notes.
Page 843: Recovering From A Lost Or Forgotten Password
Follow the steps in this procedure if you have forgotten or lost the switch password. Connect a terminal or PC with terminal-emulation software to the switch console port. Step 1 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-3 OL-8915-03...
Page 844: Procedure With Password Recovery Enabled
If you had set the console port speed to anything other than 9600, it has been reset to that particular Step 2 speed. Change the emulation software line speed to match that of the switch console port. Load any helper files: Step 3 switch: load_helper Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-4 OL-8915-03...
Page 845 Switch (config)# exit Switch# Write the running configuration to the startup configuration file: Step 13 Switch# copy running-config startup-config The new password is now in the startup configuration. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-5 OL-8915-03...
Page 846: Procedure With Password Recovery Disabled
Display the contents of flash memory: switch: dir flash: The switch file system appears: Directory of flash: drwx Mar 01 1993 22:30:48 cbs30x0-lanbase-mz.122-25.SEE 16128000 bytes total (10003456 bytes free) Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-6 OL-8915-03...
Page 847: Preventing Autonegotiation Mismatches
A manually set speed or duplex parameter is different from the manually set speed or duplex • parameter on the connected port. A port is set to autonegotiate, and the connected port is set to full duplex with no autonegotiation. • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-7 OL-8915-03...
Page 848: Sfp Module Security And Identification
If you are using a non-Cisco SFP module, remove the SFP module from the switch, and replace it with a Cisco module. After inserting a Cisco SFP module, use the errdisable recovery cause gbic-invalid global configuration command to verify the port status, and enter a time interval for recovering from the error-disabled state.
Page 849: Monitoring Temperature
Beginning in privileged EXEC mode, use this command to ping another device on the network from the switch: Command Purpose ping ip host | address Ping a remote host through IP or by supplying the hostname or network address. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-9 OL-8915-03...
Page 850: Using Layer 2 Traceroute
The switch can only identify the path from the source device to the destination device. It cannot identify the path that a packet takes from source host to the source device or from the destination device to the destination host. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-10 OL-8915-03...
Page 851: Usage Guidelines
Using Layer 2 Traceroute Usage Guidelines These are the Layer 2 traceroute usage guidelines: Cisco Discovery Protocol (CDP) must be enabled on all the devices in the network. For Layer 2 • traceroute to function properly, do not disable CDP.
Page 852: Displaying The Physical Path
Because all errors except port-unreachable errors come from intermediate hops, the receipt of a port-unreachable error means that this message was sent by the destination port. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-12 OL-8915-03...
Page 853: Executing Ip Traceroute
To end a trace in progress, enter the escape sequence (Ctrl-^ X by default). Simultaneously press and release the Ctrl, Shift, and 6 keys and then press the X key. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-13...
Page 854: Using Tdr
These sections explains how you use debug commands to diagnose and resolve internetworking problems: Enabling Debugging on a Specific Feature, page 40-15 • Enabling All-System Diagnostics, page 40-15 • • Redirecting Debug and Error Message Output, page 40-16 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-14 OL-8915-03...
Page 855: Enabling Debugging On A Specific Feature
For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. It is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.
Page 856: Redirecting Debug And Error Message Output
Global Port Number:24, Asic Number:5 Src Real Vlan Id:5, Mapped Vlan Id:5 Ingress: Lookup Key-Used Index-Hit A-Data InptACL 40_0D020202_0D010101-00_40000014_000A0000 01FFA 03000000 L2Local 80_00050002_00020002-00_00000000_00000000 00C71 0000002B Station Descriptor:02340000, DestIndex:0239, RewriteIndex:F005 ========================================== Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-16 OL-8915-03...
Page 857 Switch# show platform forward gigabitethernet0/1 vlan 5 1.1.1 03.e319.ee44 ip 13.1.1.1 13.2.2.2 udp 10 20 Global Port Number:24, Asic Number:5 Src Real Vlan Id:5, Mapped Vlan Id:5 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-17 OL-8915-03...
Page 858: Using The Crashinfo Files
