Cisco 7609 Configuration Manual
Cisco 7609 Configuration Manual

Cisco 7609 Configuration Manual

Cisco ios software configuration guide—12.1e
Hide thumbs Also See for 7609:
Table of Contents

Advertisement

Cisco 7600 Series Router Cisco IOS
Software Configuration Guide—12.1E
Cisco IOS Release 12.1 E
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Customer Order Number: DOC-7814099=
Text Part Number: 78-14064-04

Advertisement

Table of Contents
loading

Subscribe to Our Youtube Channel

Summary of Contents for Cisco 7609

  • Page 1 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E Cisco IOS Release 12.1 E Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7814099=...
  • Page 2 CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA,...
  • Page 3 Accessing the CLI through the EIA/TIA-232 Console Interface Accessing the CLI through Telnet Performing Command Line Processing Performing History Substitution Cisco IOS Command Modes Displaying a List of Cisco IOS Commands and Syntax ROM-Monitor Command-Line Interface Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 4: Table Of Contents

    Contents Configuring the Cisco 7600 Series Router for the First Time C H A P T E R Default Configuration Configuring the Cisco 7600 Series Router Using the Setup Facility or the setup Command Using Configuration Mode 3-10 Checking the Running Configuration Before Saving...
  • Page 5 C H A P T E R Understanding How Layer 2 Switching Works Understanding Layer 2 Ethernet Switching Understanding VLAN Trunks Layer 2 LAN Port Modes Default Layer 2 LAN Interface Configuration Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 6 Guidelines Configuring VLANs VLAN Configuration Options Creating or Modifying an Ethernet VLAN 9-10 Assigning a Layer 2 LAN Interface to a VLAN 9-12 Configuring the Internal VLAN Allocation Policy 9-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 7 Understanding How EtherChannels Work 13-1 EtherChannel Feature Overview 13-2 Understanding How EtherChannels Are Configured 13-2 Understanding Port Channel Interfaces 13-5 Understanding Load Balancing 13-5 EtherChannel Feature Configuration Guidelines and Restrictions 13-5 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 8 Configuring 802.1Q Tunneling 14-5 Preconfiguration Tasks 14-5 Configuring 802.1Q Tunnel Ports 14-6 Configuring the Cisco 7600 Series Router to Tag Native VLAN Traffic 14-6 Understanding How Layer 2 Protocol Tunneling Works 14-7 Configuring Support for Layer 2 Protocol Tunneling 14-8 Configuring STP and IEEE 802.1s MST...
  • Page 9 Understanding How Root Guard Works 16-6 Understanding How Loop Guard Works 16-6 Enabling PortFast 16-8 Enabling PortFast BPDU Filtering 16-10 Enabling BPDU Guard 16-11 Enabling UplinkFast 16-12 Enabling BackboneFast 16-13 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 10 Enabling Installation of Directly Connected Subnets 18-12 Enabling NetFlow-Based Rate Limiting of RPF Failures 18-12 Enabling CEF-Based Rate Limiting of RPF Failures 18-13 Enabling Shortcut-Consistency Checking 18-13 Configuring ACL-Based Filtering of RPF Failures 18-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 11 C H A P T E R Understanding How IPX MLS Works 20-2 IPX MLS Overview 20-2 IPX MLS Flows 20-2 Layer 3 MLS Cache 20-2 Flow Masks 20-3 Layer 3-Switched Packet Rewrite 20-3 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 12 Enabling IGMP Fast-Leave Processing 21-11 Configuring a Host Statically 21-12 Displaying IGMP Snooping Information 21-12 Configuring RGMP 22-1 C H A P T E R Understanding How RGMP Works 22-1 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 13 24-1 Configuring DoS Protection 24-2 Supervisor Engine DoS Protection 24-2 Security ACLs 24-2 QoS ACLs 24-4 Forwarding Information Base Rate-Limiting 24-5 APR Throttling 24-5 Monitoring Packet Drop Statistics 24-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E xiii 78-14064-04...
  • Page 14 25-11 Changing the Quiet Period 25-11 Changing the Cisco 7600 Series Router-to-Client Retransmission Time 25-12 Setting the Cisco 7600 Series Router-to-Client Retransmission Time for EAP-Request Frames 25-13 Setting the Cisco 7600 Series Router-to-Authentication-Server Retransmission Time for Layer 4 Packets 25-13...
  • Page 15 Resetting Disabled LAN Interfaces 31-6 Configuring PFC QoS 32-1 C H A P T E R Understanding How PFC QoS Works 32-1 Hardware Supported by PFC QoS 32-2 QoS Terminology 32-3 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 16 NDE from the PFC 33-2 Default NDE Configuration 33-7 Configuring NDE 33-8 Configuring NDE on the PFC 33-8 Configuring NDE on the MSFC 33-13 Displaying the NDE Address and Port Configuration 33-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 17 Configuring a Service Group Using WCCPv2 35-8 Excluding Traffic on a Specific Interface from Redirection 35-9 Registering a Router to a Multicast Address 35-9 Using Access Lists for a WCCP Service Group 35-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E xvii 78-14064-04...
  • Page 18 37-5 Displaying the Switch Fabric Module Redundancy Status 37-6 Displaying Fabric Channel Switching Modes 37-6 Displaying the Fabric Status 37-7 Displaying the Fabric Utilization 37-7 Displaying Fabric Errors 37-7 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E xviii 78-14064-04...
  • Page 19 Understanding How Environmental Monitoring Works 38-4 Using CLI Commands to Monitor System Environmental Status 38-4 Understanding LED Environmental Indications 38-4 Acronyms A P P E N D I X I N D E X Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 20 Contents Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 21 Preface This preface describes who should read the Cisco 7600 Series Router Cisco IOS Software Configuration Guide, how it is organized, and its document conventions. Audience This guide is for experienced network administrators who are responsible for configuring and maintaining Cisco 7600 series routers.
  • Page 22 Describes how to configure Router-Port Group Management Protocol (RGMP). Chapter 23 Configuring Network Security Describes how to configure network security features that are unique to the Cisco 7600 series routers. Chapter 24 Configuring Denial of Service Describes how to configure denial of service Protection protection.
  • Page 23: Related Documentation

    Cisco 7600 Series Router Cisco IOS Command Reference • Cisco 7600 Series Router Cisco IOS System Message Guide Release Notes for Cisco IOS on Catalyst 6500 Series Switches and Cisco 7600 Series Router • Cisco IOS Configuration Guides and Command References—Use these publications to help you •...
  • Page 24 – Internetwork Design Guide – Internetwork Troubleshooting Guide Configuration Builder Getting Started Guide – The Cisco IOS Configuration Guides and Command References are located at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.htm For information about MIBs, go to this URL: • http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml Conventions This document uses the following conventions:...
  • Page 25: Obtaining Documentation

    Cisco provides several ways to obtain documentation, technical assistance, and other technical resources. These sections explain how to obtain technical information from Cisco Systems. Cisco.com You can access the most current Cisco documentation on the World Wide Web at this URL: http://www.cisco.com/univercd/home/home.htm You can access the Cisco website at this URL: http://www.cisco.com...
  • Page 26: Documentation Feedback

    24 hours a day, 365 days a year. Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a login ID or password, register at this URL: http://tools.cisco.com/RPF/register/register.do...
  • Page 27: Obtaining Additional Publications And Information

    TAC Case Priority Definitions To ensure that all cases are reported in a standard format, Cisco has established case priority definitions. Priority 1 (P1)—Your network is “down” or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
  • Page 28 Obtaining Additional Publications and Information • Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL: http://www.cisco.com/en/US/about/ac123/ac147/about_cisco_the_internet_protocol_journal.html...
  • Page 29: Product Overview

    Except for VLANs, Layer 2 and Layer 3 configuration is stored in a standard IOS configuration file • Refer to the Release Notes for Cisco IOS on Catalyst 6500 Series Switches and Cisco 7600 Series Router publication for complete information about the chassis, modules, and software features supported by the Cisco 7600 series routers: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/ol_2310.htm...
  • Page 30: Understanding Embedded Ciscoview

    The default password for accessing the router web page is the enable-level password of the router. Note For more information about web access to the router, refer to “Using the Cisco Web Browser” in the IOS Configuration Fundamentals Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/fun_c/fcprt1/fcd105.htm...
  • Page 31: Displaying Embedded Ciscoview Information

    To display the Embedded CiscoView information, enter the following EXEC commands: Command Purpose Displays information about the Embedded CiscoView files. Router# show ciscoview package Displays the Embedded CiscoView version. Router# show ciscoview version Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 32 Chapter 1 Product Overview Configuring Embedded CiscoView Support Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 33: Accessing The Cli

    C H A P T E R Command-Line Interfaces This chapter describes the command-line interfaces (CLIs) you use to configure the Cisco 7600 series routers. Note For complete syntax and usage information for the commands used in this chapter, refer to the Cisco 7600 Series Router Cisco IOS Command Reference publication and the Release 12.1 publications...
  • Page 34: Accessing The Cli Through Telnet

    If no password has been configured, press Note Router# Return. Step 3 Initiates enable mode enable. Router> enable Step 4 Completes enable mode enable. Password: password Router# Step 5 Exits the session when finished. Router# quit Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 35: Performing History Substitution

    The history buffer stores the last 20 commands you entered. History substitution allows you to access these commands without retyping them, by using special abbreviated commands. Table 2-2 lists the history substitution commands. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 36: Cisco Ios Command Modes

    Reference publication at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.htm The Cisco IOS user interface is divided into many different modes. The commands available to you depend on which mode you are currently in. To get a list of the commands in a given mode, type a question mark (?) at the system prompt.
  • Page 37: Displaying A List Of Cisco Ios Commands And Syntax

    The Cisco IOS command interpreter, called the EXEC, interprets and executes the commands you enter. You can abbreviate commands and keywords by entering just enough characters to make the command unique from other commands. For example, you can abbreviate the show command to sh and the configure terminal command to config t.
  • Page 38 Once you are in ROM-monitor mode, the prompt changes to rommon 1>. Enter a question mark (?) to see the available ROM-monitor commands. For more information about the ROM-monitor commands, refer to the Cisco 7600 Series Router Cisco IOS Command Reference publication.
  • Page 39: Chapter 3 Configuring The Cisco 7600 Series Router For The First Time

    C H A P T E R Configuring the Cisco 7600 Series Router for the First Time This chapter contains information about how to initially configure the Cisco 7600 series router, which supplements the administration information and procedures in these publications: •...
  • Page 40: Configuring The Cisco 7600 Series Router

    Chapter 3 Configuring the Cisco 7600 Series Router for the First Time Configuring the Cisco 7600 Series Router Table 3-1 Default Configuration Feature Default Value Administrative connection Normal mode Global information No value for the following: • System name System contact •...
  • Page 41: Configuring The Global Parameters