Extended crashinfo file—The switch automatically creates this file when the system is failing. Basic crashinfo Files The information in the basic file includes the Cisco IOS image name and version that failed, a list of the processor registers, and a stack trace. You can provide this information to the Cisco technical support representative by using the show tech-support privileged EXEC command.
Page 859: Extended Crashinfo Files
EXEC command. Extended crashinfo Files In Cisco IOS Release 12.2(25)SEC or later, the switch creates the extended crashinfo file when the system is failing. The information in the extended file includes additional information that can help determine the cause of the switch failure. You provide this information to the Cisco technical support representative by manually accessing the file and using the more or the copy privileged EXEC command.
Page 860 Chapter 40 Troubleshooting Using the crashinfo Files Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-20 OL-8915-03...
Page 861: Chapter 41 Configuring Online Diagnostics
On-demand diagnostics run from the CLI; scheduled diagnostics run at user-designated intervals or at specified times when the switch is connected to a live network; and health-monitoring runs in the background. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 41-1 OL-8915-03...
Page 862: Scheduling Online Diagnostics
Switch(config)# diagnostic monitor interval test 1 00:02:00 0 1 This example shows how to set the failure threshold for test monitoring on a switch: Switch(config)# diagnostic monitor threshold test 1 failure count 50 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 41-2 OL-8915-03...
Page 863: Running Online Diagnostic Tests
Table 41-1 show diagnostic Commands Command Purpose show diagnostic content Display the online diagnostics configured for a switch. show diagnostic status Display whether a switch is running a test. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 41-3 OL-8915-03...
Page 864 This example shows how to display the online diagnostic test schedule for a switch: Switch# show diagnostic schedule Current Time = 14:39:49 PST Tue Jul 5 2005 Schedule #1: To be run daily 12:00 Test ID(s) to be executed: 1. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 41-4 OL-8915-03...
Page 865: Appendix
CISCO-CDP-MIB • CISCO-CLUSTER-MIB • CISCO-CONFIG-COPY-MIB CISCO-CONFIG-MAN-MIB • CISCO-ENTITY-VENDORTYPE-OID-MIB • CISCO-ENVMON-MIB • CISCO-ERR-DISABLE-MIB • CISCO-FLASH-MIB (Flash memory on all switches is modeled as removable flash memory.) • CISCO-FTP-CLIENT-MIB • • CISCO-HSRP-MIB • CISCO-HSRP-EXT-MIB (partial support) CISCO-IGMP-FILTER-MIB • CISCO-IMAGE-MIB • CISCO IP-STAT-MIB •...
Page 866: Appendix A Supported Mib
CISCO-LAG-MIB • CISCO-MAC-NOTIFICATION-MIB • CISCO-MEMORY-POOL-MIB • CISCO-PAE-MIB • • CISCO-PAGP-MIB • CISCO-PING-MIB CISCO-PORT-QOS-MIB (the cportQosStats Table returns the values from the octets and packet • counters, depending on switch configuration) CISCO-PRODUCTS-MIB • CISCO-PROCESS-MIB • CISCO-RTTMON-MIB • CISCO-SMI-MIB • CISCO-STP-EXTENSIONS-MIB •...
Page 867: Using Ftp To Access The Mib Files
• • TCP-MIB • UDP-MIB You can access other information about MIBs and Cisco products on the Cisco web site: Note http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml Using FTP to Access the MIB Files You can get each MIB file by using this procedure: Step 1 Make sure that your FTP client is in passive mode.
Page 868: Using Ftp To Access The Mib Files
Appendix A Supported MIBs Using FTP to Access the MIB Files Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 869: Appendix
For complete syntax and usage information for the commands used in this chapter, see the switch command reference for this release and the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References.
Page 870: Displaying Available File Systems
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Displaying Available File Systems To display the available file systems on your switch, use the show file systems privileged EXEC command as shown in this example.
Page 871: A P P E N D I X B Working With The Cisco Ios File System, Configuration Files, And Software Images
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Setting the Default File System You can specify the file system or directory that the system uses as the default file system by using the cd filesystem: privileged EXEC command.
Page 872: Creating And Removing Directories
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Creating and Removing Directories Beginning in privileged EXEC mode, follow these steps to create and remove a directory: Command Purpose...
Page 873: Deleting Files
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Local writable file systems include flash:. Some invalid combinations of source and destination exist. Specifically, you cannot copy these combinations: From a running configuration to a running configuration •...
Page 874: Creating A Tar File
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Creating a tar File To create a tar file and write files into it, use this privileged EXEC command: archive tar /create destination-url flash:/file-url For destination-url, specify the destination URL alias for the local or network file system and the name of the tar file to create.
Page 875 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System This example shows how to display the contents of a switch tar file that is in flash memory: Switch# archive tar /table flash:cbs30x0-ipbase-tar.122-44.SE.tar info (219 bytes) cbs30x0-ipbase-tar.122-44.SE/ (directory)
Page 876: Extracting A Tar File
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Extracting a tar File To extract a tar file into a directory on the flash file system, use this privileged EXEC command: archive tar /xtract source-url flash:/file-url [dir/file...]...
Page 877: Working With Configuration Files
This section describes how to create, load, and maintain configuration files. Configuration files contain commands entered to customize the function of the Cisco IOS software. A way to create a basic configuration file is to use the setup program or to enter the setup privileged EXEC command.
Page 878 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Guidelines for Creating and Using Configuration Files Creating configuration files can aid in your switch configuration. Configuration files can contain some or all of the commands needed to configure one or more switches. For example, you might want to download the same configuration file to several switches that have the same hardware configuration.
Page 879: Preparing To Download Or Upload A Configuration File By Using Tftp
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Open the configuration file in a text editor, such as vi or emacs on UNIX or Notepad on a PC. Step 2 Extract the portion of the configuration file with the desired commands, and save it in a new file.
Page 880: Downloading The Configuration File By Using Tftp
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Downloading the Configuration File By Using TFTP To configure the switch by using a configuration file downloaded from a TFTP server, follow these steps: Copy the configuration file to the appropriate TFTP directory on the workstation.
Page 881: Copying Configuration Files By Using Ftp
The FTP protocol requires a client to send a remote username and password on each FTP request to a server. When you copy a configuration file from the switch to a server by using FTP, the Cisco IOS software sends the first valid username in this list: The username specified in the copy command if a username is specified.
Page 882 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files NVRAM. If you are accessing the switch through a Telnet session and you have a valid username, this username is used, and you do not need to set the FTP username. Include the username in the copy command if you want to specify a username for only that copy operation.
Page 883 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files This example shows how to specify a remote username of netadmin1. The software copies the configuration file host2-confg from the netadmin1 directory on the remote server with an IP address of 172.16.101.101 to the switch startup configuration.
Page 884: Copying Configuration Files By Using Rcp
The RCP requires a client to send a remote username with each RCP request to a server. When you copy a configuration file from the switch to a server, the Cisco IOS software sends the first valid username in this list: The username specified in the copy command if a username is specified.
Page 885 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Preparing to Download or Upload a Configuration File By Using RCP Before you begin downloading or uploading a configuration file by using RCP, do these tasks: •...
Page 886 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Command Purpose Step 5 Return to privileged EXEC mode. Step 6 copy Using RCP, copy the configuration file from a network rcp:[[[//[username@]location]/directory]/filename]...
Page 887: Clearing Configuration Information
Depending on the setting of the file prompt global configuration command, you might be prompted for confirmation before you delete a file. By default, the switch prompts for confirmation on destructive file operations. For more information about the file prompt command, see the Cisco IOS Command Reference for Release 12.2.
Page 888: Replacing And Rolling Back Configurations
Replacing and Rolling Back Configurations The configuration replacement and rollback feature replaces the running configuration with any saved Cisco IOS configuration file. You can use the rollback function to roll back to a previous configuration. These sections contain this information: •...
Page 889: Configuration Guidelines
When using the configure replace command, you must specify a saved configuration as the replacement configuration file for the running configuration. The replacement file must be a complete configuration generated by a Cisco IOS device (for example, a configuration generated by the copy running-config destination-url command).