    Step 1 to the user EXEC prompt ( Router> The following display appears after you boot the Cisco 7600 series router (depending on your configuration, your display might not exactly match the example): System Bootstrap, Version 6.1(2) Copyright (c) 1994-2000 by cisco Systems, Inc.
  • Page 42 Chapter 3 Configuring the Cisco 7600 Series Router for the First Time Configuring the Cisco 7600 Series Router Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Wed 28-Mar-01 18:36 by hqluong Image text-base: 0x30020980, data-base: 0x306B8000 Start as Primary processor 00:00:05: %SYS-3-LOGGER_FLUSHING: System pausing to ensure console debugging out put.
  • Page 43 Chapter 3 Configuring the Cisco 7600 Series Router for the First Time Configuring the Cisco 7600 Series Router --- System Configuration Dialog --- Continue with configuration dialog? [yes/no]: y At any point you may enter a question mark '?' for help.
  • Page 44 Chapter 3 Configuring the Cisco 7600 Series Router for the First Time Configuring the Cisco 7600 Series Router GigabitEthernet1/1 172.20.52.34 YES NVRAM GigabitEthernet1/2 unassigned YES TFTP administratively down down GigabitEthernet3/1 unassigned YES TFTP administratively down down GigabitEthernet3/2 unassigned YES TFTP...
  • Page 45 Configure SNMP Network Management? [yes]: Community string [public]: For complete SNMP information and procedures, refer to these publications: • Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.1, “Cisco IOS System Management,” “Configuring SNMP Support,” at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/fun_c/fcprt3/fcd301.htm • Cisco IOS Configuration Fundamentals Configuration Command Reference, Release 12.1, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/fun_r/index.htm...
  • Page 46 Chapter 3 Configuring the Cisco 7600 Series Router for the First Time Configuring the Cisco 7600 Series Router shutdown no ip address interface GigabitEthernet1/2 shutdown no ip address <...output truncated...> [0] Go to the IOS command prompt without saving this config.
  • Page 47 Chapter 3 Configuring the Cisco 7600 Series Router for the First Time Configuring the Cisco 7600 Series Router When you reach and respond to the configuration dialog for the last installed interface, your interface configuration is complete. Step 3 Check and verify the entire list of configuration parameters, which should display on your console...
  • Page 48: Using Configuration Mode

    Chapter 3 Configuring the Cisco 7600 Series Router for the First Time Configuring the Cisco 7600 Series Router For detailed interface configuration information, refer to the Cisco IOS Interface Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/inter_c/index.htm Using Configuration Mode If you prefer not to use the setup facility, you can configure the router from configuration mode as follows: Connect a console terminal to the console interface of your supervisor engine.
  • Page 49: Saving The Running Configuration Settings

    Chapter 3 Configuring the Cisco 7600 Series Router for the First Time Configuring the Cisco 7600 Series Router Current configuration: Current configuration : 3441 bytes version 12.1 service timestamps debug datetime localtime service timestamps log datetime localtime no service password-encryption...
  • Page 50: Configuring A Default Gateway

    Chapter 3 Configuring the Cisco 7600 Series Router for the First Time Configuring the Cisco 7600 Series Router Configuring a Default Gateway Note The router uses the default gateway only when it is not configured with a routing protocol. To send data to another subnet when the router is not configured with a routing protocol, configure a default gateway.
  • Page 51 Chapter 3 Configuring the Cisco 7600 Series Router for the First Time Configuring the Cisco 7600 Series Router This example shows how to use the show running-config command to confirm the configuration of the previously configured static route: Router# show running-config Building configuration...
  • Page 52: Configuring A Bootp Server

    Chapter 3 Configuring the Cisco 7600 Series Router for the First Time Configuring the Cisco 7600 Series Router Configuring a BOOTP Server The Bootstrap Protocol (BOOTP) automatically assigns an IP address by adding the MAC and IP addresses of the interface to the BOOTP server configuration file. When the router boots, it automatically retrieves the IP address from the BOOTP server.
  • Page 53: Protecting Access To Privileged Exec Commands

    Chapter 3 Configuring the Cisco 7600 Series Router for the First Time Protecting Access to Privileged EXEC Commands Protecting Access to Privileged EXEC Commands The following tasks provide a way to control access to the system configuration file and privileged EXEC commands: •...
  • Page 54: Setting Or Changing A Line Password

    Chapter 3 Configuring the Cisco 7600 Series Router for the First Time Protecting Access to Privileged EXEC Commands Use either of these commands with the level option to define a password for a specific privilege level. After you specify the level and set a password, give the password only to users who need to have access at this level.
  • Page 55: Encrypting Passwords

    3-19. Configuring Multiple Privilege Levels By default, the Cisco IOS software has two modes of password security: user EXEC mode and privileged EXEC mode. You can configure up to 16 hierarchical levels of commands for each mode. By configuring multiple passwords, you can allow different sets of users to have access to specified commands.
  • Page 56 Chapter 3 Configuring the Cisco 7600 Series Router for the First Time Protecting Access to Privileged EXEC Commands For example, if you want many users to have access to the clear line command, you can assign it level 2 security and distribute the level 2 password widely. If you want more restricted access to the configure command, you can assign it level 3 security and distribute that password to more restricted users.
  • Page 57: Recovering A Lost Enable Password

    Chapter 3 Configuring the Cisco 7600 Series Router for the First Time Recovering a Lost Enable Password Exiting a Privilege Level To exit to a specified privilege level, perform this task: Command Purpose Exits to a specified privilege level. Router# disable level...
  • Page 58: Modifying The Supervisor Engine Startup Configuration

    ROM-monitor mode. From ROM-monitor mode, you can manually load a software image from bootflash or a Flash PC card. For complete syntax and usage information for the ROM monitor commands, refer to the Cisco 7600 Note Series Router Cisco IOS Command Reference publication.
  • Page 59: Configuring The Software Configuration Register

    Chapter 3 Configuring the Cisco 7600 Series Router for the First Time Modifying the Supervisor Engine Startup Configuration The ROM monitor has these features: • Power-on confidence test • Hardware initialization • Boot capability (manual boot and autoboot) Debug utility and crash analysis •...
  • Page 60 Chapter 3 Configuring the Cisco 7600 Series Router for the First Time Modifying the Supervisor Engine Startup Configuration Table 3-2 Software Configuration Register Bit Meaning (continued) Bit Number Hexadecimal Meaning 11 to 12 0x0800 to 0x1000 Console line speed (default is 9600 baud)
  • Page 61 Step 5 Reboots to make your changes take effect. Router# reload To modify the configuration register while the router is running Cisco IOS, follow these steps: Enter the enable command and your password to enter privileged level as follows: Step 1 Router>...
  • Page 62: Specifying The Startup System Image

    Chapter 3 Configuring the Cisco 7600 Series Router for the First Time Modifying the Supervisor Engine Startup Configuration Verifying the Configuration Register Setting Enter the show version EXEC command to verify the current configuration register setting. In ROM-monitor mode, enter the o command to verify the value of the configuration register boot field.
  • Page 63: Bootldr Environment Variable

    To configure your router to boot from Flash memory, follow these steps: Step 1 Copy a system image to Flash memory using TFTP or rcp (refer to the Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.1, “Cisco IOS File Management,” “Loading and Maintaining System Images,”...
  • Page 64: Config_File Environment Variable

    For Class A Flash file systems, the CONFIG_FILE environment variable specifies the file system and filename of the configuration file to use for initialization (startup). Valid file systems can include nvram:, slot0:, and sup-bootflash:. For detailed file management configuration information, refer to the Cisco IOS Configuration Fundamentals Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/fun_c/index.htm...
  • Page 65 Chapter 3 Configuring the Cisco 7600 Series Router for the First Time Modifying the Supervisor Engine Startup Configuration Setting the BOOTLDR Environment Variable To set the BOOTLDR environment variable, perform this task: Command Purpose Step 1 Verifies that bootflash contains the boot loader image.
  • Page 66 Chapter 3 Configuring the Cisco 7600 Series Router for the First Time Modifying the Supervisor Engine Startup Configuration Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 3-28 78-14064-04...
  • Page 67: Chapter 4 Configuring Ehsa Supervisor Engine Redundancy

    URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.htm Supervisor Engine Redundant Operation Cisco 7600 series routers support fault resistance by allowing a redundant supervisor engine to take over if the primary supervisor engine fails. The redundant supervisor engine runs in EHSA standby mode. Note The EHSA feature is not supervisor engine mirroring or load balancing.
  • Page 68: Supervisor Engine Redundancy Requirements

    Make a separate console connection to each supervisor engine. Do not connect a “Y” cable to the console ports. • Both supervisor engines must have the same system image (see the “Copying Files to the Redundant Supervisor Engine” section on page 4-4). Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 69: Synchronizing The Supervisor Engine Configurations

    This example shows how to reenable the default automatic synchronization feature using the auto-sync standard command to synchronize the startup-config and config-register configuration of the active supervisor engine with the redundant supervisor engine: Router(config)# redundancy Router(config-r)# main-cpu Router(config-r-mc)# auto-sync standard Router(config-r-mc)# auto-sync bootvar Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 70: Displaying The Supervisor Engine Redundancy

    5 Pass Router# Copying Files to the Redundant Supervisor Engine Use the following command to copy a file to the slot0: device on a redundant supervisor engine: Router# copy source_device:source_filename slaveslot0:target_filename Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 71 Use the following command to copy a file to the bootflash: device on a redundant supervisor engine: Router# copy source_device:source_filename slavesup-bootflash:target_filename Use the following command to copy a file to the bootflash: device on a redundant MSFC: Router# copy source_device:source_filename slavebootflash:target_filename Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 72 Chapter 4 Configuring EHSA Supervisor Engine Redundancy Supervisor Engine Redundant Operation Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 73: Copying Files To The Redundant Supervisor Engine

    • Supervisor Engine Redundancy Overview Cisco 7600 series routers support fault resistance by allowing a redundant supervisor engine to take over if the primary supervisor engine fails. RPR supports a switchover time of 2 to 4 minutes and RPR+ supports a switchover time of 30 to 60 seconds.
  • Page 74: C H A P T E R 5 Configuring Rpr And Rpr+ Supervisor Engine Redundancy

    Card (MSFC or MSFC2) and Policy Feature Card (PFC or PFC2) become fully operational. The MSFC and PFC on the redundant supervisor engine come out of reset but are not operational. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 75: Supervisor Engine Synchronization

    You cannot enter CLI commands on the redundant supervisor engine. • Synchronization of the startup configuration file is enabled by default in RPR+ mode. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 76: Supervisor Engine Redundancy Guidelines And Restrictions

    Only one supervisor engine is active. Network services are disrupted until the redundant supervisor engine takes over and the router recovers. With RPR+, both supervisor engines must run the same version of Cisco IOS software. If the •...
  • Page 77: Hardware Configuration Guidelines And Restrictions

    • not enter the vtp file file_name command on a router that has a redundant supervisor engine. Cisco IOS running on the supervisor engine and the MSFC supports redundant configurations where • the supervisor engines and MSFC routers are identical. If they are not identical, one will boot first and become active and hold the other supervisor engine and MSFC in a reset condition.
  • Page 78: Synchronizing The Supervisor Engine Configurations

    Redundancy Mode (Operational) = Route Processor Redundancy Plus Redundancy Mode (Configured) = Route Processor Redundancy Plus Split Mode = Disabled Manual Swact = Disabled Reason: Simplex mode Communications = Down Reason: Simplex mode Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 79: Synchronizing The Supervisor Engine Configurations

    This example shows how to disable default automatic synchronization and only allow automatic synchronization of the config-registers of the active supervisor engine to the redundant supervisor engine while disallowing synchronization of the startup configuration: Router(config)# redundancy Router(config-red)# main-cpu Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 80: Displaying The Redundancy States

    Communications = Down Reason: Simplex mode client count = 11 client_notification_TMR = 30000 milliseconds keep_alive TMR = 9000 milliseconds keep_alive count = 0 keep_alive threshold = 18 RF debug mask = 0x0 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 81: Performing A Fast Software Upgrade

    Configuring RPR and RPR+ Supervisor Engine Redundancy Performing a Fast Software Upgrade Performing a Fast Software Upgrade The fast software upgrade (FSU) procedure supported by RPR allows you to upgrade the Cisco IOS image on the supervisor engines without reloading the system. Note If you are performing a first-time upgrade to RPR from EHSA, you must reload both supervisor engines.
  • Page 82: Copying Files To The Redundant Supervisor Engine

    Use the following command to copy a file to the bootflash: device on a redundant supervisor engine: Router# copy source_device:source_filename slavesup-bootflash:target_filename Use the following command to copy a file to the bootflash: device on a redundant MSFC: Router# copy source_device:source_filename slavebootflash:target_filename Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 5-10 78-14064-04...
  • Page 83: Understanding Interface Configuration

    Monitoring and Maintaining Interfaces, page 6-17 • For complete syntax and usage information for the commands used in this chapter, refer to the Cisco 7600 Note Series Router Cisco IOS Command Reference publication and the Release 12.1 publications at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.htm...
  • Page 84: Using The Interface Command

    Using the Interface Command • Port number—The physical port number on the module. On the Cisco 7600 series router, the port numbers always begin with 1. When facing the rear of the router, ports are numbered from the left to the right.
  • Page 85: Chapter 6 Configuring Interface

    Router uptime is 2 hours, 55 minutes System returned to ROM by power-on (SP by power-on) Running default software cisco Catalyst 6000 (R7000) processor with 114688K/16384K bytes of memory. Processor board ID SAD04430J9K R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3 Cache Last reset from power-on Bridging software.
  • Page 86: Configuring A Range Of Interfaces

    VLAN interfaces: the interface range command is supported only with VLAN interfaces that have been configured with the interface vlan command. You can enter the show running-configuration command to display the configured VLAN interfaces. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 87 If you exit interface-range configuration mode while the commands are being executed, some commands may not be executed on all interfaces in the range. Wait until the command prompt reappears before exiting interface-range configuration mode. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 88: Defining And Using Interface-Range Macros

    Router(config)# interface range macro enet_list Router(config-if)# Configuring Optional Interface Features These sections describe optional interface features: • Configuring Ethernet Interface Speed and Duplex Mode, page 6-7 Configuring Jumbo Frame Support, page 6-10 • Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 89: Configuring Ethernet Interface Speed And Duplex Mode

    Speed and Duplex Mode Configuration Guidelines You usually configure Ethernet port speed and duplex mode parameters to auto and allow the Cisco 7600 series router to negotiate the speed and duplex mode between ports. If you decide to configure the port speed and duplex modes manually, consider the following information: •...
  • Page 90 (link negotiation enabled on one port and disabled on the other port). Table 6-1 shows the four possible link negotiation configurations and the resulting link status for each configuration. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 91 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1238 packets input, 273598 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 92: Configuring Jumbo Frame Support

    Understanding Jumbo Frame Support These sections describe jumbo frame support: • Jumbo Frame Support Overview, page 6-11 • Ethernet Ports, page 6-12 • VLAN Interfaces, page 6-13 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 6-10 78-14064-04...
  • Page 93 64 bytes. With a nondefault MTU size configured, 10, 10/100, and 100 Mbps Ethernet LAN ports do not check for oversize egress frames. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 6-11...
  • Page 94 On a Layer 2 port, you can only configure an MTU size that matches the global LAN port MTU size (see “Configuring the Global LAN Port MTU Size” section on page 6-14). Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 6-12 78-14064-04...
  • Page 95 LAN port MTU size (see the “Configuring the Global LAN Port MTU Size” section on page 6-14). For Layer 2 Ethernet ports with earlier releases, the only supported MTU size is 9216 bytes. • Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 6-13 78-14064-04...
  • Page 96: Configuring Ieee 802.3Z Flow Control

    Configuring IEEE 802.3Z Flow Control Gigabit Ethernet and 10-Gigabit Ethernet ports on the Cisco 7600 series routers use flow control to stop the transmission of frames to the port for a specified time; other Ethernet ports use flow control to respond to flow-control requests.
  • Page 97: Configuring The Port Debounce Timer

    10BASE-FL ports 300 milliseconds 3100 milliseconds 10/100BASE-TX ports 300 milliseconds 3100 milliseconds 100BASE-FX ports 300 milliseconds 3100 milliseconds 10/100/1000BASE-TX ports 300 milliseconds 3100 milliseconds 1000BASE-TX ports 300 milliseconds 3100 milliseconds Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 6-15 78-14064-04...
  • Page 98: Adding A Description For An Interface

    To add a description for an interface, perform this task: Command Purpose Adds a description for an interface. Router(config-if)# description string Deletes a description from an interface. Router(config-if)# no description Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 6-16 78-14064-04...
  • Page 99: Understanding Online Insertion And Removal

    Guide and Cisco 7603 Router Installation Guide . When a module has been removed or installed, the Cisco 7600 series router stops processing traffic for the module and scans the system for a configuration change. Each interface type is verified against the system configuration, and then the system runs diagnostics on the new module.
  • Page 100: Clearing Counters On An Interface

    The clear counters command clears all the current counters from the interface unless the optional arguments specify a specific interface. Note The clear counters command clears counters displayed with the EXEC show interfaces command, not counters retrieved using SNMP. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 6-18 78-14064-04...
  • Page 101: Resetting An Interface

    To check if an interface is disabled, enter the EXEC show interfaces command. An interface that has been shut down is shown as administratively down in the show interfaces command display. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 6-19...
  • Page 102 Chapter 6 Configuring Interfaces Monitoring and Maintaining Interfaces Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 6-20 78-14064-04...
  • Page 103: Understanding How Layer 2 Switching Works

    This chapter describes how to use the command-line interface (CLI) to configure Ethernet, Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet LAN ports for Layer 2 switching on the Cisco 7600 series routers. The configuration tasks in this chapter apply to LAN ports on LAN switching modules and to the LAN ports on the supervisor engine.
  • Page 104: Chapter 7 Configuring Lan Port For Layer 2 Switching

    2-Gbps effective bandwidth. Switching Frames Between Segments Each LAN port on a Cisco 7600 series router can connect to a single workstation or server, or to a hub through which workstations or servers connect to the network.
  • Page 105: Trunking Overview

    To autonegotiate trunking, the LAN ports must be in the same VTP domain. Use the trunk or nonegotiate keywords to force LAN ports in different domains to trunk. For more information on VTP domains, see Chapter 8, “Configuring VTP.” Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 106: Layer 2 Lan Port Modes

    Puts the LAN port into permanent trunking mode but prevents the port from generating DTP frames. You must configure the neighboring port manually as a trunk port to establish a trunk link. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 107: Default Layer 2 Lan Interface Configuration

    19 for 10/100-Mbps Fast Ethernet LAN ports • 19 for 100-Mbps Fast Ethernet LAN ports • 4 for 1,000-Mbps Gigabit Ethernet LAN ports • 2 for 10,000-Mbps 10-Gigabit Ethernet LAN • ports Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 108: Layer 2 Lan Interface Configuration Guidelines And Restrictions

    BPDUs on each VLAN allowed on the trunks. The BPDUs on the native VLAN of the trunk are sent untagged to the reserved IEEE 802.1d spanning tree multicast MAC address (01-80-C2-00-00-00). The BPDUs on all other VLANs on the trunk are sent tagged to the reserved Cisco Shared Spanning Tree (SSTP) multicast MAC address (01-00-0c-cc-cc-cd).
  • Page 109: Configuring Lan Interfaces For Layer 2 Switching

    Configuring LAN Interfaces for Layer 2 Switching Configuring LAN Interfaces for Layer 2 Switching These sections describe how to configure Layer 2 switching on the Cisco 7600 series routers: • Configuring a LAN Port for Layer 2 Switching, page 7-7 Configuring a Layer 2 Switching Port as a Trunk, page 7-8 •...
  • Page 110: Configuring A Layer 2 Switching Port As A Trunk

    Configuring the Layer 2 Switching Port as an ISL or 802.1Q Trunk Complete the steps in the “Preparing a Layer 2 Switching Port for Configuration as a Trunk” section on Note page 7-8 before performing the tasks in this section. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 111 Configuring the Layer 2 Trunk Not to Use DTP Complete the steps in the “Preparing a Layer 2 Switching Port for Configuration as a Trunk” section on Note page 7-8 before performing the tasks in this section. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 112 With 12.1 E releases earlier than Release 12.1(13)E, the • vlan_ID value can be 1 to 1005. Reverts to the default value (VLAN 1). Router(config-if)# no switchport access vlan Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 7-10 78-14064-04...
  • Page 113 (Optional) Configures the list of VLANs allowed on the | except | none | remove} vlan [,vlan[,vlan[,...]] trunk. Reverts to the default value (all VLANs allowed). Router(config-if)# no switchport trunk allowed vlan Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 7-11 78-14064-04...
  • Page 114 The default list of VLANs allowed to be pruned contains all VLANs. • Network devices in VTP transparent mode do not send VTP Join messages. On Cisco 7600 series routers • with trunk connections to network devices in VTP transparent mode, configure the VLANs used by the transparent-mode network devices or that need to be carried across the transparent-mode network devices as pruning ineligible.
  • Page 115 Router# exit This example shows how to verify the configuration: Router# show running-config interface fastethernet 5/8 Building configuration... Current configuration: interface FastEthernet5/8 no ip address switchport switchport trunk encapsulation dot1q Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 7-13 78-14064-04...
  • Page 116: Configuring A Lan Interface As A Layer 2 Access Port

    Step 5 Configures the LAN port as a Layer 2 access port. Router(config-if)# switchport mode access Router(config-if)# no switchport mode Reverts to the default switchport mode (switchport mode dynamic desirable). Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 7-14 78-14064-04...
  • Page 117 Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: native Negotiation of Trunking: Enabled Access Mode VLAN: 200 (VLAN0200) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: ALL Pruning VLANs Enabled: ALL Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 7-15 78-14064-04...
  • Page 118: Configuring A Custom Ieee 802.1Q Ethertype Field Value