Page 890: Configuring The Configuration Archive
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files If you generate the replacement configuration file externally, it must comply with the format of files Note generated by Cisco IOS devices.
Page 891: Working With Software Images
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Command Purpose Step 4 exit Return to privileged EXEC mode. Step 5 configure replace target-url [list] Replace the running configuration file with a saved configuration file.
Page 892: Image Location On The Switch
Image Location on the Switch The Cisco IOS image is stored as a .bin file in a directory that shows the version number. A subdirectory contains the files needed for web management. The image is stored on the system board flash memory (flash:).
Page 893: Copying Image Files By Using Tftp
Cisco IOS image total_image_file_size Specifies the size of all the images (the Cisco IOS image and the web management files) in the tar file, which is an approximate measure of how much flash memory is required to hold them...
Page 894: Preparing To Download Or Upload An Image File By Using Tftp
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Preparing to Download or Upload an Image File By Using TFTP Before you begin downloading or uploading an image file by using TFTP, do these tasks: •...
Page 895 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Command Purpose Step 3 archive download-sw /overwrite /reload Download the image file from the TFTP server to the switch, and tftp:[[//location]/directory]/image-name.tar overwrite the current image.
Page 896: Uploading An Image File By Using Tftp
The archive upload-sw privileged EXEC command builds an image file on the server by uploading these files in order: info, the Cisco IOS image, and the web management files. After these files are uploaded, the upload algorithm creates the tar file format.
Page 897: Preparing To Download Or Upload An Image File By Using Ftp
The FTP protocol requires a client to send a remote username and password on each FTP request to a server. When you copy an image file from the switch to a server by using FTP, the Cisco IOS software sends the first valid username in this list: The username specified in the archive download-sw or archive upload-sw privileged EXEC •...
Page 898 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images When you upload an image file to the FTP server, it must be properly configured to accept the write • request from the user on the switch.
Page 899 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Command Purpose Step 8 archive download-sw /leave-old-sw /reload Download the image file from the FTP server to the switch, ftp:[[//username[:password]@location]/directory] and keep the current image.
Page 900 The archive upload-sw command builds an image file on the server by uploading these files in order: info, the Cisco IOS image, and the web management files. After these files are uploaded, the upload algorithm creates the tar file format.
Page 901: Copying Image Files By Using Rcp
RCP requires a client to send a remote username on each RCP request to a server. When you copy an image from the switch to a server by using RCP, the Cisco IOS software sends the first valid username in this list: The username specified in the archive download-sw or archive upload-sw privileged EXEC •...
Page 902 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Before you begin downloading or uploading an image file by using RCP, do these tasks: Ensure that the workstation acting as the RCP server supports the remote shell (rsh).
Page 903 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Command Purpose Step 6 archive download-sw /overwrite /reload Download the image file from the RCP server to the switch, rcp:[[[//[username@]location]/directory]/image-na and overwrite the current image.
Page 904 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images The algorithm installs the downloaded image onto the system board flash device (flash:). The image is placed into a new directory named with the software version string, and the BOOT environment variable is updated to point to the newly installed image.
Page 905 The archive upload-sw privileged EXEC command builds an image file on the server by uploading these files in order: info, the Cisco IOS image, and the web management files. After these files are uploaded, the upload algorithm creates the tar file format.
Page 906 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide B-38 OL-8915-03...
Page 907: Appendix
[prefix-mask] [type number] Unsupported Global Configuration Commands access-list rate-limit acl-index {precedence | mask prec-mask} access-list dynamic extended Unsupported Route-Map Configuration Command match ip address prefix-list prefix-list-name [prefix-list-name...] Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 908: A P P E N D I X C Unsupported Commands In Cisco Ios Release 12.2(44)Se