    Note EtherType field value to all ports supported by each port ASIC (1 through 8 and 9 through 16). – WS-X6516-GE-TX WS-X6748-GE-TX – – WS-X6724-SFP WS-X6704-10GE – WS-X6816-GBIC – Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 7-16 78-14064-04...
  • Page 119 You cannot form an EtherChannel from ports that are configured with custom EtherType field values. This example shows how to configure the EtherType field value to 0x1234: Router (config-if)# switchport dot1q ethertype 1234 Router (config-if)# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 7-17 78-14064-04...
  • Page 120 Chapter 7 Configuring LAN Ports for Layer 2 Switching Configuring LAN Interfaces for Layer 2 Switching Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 7-18 78-14064-04...
  • Page 121: Configuring Vtp

    C H A P T E R Configuring VTP This chapter describes how to configure the VLAN Trunking Protocol (VTP) on the Cisco 7600 series routers. Note For complete syntax and usage information for the commands used in this chapter, refer to the Cisco 7600 Series Router Cisco IOS Command Reference publication.
  • Page 122: Chapter 8 Configuring Vtp

    (CLI) or Simple Network Management Protocol (SNMP). By default, the Cisco 7600 series router is in VTP server mode and is in the no-management domain state until the router receives an advertisement for a domain over a trunk link or you configure a management domain.
  • Page 123: Understanding Vtp Version 2

    For VTP pruning to be effective, all devices in the management domain must support VTP pruning. On devices that do not support VTP pruning, you must manually configure the VLANs allowed on trunks. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 124 Switch 1. Switch 1 floods the broadcast, and every network device in the network receives it, even though Switches 3, 5, and 6 have no ports in the Red VLAN. You enable pruning globally on the Cisco 7600 series router (see the “Enabling VTP Pruning” section on page 8-7).
  • Page 125: Vtp Default Configuration

    2-capable network devices in the domain enable VTP version 2. • In a Token Ring environment, you must enable VTP version 2 for Token Ring VLAN switching to function properly. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 126: Configuring Vtp Global Parameters

    • • Network devices in VTP transparent mode do not send VTP Join messages. On Cisco 7600 series routers with trunk connections to network devices in VTP transparent mode, configure the VLANs that are used by the transparent-mode network devices or that need to be carried across trunks as pruning ineligible.
  • Page 127: Enabling Vtp Pruning

    Every network device in the VTP domain must use the same VTP version. Do not enable VTP version 2 unless every network device in the VTP domain supports version 2. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 128: Configuring The Vtp Mode

    VTP server in the domain. You cannot clear the domain name. Note Step 3 Exits VLAN configuration mode. Router(config)# end Step 4 Verifies the configuration. Router# show vtp status Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 129 Configuration last modified by 127.0.0.12 at 8-7-02 11:21:43 Router# This example shows how to disable VTP on the router: Router# configure terminal Router(config)# vtp transparent Setting device to VTP TRANSPARENT mode. Router(config)# end Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 130: Displaying Vtp Statistics

    Number of config digest errors Number of V1 summary errors VTP pruning statistics: Trunk Join Transmitted Join Received Summary advts received from non-pruning-capable device ---------------- ---------------- ---------------- --------------------------- Fa5/8 43071 42766 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 8-10 78-14064-04...
  • Page 131: Understanding How Vlans Work

    C H A P T E R Configuring VLANs This chapter describes how to configure VLANs on the Cisco 7600 series routers. For complete syntax and usage information for the commands used in this chapter, refer to the Note Cisco 7600 Series Router Cisco IOS Command Reference publication.
  • Page 132: Chapter 9 Configuring Vlan

    15-3). With Release 12.1(13)E and later releases, Cisco 7600 series routers support 4096 VLANs in accordance with the IEEE 802.1Q standard. These VLANs are organized into several ranges; you use each range slightly differently. Some of these VLANs are propagated to other switches in the network when you use the VLAN Trunking Protocol (VTP).
  • Page 133: Configurable Vlan Parameters

    • Cisco 7600 series routers do not support Inter-Switch Link (ISL)-encapsulated Token Ring frames. Note When a Cisco 7600 series router is configured as a VTP server, you can configure Token Ring VLANs from the router. Token Ring TrBRF VLANs...
  • Page 134 Ring Ring For source routing, the Cisco 7600 series router appears as a single bridge between the logical rings. The TrBRF can function as a source-route bridge (SRB) or a source-route transparent (SRT) bridge running either the IBM or IEEE STP. If an SRB is used, you can define duplicate MAC addresses on different logical rings.
  • Page 135 TrCRFs through the backup TrCRF. When the ISL connection is reestablished, all but one port in the backup TrCRF is disabled. Figure 9-4 illustrates the backup TrCRF. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 136: Vlan Default Configuration

    FDDI VLAN Defaults and Ranges Parameter Default Range VLAN ID 1002 1–1005 VLAN name “fddi-default” — 802.10 SAID 101002 1–4294967294 MTU size 1500 1500–18190 Ring number 1–4095 Parent VLAN 0–1005 Translational bridge 1 0–1005 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 137 VLAN state active active, suspend Table 9-6 Token Ring (TrBRF) VLAN Defaults and Ranges Parameter Default Range VLAN ID 1005 1–1005 VLAN name “trnet-default” — 802.10 SAID 101005 1–4294967294 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 78-14064-04...
  • Page 138: Vlan Configuration Guidelines And Restrictions

    Before installing a redundant supervisor engine, enter the no vtp file command to return to the • default configuration. Before you can create a VLAN, the Cisco 7600 series router must be in VTP server mode or VTP • transparent mode. For information on configuring VTP, see Chapter 8, “Configuring VTP.”...
  • Page 139: Vlan Configuration Options

    Configuring VLANs Configuring VLANs • When a Cisco 7600 series router is configured as a VTP server, you can configure FDDI and Token Ring VLANs from the router. • You must configure a TrBRF before you configure the TrCRF (the parent TrBRF VLAN you specify must exist).
  • Page 140: Creating Or Modifying An Ethernet Vlan

    Ethernet VLANs, or several Ethernet VLANs specified in Router(config-vlan)# a comma-separated list (do not enter space characters). Router(vlan)# vlan vlan_ID Router(config)# no vlan vlan_ID Deletes a VLAN. Router(config-vlan)# Router(vlan)# no vlan vlan_ID Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 9-10 78-14064-04...
  • Page 141 This example shows how to create an Ethernet VLAN in VLAN database mode: Router# vlan database Router(vlan)# vlan 3 VLAN 3 added: Name: VLAN0003 Router(vlan)# exit APPLY completed. Exiting..Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 9-11 78-14064-04...
  • Page 142: Assigning A Layer 2 Lan Interface To A Vlan

    When you configure the internal VLAN allocation policy, note the following syntax information: Enter the ascending keyword to allocate internal VLANs from 1006 and up. • • Enter the descending keyword to allocate internal VLAN from 4094 and down. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 9-12 78-14064-04...
  • Page 143: Mapping 802.1Q Vlans To Isl Vlans

    802.1Q VLANs in the range 1 through 1001 and 1006 through 4094 are automatically mapped to the corresponding ISL VLAN. 802.1Q VLAN numbers corresponding to reserved VLAN numbers must be mapped to an ISL VLAN in order to be recognized and forwarded by Cisco network devices. These restrictions apply when mapping 802.1Q VLANs to ISL VLANs: You can configure up to eight 802.1Q-to-ISL VLAN mappings on the Cisco 7600 series router.
  • Page 144 Chapter 9 Configuring VLANs Configuring VLANs Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 9-14 78-14064-04...
  • Page 145: Chapter 10 Configuring Private Vlans

    C H A P T E R Configuring Private VLANs This chapter describes how to configure private VLANs on the Cisco 7600 series routers. Release 12.1 E supports private VLANs with Release 12.1(11b)E and later. Note For complete syntax and usage information for the commands used in this chapter, refer to the Cisco 7600 Series Router Cisco IOS Command Reference publication.
  • Page 146: Private Vlan Configuration Guidelines

    Configure Layer 3 VLAN interfaces only for primary VLANs. Layer 3 VLAN interfaces for isolated • and community VLANs are inactive while the VLAN is configured as an isolated or community VLAN. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 10-2 78-14064-04...
  • Page 147 VLANs. Be consistent with the ranges employed by the MAC address reduction feature regardless of whether it is enabled on the system. MAC address reduction allows only discrete levels Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 10-3...
  • Page 148 You cannot apply VACLs to secondary VLANs (see the “Configuring VLAN ACLs” section on • page 23-8). To apply Cisco IOS output ACLs to all outgoing private VLAN traffic, configure them on the Layer • 3 VLAN interface of the primary VLAN (see Chapter 23, “Configuring Network Security”).
  • Page 149: Configuring A Vlan As A Private Vlan

    This example shows how to configure VLAN 440 as an isolated VLAN and verify the configuration: Router# configure terminal Router(config)# vlan 440 Router(config-vlan)# private-vlan isolated Router(config-vlan)# end Router# show vlan private-vlan Primary Secondary Type Interfaces ------- --------- ----------------- ------------------------------------------ primary community isolated Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 10-5 78-14064-04...
  • Page 150: Associating Secondary Vlans With A Primary Vlan

    Router(config)# vlan 202 Router(config-vlan)# private-vlan association 303-307,309,440 Router(config-vlan)# end Router# show vlan private-vlan Primary Secondary Type Interfaces ------- --------- ----------------- ------------------------------------------ community community community community community community isolated community Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 10-6 78-14064-04...
  • Page 151: Mapping Secondary Vlans To The Layer 3 Vlan Interface Of A Primary Vlan

    Router(config-if)# end Router# show interfaces private-vlan mapping Interface Secondary VLAN Type --------- -------------- ----------------- vlan202 community vlan202 community vlan202 community vlan202 community vlan202 community vlan202 community vlan202 isolated Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 10-7 78-14064-04...
  • Page 152: Configuring A Layer 2 Interface As A Private Vlan Host Port

    Trunking Native Mode VLAN: 1 (default) Administrative private-vlan host-association: 202 (VLAN0202) 303 (VLAN0303) Administrative private-vlan mapping: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 10-8 78-14064-04...
  • Page 153: Configuring A Layer 2 Interface As A Private Vlan Promiscuous Port

    This example shows how to configure interface FastEthernet 5/2 as a private VLAN promiscuous port and map it to a private VLAN: Router# configure terminal Router(config)# interface fastethernet 5/2 Router(config-if)# switchport mode private-vlan promiscuous Router(config-if)# switchport private-vlan mapping 202 303,440 Router(config-if)# end Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 10-9 78-14064-04...
  • Page 154 Trunking Native Mode VLAN: 1 (default) Administrative private-vlan host-association: none ((Inactive)) Administrative private-vlan mapping: 202 (VLAN0202) 303 (VLAN0303) 440 (VLAN0440) Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 10-10 78-14064-04...
  • Page 155: Understanding Cisco Ip Phone Support

    C H A P T E R Configuring Cisco IP Phone Support This chapter describes how to configure support for Cisco IP Phones on the Cisco 7600 series routers. Release 12.1(13)E and later releases support Cisco IP Phones. Note For complete syntax and usage information for the commands used in this chapter, refer to the Cisco 7600 Series Router Cisco IOS Command Reference publication for this release.
  • Page 156: Chapter 11 Configuring Cisco Ip Phone Support

    The Cisco IP Phone transmits voice traffic with Layer 3 IP precedence and Layer 2 CoS values, which are both set to 5 by default. The sound quality of a Cisco IP Phone call can deteriorate if the voice traffic is transmitted unevenly.
  • Page 157: Cisco Ip Phone Data Traffic

    Untrusted mode—All traffic in 802.1Q or 802.1p frames received through the access port on the • Cisco IP Phone is marked with a configured Layer 2 CoS value. The default Layer 2 CoS value is 0. Untrusted mode is the default.
  • Page 158: Default Cisco Ip Phone Support Configuration

    Cisco IP Phones may have different power requirements. The supervisor engine initially allocates the configured default of 7 W (167 mA at 42V) to the Cisco IP Phone. When the correct amount of power is determined from the CDPv2 messaging with the Cisco IP Phone, the supervisor engine reduces or increases the allocated power.
  • Page 159: Configuring Cisco Ip Phone Support

    If the Cisco IP Phone uses untagged frames and the device uses 802.1p frames – If the Cisco IP Phone uses 802.1Q frames and the voice VLAN is the same as the access VLAN • The Cisco IP Phone and a device attached to the Cisco IP Phone cannot communicate if they are in the same VLAN and subnet but use different frame types, because traffic between devices in the same subnet is not routed (routing would eliminate the frame type difference).
  • Page 160 When configuring the way in which the Cisco IP Phone transmits voice traffic, note the following syntax information: Enter a voice VLAN ID to send CDPv2 packets that configure the Cisco IP Phone to transmit voice • traffic in 802.1Q frames, tagged with the voice VLAN ID and a Layer 2 CoS value (the default is 5).
  • Page 161: Configuring Data Traffic Support

    • To send CDPv2 packets that configure the Cisco IP Phone to trust tagged traffic received from a device connected to the access port on the Cisco IP Phone, do not enter the cos keyword and CoS value. To send CDPv2 packets that configure the Cisco IP Phone to mark tagged ingress traffic received •...
  • Page 162: Configuring Inline Power Support

    Router# show power inline [fastethernet slot/port] When configuring inline power support, note the following syntax information: To configure auto-detection of a Cisco IP Phone, enter the auto keyword. • To disable auto-detection of a Cisco IP Phone, enter the never keyword.
  • Page 163: Configuring Layer 3 Interfaces

    C H A P T E R Configuring Layer 3 Interfaces This chapter contains information about how to configure Layer 3 interfaces on the Cisco 7600 series routers, which supplements the information and procedures in the Release 12.1 publications at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.htm...
  • Page 164: Configuring Ip Routing And Addresses

    • http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_r/index.htm For information about the maximum paths command in Release 12.1 E, refer to the Cisco 7600 Series Router Cisco IOS Command Reference publication. The Policy Feature Card 2 (PFC2) and any Distributed Feature Cards (DFCs) provide hardware support for policy-based routing (PBR) for route-map sequences that use the match ip address and set ip next-hop keywords.
  • Page 165: Chapter 12 Configuring Layer 3 Interface

    0 output errors, 0 collisions, 4 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 12-3 78-14064-04...
  • Page 166 This example uses the show running-config command to display the interface IP address configuration of Fast Ethernet port 5/4: Router# show running-config interfaces fastethernet 5/4 Building configuration... Current configuration: interface FastEthernet5/4 description "Router port" ip address 172.20.52.106 255.255.255.248 no ip directed-broadcast Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 12-4 78-14064-04...
  • Page 167: Configuring Ipx Routing And Network Numbers

    Configuring IPX Routing and Network Numbers For complete information and procedures, refer to these publications: • Cisco IOS AppleTalk and Novell IPX Configuration Guide, Release 12.1, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/atipx_c/index.htm Cisco IOS AppleTalk and Novell IPX Command Reference, Release 12.1, at this URL: •...
  • Page 168: Configuring Appletalk Routing, Cable Ranges, And Zones

    Configuring AppleTalk Routing, Cable Ranges, and Zones For complete information and procedures, refer to these publications: • Cisco IOS AppleTalk and Novell IPX Configuration Guide, Release 12.1, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/atipx_c/index.htm Cisco IOS AppleTalk and Novell IPX Command Reference, Release 12.1, at this URL: •...
  • Page 169: Configuring Other Protocols On Layer 3 Interfaces

    Configuring Other Protocols on Layer 3 Interfaces Refer to these publications for information about configuring other protocols on Layer 3 interfaces: • Cisco IOS Apollo Domain, VINES, DECnet, ISO CLNS, and XNS Configuration Guide, Release 12.1, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/apollo_c/index.htm Cisco IOS Apollo Domain, VINES, DECnet, ISO CLNS, and XNS Command Reference, •...
  • Page 170 Chapter 12 Configuring Layer 3 Interfaces Configuring Other Protocols on Layer 3 Interfaces Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 12-8 78-14064-04...
  • Page 171: Understanding How Etherchannels Work

    Cisco 7600 Series Router Cisco IOS Command Reference publication. • The commands in the following sections can be used on all LAN ports in Cisco 7600 series routers, including the ports on the supervisor engine and a redundant supervisor engine.
  • Page 172: C H A P T E R 13 Configuring Etherchannels

    You can form an EtherChannel with up to eight compatibly configured LAN ports on any module in a Cisco 7600 series router. All LAN ports in each EtherChannel must be the same speed and must all be configured as either Layer 2 or Layer 3 LAN ports.
  • Page 173 Release 12.1(13)E and later releases support IEEE 802.3ad LACP EtherChannels. LACP supports the automatic creation of EtherChannels by exchanging LACP packets between LAN ports. LACP packets are exchanged only between ports in passive and active modes. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 13-3 78-14064-04...
  • Page 174 You can configure an additional 8 standby ports (total of 16 ports associated with the EtherChannel). Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 13-4 78-14064-04...
  • Page 175: Understanding Port Channel Interfaces

    Configure all LAN ports in an EtherChannel to operate at the same speed and in the same duplex mode. LACP does not support half-duplex. Half-duplex ports in an LACP EtherChannel are put in the • suspended state. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 13-5 78-14064-04...
  • Page 176: Configuring Etherchannels

    13-5). With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC mode • commands by entering the do keyword before the EXEC mode command. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 13-6 78-14064-04...
  • Page 177: Configuring Port Channel Logical Interfaces For Layer 3 Etherchannels

    This example shows how to verify the configuration of port channel interface 1: Router# show running-config interface port-channel 1 Building configuration... Current configuration: interface Port-channel1 ip address 172.32.52.10 255.255.255.0 no ip directed-broadcast Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 13-7 78-14064-04...
  • Page 178: Configuring Channel Groups

    You cannot put Layer 2 LAN ports into a manually created port channel interface. For Cisco IOS to create port channel interfaces for Layer 2 EtherChannels, the Layer 2 LAN ports •...
  • Page 179 I - Interface timer is running. Local information: Hello Partner PAgP Learning Group Port Flags State Timers Interval Count Priority Method Ifindex Fa5/2 U1/S1 Age of the port in the current state: 04d:18h:57m:19s Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 13-9 78-14064-04...
  • Page 180: Configuring The Lacp System Priority And System Id

    Router(config)# This example shows how to verify the configuration: Router# show lacp sys-id 23456,0050.3e8d.6400 Router# The system priority is displayed first, followed by the MAC address of the router. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 13-10 78-14064-04...
  • Page 181: Configuring Etherchannel Load Balancing

    This example shows how to configure EtherChannel to use source and destination IP addresses: Router# configure terminal Router(config)# port-channel load-balance src-dst-ip Router(config)# end Router(config)# This example shows how to verify the configuration: Router# show etherchannel load-balance Source XOR Destination IP address Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 13-11 78-14064-04...
  • Page 182 Chapter 13 Configuring EtherChannels Configuring EtherChannels Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 13-12 78-14064-04...
  • Page 183: Understanding How 802.1Q Tunneling Works

    Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling With Release 12.1(13)E and later, the Cisco 7600 series routers support IEEE 802.1Q tunneling and Layer 2 protocol tunneling. This chapter describes how to configure IEEE 802.1Q tunneling and Layer 2 protocol tunneling on the Cisco 7600 series routers.
  • Page 184: C H A P T E R 14 Configuring Ieee 802.1Q Tunneling And Layer 2 Protocol Tunneling

    Figure 14-2 Untagged, 802.1Q-Tagged, and Double-Tagged Ethernet Frames Source address Destination Length/ Frame Check address EtherType Sequence Len/Etype Data Original Ethernet frame 802.1 Etype Len/Etype Data custo Etype Etype Len/Etype Data Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 14-2 78-14064-04...
  • Page 185: 802.1Q Tunneling Configuration Guidelines And Restrictions

    – QoS cannot detect the received CoS value in the 802.1Q 2-byte Tag Control Information field. On an asymmetrical link, the Cisco Discovery Protocol (CDP) reports a native VLAN mismatch if • the VLAN of the tunnel port does not match the native VLAN of the 802.1Q trunk. The 802.1Q tunnel feature does not require that the VLANs match.
  • Page 186: Q Tunneling Configuration Guidelines And Restrictions

    EtherChannel to use MAC-address-based frame distribution. Because all the BPDUs are being dropped, spanning tree PortFast can be enabled on Layer 2 • protocol tunnel ports as follows: Router(config-if)# spanning-tree portfast trunk Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 14-4 78-14064-04...
  • Page 187: Configuring 802.1Q Tunneling

    Configuring 802.1Q Tunnel Ports, page 14-6 • Configuring the Cisco 7600 Series Router to Tag Native VLAN Traffic, page 14-6 Caution Ensure that only the appropriate tunnel ports are in any VLAN used for tunneling and that one VLAN is used for each tunnel.
  • Page 188: Configuring 802.1Q Tunnel Ports

    Router(config-if)# end Router# show dot1q-tunnel interface Configuring the Cisco 7600 Series Router to Tag Native VLAN Traffic The vlan dot1q tag native command is a global command that configures the router to tag native VLAN traffic, and admit only 802.1Q tagged frames on 802.1Q trunks, dropping any untagged traffic, including untagged traffic in the native VLAN.
  • Page 189: Understanding How Layer 2 Protocol Tunneling Works

    An ingress edge switch rewrites the destination MAC address of the PDUs received on a Layer 2 tunnel port with the Cisco proprietary multicast address (01-00-0c-cd-cd-d0). The PDU is then flooded to the native VLAN of the Layer 2 tunnel port. If you enable Layer 2 protocol tunneling on a port, PDUs of an enabled protocol are not sent out.
  • Page 190: Configuring Support For Layer 2 Protocol Tunneling

    A new keyword, l2ptguard, has been added to the following commands: • errdisable detect cause • errdisable recovery cause Refer to the Cisco 7600 Series Router Cisco IOS Command Reference publication for more information. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 14-8...
  • Page 191: Configuring Support For Layer 2 Protocol Tunneling