Unsupported Interface Configuration Commands arp probe ip probe proxy Bootloader Commands Unsupported user EXEC Command verify Unsupported Global Configuration Command boot buffersize Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 909: Debug Commands
Group-Async interface Lex interface Multilink interface Virtual-Template interface Virtual-Tokenring Unsupported Interface Configuration Commands standby mac-refresh seconds standby use-bia IGMP Snooping Commands Unsupported Global Configuration Command ip igmp snooping tcn Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 910: Interface Commands
[per-prefix] [non-recursive] ip cef traffic-statistics [load-interval seconds] [update-rate seconds]] ip flow-aggregation ip flow-cache ip flow-export ip gratuitous-arps ip local Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 911: Unsupported Interface Configuration Commands
[ip-address..] set ip destination ip-address mask set ip next-hop verify-availability set ip precedence value set ip qos-group set metric-type internal set origin set metric-type internal set tag tag-value Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 912: Mac Address Commands
VLAN. Unsupported Global Configuration Commands mac-address-table aging-time mac-address-table notification mac-address-table static Miscellaneous Unsupported Privileged EXEC Commands file verify auto show cable-diagnostics prbs test cable-diagnostics prbs Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 913: Unsupported Global Configuration Commands
Unsupported Global Configuration Command priority-list Unsupported Interface Configuration Commands priority-group rate-limit Unsupported Policy-Map Configuration Command class class-default where class-default is the class-map-name. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 914: Radius
Spanning Tree Unsupported Global Configuration Command spanning-tree pathcost method {long | short} Unsupported Interface Configuration Command spanning-tree stack-port VLAN Unsupported Global Configuration Command vlan internal allocation policy {ascending | descending} Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 915: Unsupported User Exec Commands
Unsupported Privileged EXEC Command vtp {password password | pruning | version number} This command has been replaced by the vtp global configuration command. Note Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 916 Appendix C Unsupported Commands in Cisco IOS Release 12.2(44)SE Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide C-10 OL-8915-03...
Page 917: I N D E X
7-11, 7-17 fragments and QoS guidelines 32-33 ACEs implicit deny 31-9, 31-13, 31-15 and QoS 32-7 implicit masks 31-9 defined 31-2 matching criteria 31-7 Ethernet 31-2 undefined 31-20 31-2 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-1 OL-8915-03...
Page 918 ACLs and VLAN map configuration defined 34-35 guidelines 31-36 routing protocol defaults 34-30 standard IP, configuring for QoS classification 32-43 standard IPv4 creating 31-9 matching criteria 31-7 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-2 OL-8915-03...
Page 919 9-15 asymmetrical links, and IEEE 802.1Q tunneling mismatches 15-4 40-7 attributes, RADIUS autosensing, port speed vendor-proprietary auxiliary VLAN 7-31 vendor-specific See voice VLAN 7-29 audience xxxv availability, features Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-3 OL-8915-03...
Page 920 38-14 booting boot loader, function of cables, monitoring for unidirectional links 26-1 boot process CA trustpoint manually 3-19 configuring 7-44 specific image 3-19 defined 7-42 caution, described xxxvi Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-4 OL-8915-03...
Page 921 See DHCP, Cisco IOS DHCP server See system clock Cisco IOS File System clusters, switch See IFS benefits Cisco IOS IP SLAs 39-1 CiscoWorks 2000 1-3, 30-4 CIST regional root See MSTP Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-5 OL-8915-03...
Page 922 29-10 configuration logging configuration replacement B-20 configuration rollback B-20 configuration settings, saving 3-15 configure terminal command configuring small-frame arrival rate 23-5 config-vlan mode 2-2, 11-7 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-6 OL-8915-03...
Page 923 40-15 private VLANs 14-6 enabling for a specific feature 40-15 RADIUS 7-20 redirecting error message output 40-16 34-18 using commands 40-14 RMON 28-3 default commands Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-7 OL-8915-03...
Page 924 20-5 benefits configuration guidelines 20-8 described 1-2, 1-3 default configuration 20-8 in-band management displaying 20-15 requirements xxxvi forwarding address, specifying 20-10 upgrading a switch B-23 helper address 20-10 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-8 OL-8915-03...
Page 925 20-8 domain names deleting 5-15 binding file 20-14 12-8 bindings 20-14 Domain Name System database agent 20-14 See DNS described 20-6 dot1q-tunnel switchport mode 11-18 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-9 OL-8915-03...
Page 926 21-13 defined displaying 21-15 setting the type 9-13 logging of dropped packets, described 21-4 man-in-the middle attack, described 21-2 network security issues and interface trust states 21-3 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-10 OL-8915-03...
Page 927 33-17 encryption, CipherSuite 7-43 interaction with other features 33-6 encryption for passwords modes 33-5 Enhanced IGRP port priority 33-19 See EIGRP system priority 33-18 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-11 OL-8915-03...
Page 928 32-77 extended crashinfo Express Setup description 40-19 See also getting started guide location 40-19 extended crashinfo file 40-18 creating displaying the contents of extracting image file format B-24 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-12 OL-8915-03...
Page 929 Layer 3 interfaces 9-20 flowcontrol hello time configuring 9-17 MSTP 17-22 described 9-17 16-20 forward-delay time help, for the command line MSTP 17-23 16-21 Forwarding Information Base See FIB Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-13 OL-8915-03...
Page 930 38-9 compatibility with other features 15-6 tracking 38-7 defaults 15-4 HTTP(S) Over IPv6 35-12 described 15-1 HTTP over SSL tunnel ports with other features 15-6 see HTTPS Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-14 OL-8915-03...
Page 931 IGMP filtering described 22-25 configuring displaying action 22-25 22-29 default configuration 22-25 Immediate Leave, IGMP 22-6 described enabling 22-24 36-9 monitoring inaccessible authentication bypass 22-29 8-14 support for Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-15 OL-8915-03...
Page 932 Internet Control Message Protocol configuring 13-4 See ICMP ensuring port security with QoS 32-38 Internet Protocol version 6 trusted boundary for QoS 32-38 See IPv6 IP precedence 32-2 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-16 OL-8915-03...
Page 933 20-17 34-15 and routed ports 20-16 packets 34-12 and TCAM entries storms 20-17 34-12 and trunk interfaces classless routing 20-17 34-6 and VRF configuring static routes 20-17 34-30 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-17 OL-8915-03...
Page 934 6-2, 35-12, 36-1, 36-6, 37-1 See also RIP Stateless Autoconfiguration 35-4 IPv4 ACLs supported features 35-3 applying to interfaces IPv6 traffic, filtering 31-19 37-3 extended, creating 31-10 named 31-14 standard, creating 31-9 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-18 OL-8915-03...
Page 935 IP addresses to 34-5 switch as trusted third party 7-32 assigning IPv6 addresses to 35-14 terms 7-33 changing from Layer 2 mode 34-5 types of 34-3 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-19 OL-8915-03...
Page 936 LLDP Media Endpoint Discovery characteristics of 5-24 See LLDP-MED dropping 5-25 load balancing 38-3 removing 5-24 local SPAN 27-2 MAC address notification, support for 1-10 location TLV 25-2, 25-6 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-20 OL-8915-03...
Page 937 24-5 CoS-to-DSCP 32-60 34-29 DSCP 32-60 features 1-10 DSCP-to-CoS Flex Links 32-63 19-11 DSCP-to-DSCP-mutation HSRP 32-64 38-11 IP-precedence-to-DSCP IEEE 802.1Q tunneling 32-61 15-18 policed-DSCP 32-62 described 32-12 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-21 OL-8915-03...
Page 938 VLANs 11-16 default configuration 17-14 VMPS default optional feature configuration 11-32 18-9 displaying status 12-16 17-26 more 8-44 enabling the mode 17-16 EtherChannel guard described 18-7 enabling 18-14 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-22 OL-8915-03...
Page 939 22-22 Port Fast default configuration 22-20 described 18-2 described 22-17 enabling 18-10 example application 22-18 preventing root switch selection 18-8 modes 22-21 monitoring 22-24 multicast television application 22-18 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-23 OL-8915-03...
Page 940 Linux server cluster 1-15 creating an access group network design disabling NTP services per interface 5-10 performance 1-13 source IP address, configuring 5-10 services 1-13 stratum support for Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-24 OL-8915-03...
Page 941 32-48 encrypting for more than one traffic class 32-58 for security described 32-4 overview displaying 32-78 recovery of 40-3 number of 32-34 types of 32-9 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-25 OL-8915-03...
Page 942 8-36 authorized and unauthorized manual re-authentication of a client 8-30 critical 8-14 periodic re-authentication 8-29 voice VLAN 8-15 quiet period 8-30 RADIUS server 8-28 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-26 OL-8915-03...