    Router(config-if)# end Router# show l2protocol-tunnel summary Port Protocol Threshold (cos/cdp/stp/vtp) ---------------------------------------- Router# This example shows how to clear Layer 2 protocol tunneling port counters: Router# clear l2protocol-tunnel counters Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 14-9 78-14064-04...
  • Page 192 Chapter 14 Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling Configuring Support for Layer 2 Protocol Tunneling Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 14-10 78-14064-04...
  • Page 193 Configuring STP and IEEE 802.1s MST This chapter describes how to configure the Spanning Tree Protocol (STP) and the IEEE 802.1s Multiple Spanning Tree (MST) protocol on Cisco 7600 series routers. Note For complete syntax and usage information for the commands used in this chapter, refer to the Cisco 7600 Series Router Cisco IOS Command Reference publication.
  • Page 194: Chapter 15 Configuring Stp And Ieee 802.1 Mst

    LAN segment or a switched LAN of multiple segments. Cisco 7600 series routers use STP (the IEEE 802.1D bridge protocol) on all VLANs. By default, a single instance of STP runs on each configured VLAN (provided you do not manually disable STP). You can enable and disable STP on a per-VLAN basis.
  • Page 195: Understanding The Bridge Id

    1024 STP MAC Address Allocation Cisco 7600 series router chassis have either 64 or 1024 MAC addresses available to support software features such as STP. To view the MAC address range on your chassis, enter the show catalyst6000 chassis-mac-address command.
  • Page 196: Understanding Bridge Protocol Data Units

    When you change the bridge priority value, you change the probability that the router will be elected as the root bridge. Configuring a higher value increases the probability; a lower value decreases the probability. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-4 78-14064-04...
  • Page 197: Stp Protocol Timers

    The goal is to make the fastest link the root port. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-5...
  • Page 198: Stp Port States

    LAN before starting to forward frames. They must allow the frame lifetime to expire for frames that have been forwarded using the old topology. Each Layer 2 LAN port on a Cisco 7600 series router using STP exists in one of the following five states: •...
  • Page 199 Forwarding state When you enable STP, every port in the Cisco 7600 series router, VLAN, and network goes through the blocking state and the transitory states of listening and learning at power up. If properly configured, each Layer 2 LAN port stabilizes to the forwarding or blocking state.
  • Page 200: Blocking State

    Layer 2 LAN port, so there is no address database update.) • Receives BPDUs and directs them to the system module. • Does not transmit BPDUs received from the system module. • Receives and responds to network management messages. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-8 78-14064-04...
  • Page 201: Listening State

    Receives BPDUs and directs them to the system module. • Receives, processes, and transmits BPDUs received from the system module. • Receives and responds to network management messages. • Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-9 78-14064-04...
  • Page 202: Learning State

    Receives BPDUs and directs them to the system module. • • Receives, processes, and transmits BPDUs received from the system module. • Receives and responds to network management messages. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-10 78-14064-04...
  • Page 203: Forwarding State

    Incorporates end station location information into its address database. • Receives BPDUs and directs them to the system module. • Processes BPDUs received from the system module. • • Receives and responds to network management messages. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-11 78-14064-04...
  • Page 204: Stp And Ieee 802.1Q Trunks

    • STP and IEEE 802.1Q Trunks 802.1Q trunks impose some limitations on the STP strategy for a network. In a network of Cisco network devices connected through 802.1Q trunks, the network devices maintain one instance of STP for each VLAN allowed on the trunks. However, non-Cisco 802.1Q network devices maintain only one instance of STP for all VLANs allowed on the trunks.
  • Page 205: Understanding How Ieee 802.1W Rstp Works

    In Cisco IOS release 12.1(11)EX and later releases, RSTP is implemented as part of Multiple Spanning Note Tree Protocol (MSTP). In Cisco IOS release 12.1(13)E and later releases, RSTP is also available as a standalone protocol in Rapid-Per-VLAN-Spanning Tree (Rapid-PVST) mode. In this mode, the switch runs an RSTP instance on each VLAN, which follows the usual PVST+ approach.
  • Page 206: Rstp Port States

    In Cisco IOS release 12.1(11)EX and later releases, RSTP is implemented as part of Multiple Spanning Note Tree Protocol (MSTP). In Cisco IOS release 12.1(13)E and later releases, RSTP is also available as a standalone protocol in Rapid-Per-VLAN-Spanning Tree (Rapid-PVST) mode. In this mode, the switch runs an RSTP instance on each VLAN, which follows the usual PVST+ approach.
  • Page 207: Ieee 802.1S Mst Overview

    (RST) algorithm to multiple spanning trees. This extension provides both rapid convergence and load balancing in a VLAN environment. MST converges faster than PVST+. MST is backward compatible with 802.1D STP, 802.1w (rapid spanning tree protocol [RSTP]), and the Cisco PVST+ architecture.
  • Page 208: Mst-To-Pvst Interoperability

    Figure 15-8 Network with Interconnected SST and MST Regions Region Region Region F/f = Forwarding B/b = Blocking R = Root Bridge Region = Root port Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-16 78-14064-04...
  • Page 209 VLANs on its designated ports, root guard sets the port to the blocking state. Do not designate switches with a slower CPU running PVST+ as a switch running MST. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-17 78-14064-04...
  • Page 210: Common Spanning Tree

    CST (802.1Q) is a single spanning tree for all the VLANs. In a Catalyst 6000 family switch running PVST+, the VLAN 1 spanning tree corresponds to CST. In a Cisco 7600 series router running MST, IST (instance 0) corresponds to CST.
  • Page 211: Mst Regions

    If the CST root is outside the MST region, then one of the MST bridges at the boundary is selected as the IST master. Other bridges on the boundary that belong to the same region eventually block the boundary ports that lead to the root. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-19 78-14064-04...
  • Page 212: Message Age And Hop Count

    The message age and maximum age timer settings in the RST portion of the BPDU remain the same throughout the region, and the same values are propagated by the region’s designated ports at the boundary. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-20 78-14064-04...
  • Page 213: Default Stp Configuration

    Do not use PVST bridges as the root of CST. • Ensure that all PVST spanning tree root bridges have lower (numerically higher) priority than the • CST root bridge. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-21 78-14064-04...
  • Page 214: Configuring Stp

    Do not disable spanning tree in a VLAN without ensuring that there are no physical loops present in the VLAN. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-22...
  • Page 215: Enabling Stp

    STP is enabled by default on VLAN 1 and on all newly created VLANs. You can enable STP on a per-VLAN basis. The Cisco 7600 series router maintains a separate instance of STP for each VLAN (except on VLANs on which you disable STP).
  • Page 216: Enabling The Extended System Id

    Router# show spanning-tree vlan vlan_ID When you enable or disable the extended system ID, the bridge IDs of all active STP instances are Note updated, which might change the spanning tree topology. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-24 78-14064-04...
  • Page 217: Configuring The Root Bridge

    Extended system ID is enabled. Configuring the Root Bridge Cisco 7600 series routers maintain a separate instance of STP for each active VLAN. A bridge ID, consisting of the bridge priority and the bridge MAC address, is associated with each instance. For each VLAN, the network device with the lowest bridge ID becomes the root bridge for that VLAN.
  • Page 218: Configuring A Secondary Root Bridge

    Step 2 Exits configuration mode. Router(config)# end This example shows how to configure the Cisco 7600 series router as the root bridge for VLAN 10, with a network diameter of 4: Router# configure terminal Router(config)# spanning-tree vlan 10 root primary diameter 4...
  • Page 219: Configuring Stp Port Priority

    The possible priority range is 0 through 240 (default 128), configurable in increments of 16. Cisco IOS uses the port priority value when the LAN port is configured as an access port and uses VLAN port priority values when the LAN port is configured as a trunk port.
  • Page 220 Prio.Nbr Status ---------------- ---- --- --------- -------- -------------------------------- VLAN0001 Back BLK 200000 160.196 VLAN0006 Back BLK 200000 160.196 VLAN0199 Back BLK 200000 160.196 VLAN0200 Desg FWD 200000 64.196 Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-28 78-14064-04...
  • Page 221: Configuring Stp Port Cost

    This example shows how to verify the configuration: Router# show spanning-tree interface fastEthernet 4/4 Vlan Role Sts Cost Prio.Nbr Status ---------------- ---- --- --------- -------- -------------------------------- VLAN0001 Back BLK 1000 160.196 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-29 78-14064-04...
  • Page 222: Configuring The Bridge Priority Of A Vlan

    Be careful when using this command. For most situations, we recommend that you enter the Note spanning-tree vlan vlan_ID root primary and the spanning-tree vlan vlan_ID root secondary commands to modify the bridge priority. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-30 78-14064-04...
  • Page 223 This example shows how to verify the configuration: Router# show spanning-tree vlan 200 bridge Hello Max Vlan Bridge ID Time Age Delay Protocol ---------------- -------------------- ---- ---- ----- -------- VLAN200 33792 0050.3e8d.64c8 ieee Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-31 78-14064-04...
  • Page 224: Configuring The Hello Time

    Reverts to the default forward time. Router(config)# no spanning-tree vlan vlan_ID forward-time Step 2 Exits configuration mode. Router(config)# end Step 3 Verifies the configuration. Router# show spanning-tree vlan vlan_ID bridge [detail] Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-32 78-14064-04...
  • Page 225: Configuring The Maximum Aging Time For A Vlan

    To enable Rapid-PVST mode on the switch, enter the spanning-tree mode rapid-pvst command in privileged mode. To configure the switch in Rapid-PVST mode, see the “Configuring STP” section on page 15-22. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-33 78-14064-04...
  • Page 226: Configuring Ieee 802.1S Mst

    Router(config)# spanning-tree mode mst Step 3 Configures the MST region by entering the MST Router(config)# spanning-tree mst configuration configuration submode. Clears the MST configuration. Router(config)# no spanning-tree mst configuration Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-34 78-14064-04...
  • Page 227 Revision Instance Vlans mapped -------- --------------------------------------------------------------------- 1001-4094 1-1000 ------------------------------------------------------------------------------- Router(config-mst)# no instance 2 Router(config-mst)# show pending Pending MST configuration Name [cisco] Revision Instance Vlans mapped -------- --------------------------------------------------------------------- 1-4094 ------------------------------------------------------------------------------- Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-35 78-14064-04...
  • Page 228: Displaying Mst Configurations

    Router(config-mst)# instance 1 vlan 1-10 Router(config-mst)# name cisco Router(config-mst)# revision 1 Router(config-mst)# ^Z Router# show spanning-tree mst configuration Name [cisco] Revision Instance Vlans mapped -------- --------------------------------------------------------------------- 11-4094 1-10 ------------------------------------------------------------------------------- Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-36 78-14064-04...
  • Page 229 Boundary :internal bpdu guard :disable (default) Bpdus (MRecords) sent 2, received 364 Instance Role Sts Cost Prio.Nbr Vlans mapped -------- ---- --- --------- -------- ------------------------------- Back BLK 1000 160.196 1-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-37 78-14064-04...
  • Page 230 Pathcost method used is long Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------- MST00 MST01 ---------------------- -------- --------- -------- ---------- ---------- 2 msts Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-38 78-14064-04...
  • Page 231: Configuring Mst Instance Parameters