Page 943 19-2 support for primary VLANs 14-1, 14-3 port membership modes, VLAN priority 11-3 port priority HSRP 38-7 MSTP 17-19 overriding CoS 13-6 trusting CoS 16-16 13-6 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-27 OL-8915-03...
Page 944 32-30 exiting configuration guidelines 32-25 logging into described 32-20 overview 7-2, 7-7 disabling 32-27 setting a command with displaying generated commands 32-27 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-28 OL-8915-03...
Page 945 32-60 32-68 DSCP transparency allocating buffer space 32-40 32-68 DSCP trust states bordering another buffer and bandwidth allocation, described 32-16 domain 32-40 configuring shared weights for SRR 32-68 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-29 OL-8915-03...
Page 946 32-9 vendor-specific 7-29 policies, attaching to an interface 32-8 configuring policing accounting 7-28 described 32-4, 32-8 authentication 7-23 token bucket algorithm 32-9 authorization 7-27 communication, global 7-21, 7-29 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-30 OL-8915-03...
Page 947 B-17 uploading B-18 described 39-4 image files enabling 39-6 deleting old image response time, measuring with IP SLAs B-36 39-4 downloading B-34 preparing the server B-33 uploading B-36 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-31 OL-8915-03...
Page 948 34-17 split horizon routing protocol administrative distances 34-21 34-30 summary addresses 34-21 RSPAN support for characteristics 27-8 configuration guidelines 27-15 default configuration 27-9 defined 27-2 destination ports 27-7 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-32 OL-8915-03...
Page 949 Port Fast 17-10 secure ports, configuring 23-9 point-to-point links 17-10, 17-24 secure remote connections 7-37 root ports 17-10 Secure Shell root port, defined 17-9 See SSH See also MSTP Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-33 OL-8915-03...
Page 950 30-14 See SNMP enabling 30-14 small-frame arrival rate, configuring limiting access by TFTP servers 23-5 30-15 limiting system log messages to NMS 29-10 manager functions 1-3, 30-3 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-34 OL-8915-03...
Page 951 32-14 source-and-destination-IP address based forwarding, shaped mode 32-14 EtherChannel 33-7 shared mode 32-14 source-and-destination MAC address forwarding, support for EtherChannel 33-6 source-IP address based forwarding, EtherChannel 33-7 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-35 OL-8915-03...
Page 952 MAC addressing enabling 18-11 static routes BPDU message exchange 16-3 configuring for IPv6 configuration guidelines 35-16 16-12, 18-10 static routes, configuring 34-30 static routing 34-2 static VLAN membership 11-2 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-36 OL-8915-03...
Page 953 IEEE 802.1D and multicast addresses 16-8 described 18-8 IEEE 802.1t and VLAN identifier 16-4 enabling 18-15 inferior BPDU 16-3 root port, defined 16-3 instances supported 16-9 interface state, blocking to forwarding 18-2 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-37 OL-8915-03...
Page 954 Switched Port Analyzer synchronizing log messages 29-6 See SPAN syslog facility 1-10 switched ports time stamps, enabling and disabling 29-7 switchport block multicast command 23-8 switchport block unicast command 23-8 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-38 OL-8915-03...
Page 955 See TDR tagged packets time-range command 31-16 IEEE 802.1Q 15-3 time ranges in ACLs 31-16 Layer 2 protocol 15-8 time stamps in log messages 29-7 time zones 5-12 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-39 OL-8915-03...
Page 956 31-5 11-24, 11-25 fragmented IPv6 native VLAN for untagged traffic 37-2 11-23 unfragmented parallel 31-5 11-26 traffic policing pruning-eligible list 11-23 traffic suppression to non-DTP device 23-1 11-17 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-40 OL-8915-03...
Page 957 Layer 2 protocol tunneling 15-10 reasons for link-detection mechanism 26-1 using FTP B-15 neighbor database 26-2 using RCP B-18 overview 26-1 using TFTP B-12 resetting an interface 26-6 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-41 OL-8915-03...
Page 958 VLAN ID, discovering 5-27 creating in VLAN configuration mode 11-10 VLAN load balancing on flex links 19-2 customer numbering in service-provider configuration guidelines 19-5 networks 15-3 VLAN management domain 12-2 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-42 OL-8915-03...
Page 959 EXEC mode 11-28 12-7 reconfirming requirements 11-31 12-9 troubleshooting saving 11-33 12-7 mapping MAC addresses to VLANs 11-28 VLAN configuration mode 12-7 monitoring configuration mode options 11-32 12-7 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-43 OL-8915-03...
Page 960 11-23 server mode, configuring 12-9 statistics 12-16 support for Token Ring support 12-4 transparent mode, configuring 12-12 using 12-1 version, guidelines 12-8 Version 1 12-4 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-44 OL-8915-03...