    Role Sts Cost Prio.Nbr Status ---------------- ---- --- --------- -------- -------------------------------- Fa4/4 Back BLK 1000 160.196 Fa4/5 Desg FWD 200000 128.197 Fa4/48 Boun FWD 200000 128.240 P2p Bound(STP) Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-39 78-14064-04...
  • Page 232: Configuring Mst Instance Port Parameters

    A switch also might continue to assign a boundary role to a port when the switch to which it is connected has joined the region. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-40...
  • Page 233 EXEC command to restart the protocol migration process on a specific interface. This example shows how to restart protocol migration: Router# clear spanning-tree detected-protocols interface fastEthernet 4/4 Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-41 78-14064-04...
  • Page 234 Chapter 15 Configuring STP and IEEE 802.1s MST Configuring IEEE 802.1s MST Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 15-42 78-14064-04...
  • Page 235: Configuring Optional Stp Features

    This chapter describes how to configure optional STP features. For complete syntax and usage information for the commands used in this chapter, refer to the Note Cisco 7600 Series Router Cisco IOS Command Reference publication. This chapter consists of these sections: Understanding How PortFast Works, page 16-2 •...
  • Page 236: C H A P T E R 16 Configuring Optional Stp Features

    Explicate configuring PortFast BPDU filtering on a port that is not connected to a host can result in bridging loops as the port will ignore any BPDU it receives and go to forwarding. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 16-2...
  • Page 237: Understanding How Uplinkfast Works

    Switch B is in the blocking state. Figure 16-1 UplinkFast Example Before Direct Link Failure Switch A Switch B (Root) Blocked port Switch C Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 16-3 78-14064-04...
  • Page 238: Understanding How Backbonefast Works

    Switch B over link L1 and to Switch C over link L2. The Layer 2 LAN interface on Switch C that connects directly to Switch B is in the blocking state. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 16-4...
  • Page 239 However, the other network devices ignore these inferior BPDUs and the new network device learns that Switch B is the designated bridge to Switch A, the root bridge. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 16-5...
  • Page 240: Understanding How Etherchannel Guard Works

    Added switch Understanding How EtherChannel Guard Works EtherChannel guard detects a misconfigured EtherChannel where interfaces on the Cisco 7600 series router are configured as an EtherChannel while interfaces on the other device are not or not all the interfaces on the other device are in the same EtherChannel.
  • Page 241 If a set of ports that are already blocked by loop guard are grouped together to form a channel, spanning tree loses all the state information for those ports and the new channel port may obtain the forwarding state with a designated role. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 16-7 78-14064-04...
  • Page 242: Enabling Portfast

    This example shows how to verify the configuration: Router# show running-config interface fastethernet 5/8 Building configuration... Current configuration: interface FastEthernet5/8 no ip address switchport switchport access vlan 200 switchport mode access spanning-tree portfast Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 16-8 78-14064-04...
  • Page 243 %Warning:portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION Router(config-if)# ^Z Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 16-9 78-14064-04...
  • Page 244: Enabling Portfast Bpdu Filtering

    UplinkFast is disabled BackboneFast is disabled Pathcost method used is long Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------- 2 vlans Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 16-10 78-14064-04...
  • Page 245: Enabling Bpdu Guard

    Router(config)# end Step 3 Verifies the configuration. Router# show spanning-tree summary totals This example shows how to enable BPDU Guard: Router# configure terminal Router(config)# spanning-tree portfast bpduguard Router(config)# end Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 16-11 78-14064-04...
  • Page 246: Enabling Uplinkfast

    UplinkFast increases the bridge priority to 49152 and adds 3000 to the STP port cost of all Layer 2 LAN interfaces on the Cisco 7600 series router, decreasing the probability that the router will become the root bridge. The max_update_rate value represents the number of multicast packets transmitted per second (the default is 150 packets per second).
  • Page 247: Enabling Backbonefast

    Number of RLQ request PDUs received (all VLANs) Number of RLQ response PDUs received (all VLANs) Number of RLQ request PDUs sent (all VLANs) Number of RLQ response PDUs sent (all VLANs) Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 16-13 78-14064-04...
  • Page 248: Enabling Etherchannel Guard

    Router# show running interface {type slot/port} | {port-channel port_channel_number} type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Enter the show spanning-tree inconsistentports command to display ports that are in the root-inconsistent state. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 16-14 78-14064-04...
  • Page 249: Enabling Loop Guard

    This example shows how to enable loop guard: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface fastEthernet 4/4 Router(config-if)# spanning-tree guard loop Router(config-if)# ^Z Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 16-15 78-14064-04...
  • Page 250 The port is in the portfast mode by portfast trunk configuration Link type is point-to-point by default Bpdu filter is enabled Loop guard is enabled on the port BPDU:sent 0, received 0 Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 16-16 78-14064-04...
  • Page 251: Chapter 17 Configuring Ip Unicast Layer 3 Switching On Supervisor Engine

    Distributed Forwarding Cards (DFCs), and Multilayer Switch Feature Card 2 (MSFC2). Note For complete syntax and usage information for the commands used in this chapter, refer to the Cisco 7600 Series Router Cisco IOS Command Reference publication and the publications at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.htm This chapter consists of these sections: •...
  • Page 252: Understanding Hardware Layer 3 Switching On Pfc2 And Dfcs

    When a packet is Layer 3 switched from a source in one subnet to a destination in another subnet, the Cisco 7600 series router performs a packet rewrite at the egress port based on information learned from the MSFC2 so that the packets appear to have been routed by the MSFC2.
  • Page 253 MAC = Bb MAC = Dd MSFC Host B MAC = Aa 171.59.3.1 Subnet 1/Sales Host A MAC = Cc 171.59.1.2 Data 171.59.1.2:171.59.2.2 Aa:Dd Host C 171.59.2.2 Data 171.59.1.2:171.59.2.2 Dd:Cc Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 17-3 78-14064-04...
  • Page 254: Default Hardware Layer 3 Switching Configuration

    802.3 with 802.2 and SNAP Note With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC mode-level commands by entering the do keyword before the EXEC mode-level command. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 17-4 78-14064-04...
  • Page 255: Configuring Hardware Layer 3 Switching

    Note The Layer 3 switching packet count is updated approximately every five seconds. Cisco IOS CEF and dCEF are permanently enabled on the MSFC2. No configuration is required to support hardware Layer 3 switching. The Cisco IOS CEF ip load-sharing per-packet, ip cef accounting per-prefix, and ip cef accounting non-recursive commands on the MSFC2 apply only to traffic that is CEF-switched in software on the MSFC2.
  • Page 256: Displaying Hardware Layer 3 Switching Statistics

    This example shows how to display adjacency statistics: Router# show adjacency gigabitethernet 9/5 detail Protocol Interface Address GigabitEthernet9/5 172.20.53.206(11) 504 packets, 6110 bytes 00605C865B82 000164F83FA50800 03:49:31 Adjacency statistics are updated approximately every 60 seconds. Note Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 17-6 78-14064-04...
  • Page 257 Configuring IP Multicast Layer 3 Switching This chapter describes how to configure IP multicast Layer 3 switching on the Cisco 7600 series routers. For more information on the syntax and usage for the commands used in this chapter, refer to the Note Cisco 7600 Series Router Cisco IOS Command Reference publication.
  • Page 258: Understanding How Ip Multicast Layer 3 Switching Works

    Policy Feature Card 2 (PFC2) provides Layer 3 switching for IP multicast flows using the hardware replication table and hardware Cisco Express Forwarding (CEF), which uses the forwarding information base (FIB) and the adjacency table on the PFC2. In systems with Distributed Forwarding Cards (DFCs), IP multicast flows are Layer 3 switched locally using Multicast Distributed Hardware Switching (MDHS).
  • Page 259: Ip Multicast Layer 3 Switching Flow Mask

    Source Destination Source Checksum Group G1 MAC Source A MAC Group G1 IP Source A IP calculation1 1. In this example, Destination B is a member of Group G1. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 18-3 78-14064-04...
  • Page 260: Partially And Completely Switched Flows

    The maximum transmission unit (MTU) of the RPF interface is greater than the MTU of any outgoing interface. If Network Address Translation (NAT) is configured on an interface, and source address translation • is required for the outgoing interface. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 18-4 78-14064-04...
  • Page 261: Non-Rpf Traffic Processing

    (non-PIM DR) must drop this traffic because it has arrived on the wrong interface and fails the RPF check. Traffic that fails the RPF check is called non-RPF traffic. The Cisco 7600 series router processes non-RPF traffic in hardware on the PFC by filtering (dropping) or rate limiting the non-RPF traffic.
  • Page 262 PFC2 and the DFCs support both rate-limiting modes. CEF-based rate limiting of RPF failures is the default on systems with PFC2 and for DFCs. NetFlow-based rate limiting of RPF failures is the only rate limiting mode supported with PFC1. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 18-6 78-14064-04...
  • Page 263: Default Ip Multicast Layer 3 Switching Configuration

    Bridging of the flow on an interface with IGMP snooping disabled causes flooding to all forwarding interfaces of the VLAN. For details on configuring IGMP snooping, see Chapter 21, “Configuring IGMP Snooping.” Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 18-7 78-14064-04...
  • Page 264: Ip Multicast Layer 3 Switching Configuration Guidelines And Restrictions

    For PIM auto-RP multicast groups (IP multicast group addresses 224.0.1.39 and 224.0.1.40). • For flows that are forwarded on the multicast-shared tree (that is, {*,G,*} forwarding) when the interface or group is running PIM sparse mode. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 18-8 78-14064-04...
  • Page 265: Pfc1 And Pfc2 General Restrictions

    • With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC mode-level Note commands by entering the do keyword before the EXEC mode-level command. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 18-9 78-14064-04...
  • Page 266: Source Specific Multicast With Igmpv3, Igmp V3Lite, And Urd

    Layer 3 interfaces. For complete information and procedures, refer to these publications: • Cisco IOS IP and IP Routing Configuration Guide, Release 12.1, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/index.htm Cisco IOS IP and IP Routing Command Reference, Release 12.1, at this URL: •...
  • Page 267: Enabling Ip Multicast Layer 3 Switching On Layer 3 Interfaces

    To configure the Layer 3 switching threshold, perform this task: Command Purpose Configures the IP MMLS threshold. Router(config)# mls ip multicast threshold ppsec Reverts to the default IP MMLS threshold. Router(config)# no mls ip multicast threshold Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 18-11 78-14064-04...
  • Page 268: Enabling Installation Of Directly Connected Subnets

    Disables NetFlow-based rate limiting of RPF failures Router(config)# no mls ip multicast non-rpf netflow globally. Step 2 Selects the Layer 3 interface to be configured. Router(config)# interface {{vlan vlan_ID} | {type slot/port} | {port-channel channel_ID}} Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 18-12 78-14064-04...
  • Page 269: Enabling Cef-Based Rate Limiting Of Rpf Failures