This manual is also suitable for:

Catalyst 3020

Cisco WS-C3020 Software Configuration Manual

Chapter 1 Overview

CHAPTER 2 Using the Command-Line Interface2-1

Chapter 3 Assigning the Switch IP Address and Default Gateway

Chapter 4 Configuring Cisco IOS CNS Agents

CHAPTER 5 Administering the Switch

Default MAC Address Table Configuration

Changing the Address Aging Time

Removing Dynamic Address Entries

Configuring MAC Address Notification Traps

Adding and Removing Static Address Entries

Configuring Unicast MAC Address Filtering

Displaying Address Table Entries

Chapter 6 Configuring SDM Templates

CHAPTER 7 Configuring Switch-Based Authentication

Controlling Switch Access with TACACS

Controlling Switch Access with RADIUS

Controlling Switch Access with Kerberos

Configuring the Switch for Local Authentication and Authorization

Configuring the Switch for Secure Shell

Configuring the Switch for Secure Socket Layer HTTP

Configuring the Switch for Secure Copy Protocol

CHAPTER 8 Configuring IEEE 802.1X Port-Based Authentication8-1

Understanding IEEE 802.1X Port-Based Authentication

Configuring IEEE 802.1X Authentication

Device Roles

Authentication Process

Authentication Initiation and Message Exchange

Ports in Authorized and Unauthorized States

IEEE 802.1X Host Mode

IEEE 802.1X Accounting Attribute-Value Pairs

IEEE 802.1X Accounting

Using 802.1X Readiness Check

Using IEEE 802.1X Authentication with VLAN Assignment

Using IEEE 802.1X Authentication with Per-User Acls

Using IEEE 802.1X Authentication with Guest VLAN

Using IEEE 802.1X Authentication with Restricted VLAN

Using IEEE 802.1X Authentication with Inaccessible Authentication Bypass

Using IEEE 802.1X Authentication with Voice VLAN Ports

Using IEEE 802.1X Authentication with Port Security

Using IEEE 802.1X Authentication with Wake-On-LAN

Using IEEE 802.1X Authentication with MAC Authentication Bypass

Using Web Authentication

Default IEEE 802.1X Authentication Configuration

IEEE 802.1X Authentication Configuration Guidelines

Configuring 802.1X Readiness Check

Configuring IEEE 802.1X Authentication

Configuring the Switch-To-RADIUS-Server Communication

Configuring the Host Mode

Configuring Periodic Re-Authentication

Manually Re-Authenticating a Client Connected to a Port

Changing the Quiet Period

Changing the Switch-To-Client Retransmission Time

Setting the Switch-To-Client Frame-Retransmission Number

Setting the Re-Authentication Number

Configuring IEEE 802.1X Accounting

Configuring a Guest VLAN

Configuring a Restricted VLAN

Configuring the Inaccessible Authentication Bypass Feature

Configuring IEEE 802.1X Authentication with Wol

Configuring MAC Authentication Bypass

Configuring NAC Layer 2 IEEE 802.1X Validation

Configuring Web Authentication

Disabling IEEE 802.1X Authentication on the Port

Resetting the IEEE 802.1X Authentication Configuration to the Default Values

CHAPTER 9 Configuring Interface Characteristics9-1

Understanding Interface Types

Using Interface Configuration Mode

Configuring Layer 3 Interfaces

Configuring the System MTU

Monitoring and Maintaining the Interfaces

Chapter 10 Configuring Smartports Macros

Quick Links

Troubleshooting

Related Manuals for Cisco WS-C3020

Summary of Contents for Cisco WS-C3020