    4 mintues. To enable shortcut-consistency checking, perform this task: Command Purpose Enables shortcut-consistency checking. Router(config)# mls ip multicast consistency-check Restores the default. Router(config)# no mls ip multicast consistency-check Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 18-13 78-14064-04...
  • Page 270: Configuring Acl-Based Filtering Of Rpf Failures

    The show ip pim interface count command displays the IP multicast Layer 3 switching enable state on IP PIM interfaces and the number of packets received and sent on the interface. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 18-14...
  • Page 271 Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are never sent ICMP mask replies are never sent Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 18-15 78-14064-04...
  • Page 272: Displaying The Ip Multicast Routing Table

    (*, 230.13.13.2), 00:16:41/00:00:00, RP 10.15.1.20, flags:SJC Incoming interface:GigabitEthernet4/8, RPF nbr 10.15.1.20, RPF-MFD Outgoing interface list: GigabitEthernet4/9, Forward/Sparse-Dense, 00:16:41/00:00:00, H (10.20.1.15, 230.13.13.1), 00:14:31/00:01:40, flags:CJT Incoming interface:GigabitEthernet4/8, RPF nbr 10.15.1.20, RPF-MFD Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 18-16 78-14064-04...
  • Page 273: Displaying Ip Multicast Layer 3 Switching Statistics

    This example shows how to display IP multicast Layer 3 switching information for VLAN 10: Router# show mls ip multicast interface vlan 10 Multicast hardware switched flows: (10.1.0.15, 224.2.2.15) Incoming interface: Vlan10, Packets switched: 0 Hardware switched outgoing interfaces: MFD installed: Vlan10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 18-17 78-14064-04...
  • Page 274: Using Debug Commands

    Command Description [no] debug mls ip multicast events Displays IP multicast Layer 3 switching events. Turns on debug messages for multicast MLS-related errors. [no] debug mls ip multicast errors Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 18-18 78-14064-04...
  • Page 275: Clearing Ip Multicast Layer 3 Switching Statistics

    VLAN, the multicast group address, or the multicast traffic source. For an example of the show mls ip multicast statistics command, see the “Displaying IP Multicast Layer 3 Switching Statistics” section on page 18-17. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 18-19 78-14064-04...
  • Page 276 Chapter 18 Configuring IP Multicast Layer 3 Switching Configuring IP Multicast Layer 3 Switching Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 18-20 78-14064-04...
  • Page 277: Configuring Ip Unicast Layer 3 Switching On Supervisor Engine

    Cisco 7600 series routers. Note For complete syntax and usage information for the commands used in this chapter, refer to the Cisco 7600 Series Router Cisco IOS Command Reference publication. This chapter consists of these sections: Understanding How IP MLS Works, page 19-2 •...
  • Page 278: C H A P T E R 19 Configuring Ip Unicast Layer 3 Switching On Supervisor Engine 1

    IP MLS Operation, page 19-5 IP MLS Overview IP MLS provides high-performance hardware-based Layer 3 switching for Cisco 7600 series routers. IP MLS switches unicast IP data packet flows between IP subnets using advanced application-specific integrated circuit (ASIC) switching hardware, which offloads the processor-intensive packet routing from network routers.
  • Page 279: Layer 3 Mls Cache

    Interaction Between Software Features and Flow Mask Behavior This section describes the flow mask used when different software features are configured in a system with a Supervisor Engine 1. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 19-3 78-14064-04...
  • Page 280: Layer 3-Switched Packet Rewrite

    Layer 3 packets so that they appear to have been routed by a router. The PFC forwards the rewritten packet to Host B’s VLAN (the destination VLAN is stored in the MLS cache entry) and Host B receives the packet. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 19-4 78-14064-04...
  • Page 281: Ip Mls Operation

    MAC = Dd MSFC Host B MAC = Aa 171.59.3.1 Subnet 1/Sales Host A MAC = Cc 171.59.1.2 Data 171.59.1.2: 2000 Aa:Dd Host C 171.59.2.2 Data 171.59.1.2: 2000 Dd:Cc Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 19-5 78-14064-04...
  • Page 282: Default Ip Mls Configuration

    With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC mode-level Note commands by entering the do keyword before the EXEC mode-level command. Enabling IP MLS Globally IP MLS is enabled globally and cannot be disabled. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 19-6 78-14064-04...
  • Page 283: Disabling And Enabling Ip Mls On A Layer 3 Interface

    ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 19-7 78-14064-04...
  • Page 284: Configuring The Mls Aging-Time

    Reverts to the default IP MLS flow mask. Router(config)# no mls flow ip This example shows how to set the minimum IP MLS flow mask: Router(config)# mls flow ip destination Router(config)# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 19-8 78-14064-04...
  • Page 285: Displaying Ip Mls Cache Entries

    | flow [tcp | udp] | interface {{vlan vlan_ID} | {type slot/port} | {port-channel number}} | macd destination_mac_address | macs source_mac_address | multicast | source ip_address] 1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 19-9 78-14064-04...
  • Page 286: Displaying Ip Mls Cache Entries For A Specific Destination Address

    | detail | flow [tcp | udp] | source address. interface {{vlan vlan_ID} | {type slot/port} | {port-channel number}} | macd destination_mac_address | macs source_mac_address | multicast] 1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 19-10 78-14064-04...
  • Page 287: Displaying Entries For A Specific Ip Flow

    • remain in the table. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 19-11 78-14064-04...
  • Page 288: Displaying Ip Mls Contention Table And Statistics

    3, accelerated aging starts, and begins to age out entries at a rate suitable to reduce the current contention rate. The detailed option displays the breakdown of contention between different flows. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 19-12...
  • Page 289 Vlan 1 Statistics Information: ------------------------------- 65280 Layer 2 Packets Bridged, 0 Bytes 65280 Layer 3 Packets Input, 0 Bytes 65280 Layer 3 Packets Output, 0 Bytes Slot 2 ======= Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 19-13 78-14064-04...
  • Page 290: Troubleshooting Ip Mls

    This example shows how to configure all IP debugging: Router# debugging mls ip all mls ip all debugging is on Router# Enter the show tech-support command to display system information. Note Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 19-14 78-14064-04...
  • Page 291: Configuring Ipx Unicast Layer 3 Switching On Supervisor Engine

    Cisco 7600 series router. For complete syntax and usage information for the commands used in this chapter, refer to the Note Cisco 7600 Series Router Cisco IOS Command Reference publication. This chapter consists of these sections: •...
  • Page 292: C H A P T E R 20 Configuring Ipx Unicast Layer 3 Switching On Supervisor Engine 1

    IPX MLS Operation, page 20-4 IPX MLS Overview IPX MLS provides high-performance hardware-based Layer 3 switching for Cisco 7600 series routers. IPX MLS switches unicast IPX data packet flows between networks using advanced application-specific integrated circuit (ASIC) switching hardware, offloading processor-intensive packet routing from network routers.
  • Page 293: Flow Masks

    Host B, the PFC recognizes that the packet was sent to the MAC address of the MSFC. The PFC checks the MLS cache and finds the entry matching the flow in question. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 20-3...
  • Page 294: Ipx Mls Operation

    Host B to Host A. The destination VLAN is stored as part of each IPX MLS entry so that the correct VLAN identifier is used when encapsulating traffic on trunk links. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 20-4...
  • Page 295: Default Ipx Mls Configuration

    900 seconds Configuration Guidelines and Restrictions • These Cisco IOS software features and commands affect IPX MLS: – IPX accounting—IPX accounting cannot be enabled on an IPX MLS-enabled interface. IPX EIGRP—MLS is supported for EIGRP interfaces if the Transport Control (TC) maximum –...
  • Page 296: Configuring Ipx Mls

    Disables IPX MLS. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet This example shows how to enable IPX MLS for Fast Ethernet interface 5/5: Router(config)# interface fastethernet 5/5 Router(config-if)# mls ipx Router(config-if)# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 20-6 78-14064-04...
  • Page 297: Configuring The Mls Aging Time

    The MLS aging time applies to all MLS cache entries. See the “Configuring the MLS Aging Time” section on page 33-10. IPX MLS does not use fast aging. Note Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 20-7 78-14064-04...
  • Page 298: Configuring The Minimum Ipx Mls Flow Mask

    • Displaying IPX MLS Cache Entries, page 20-9 • Displaying the IPX MLS Contention Table, page 20-11 • Displaying IPX MLS VLAN Statistics, page 20-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 20-8 78-14064-04...
  • Page 299: Displaying Ipx Mls Cache Entries

    This example shows how to display all IPX MLS entries on the switch: Router# show mls ipx DstNet-DstNode SrcNet DstVlan-DstMac Pkts Bytes ----------------------------------------------------------------------- SrcDstPorts SrcDstEncap Age LastSeen ---------------------------------------- Number of Entries Found = 0 Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 20-9 78-14064-04...
  • Page 300 This example shows how to display IPX MLS entries for a specific source IPX address: Router# show mls ipx source 1.2.2.2 DstNet-DstNode SrcNet DstVlan-DstMac Pkts Bytes ----------------------------------------------------------------------- SrcDstPorts SrcDstEncap Age LastSeen ---------------------------------------- Number of Entries Found = 0 Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 20-10 78-14064-04...
  • Page 301: Displaying The Ipx Mls Contention Table

    1 through 3, accelerated aging starts, which begins to age out entries at a rate suitable to reduce the current contention rate. The detailed option displays the breakdown of contention between different flows. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 20-11 78-14064-04...
  • Page 302: Displaying Ipx Mls Vlan Statistics

    Vlan 1 Statistics Information: ------------------------------- 65280 Layer 2 Packets Bridged, 0 Bytes 65280 Layer 3 Packets Input, 0 Bytes 65280 Layer 3 Packets Output, 0 Bytes Slot 2 ======= Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 20-12 78-14064-04...
  • Page 303: Clearing Ipx Mls Cache Entries

    Router# clear mls ipx interface fastethernet 5/5 Router# To display the MLS entries and confirm they have been cleared, see the “Displaying IPX MLS Information” section on page 20-8. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 20-13 78-14064-04...
  • Page 304: Troubleshooting Ipx Mls

    Displays packet data in and out of the SCP system. [no] debug scp packets Reports timeouts. [no] debug scp timeouts Turns on all SCP debugging messages. [no] debug scp all Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 20-14 78-14064-04...
  • Page 305: Chapter 21 Configuring Igmp Snooping

    To support Cisco Group Management Protocol (CGMP) client devices, configure the Multilayer Note • Switch Feature Card (MSFC) as a CGMP server. Refer to the Cisco IOS IP and IP Routing Configuration Guide, Release 12.1, “IP Multicast,” “Configuring IP Multicast Routing,” at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt3/1cdmulti.htm...
  • Page 306: Igmp Snooping Overview

    IGMP snooping learning. Multicast group membership lists can consist of both static and IGMP snooping-learned settings. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 21-2 78-14064-04...
  • Page 307 21-2. Because the forwarding table directs IGMP messages only to the CPU, the message is not flooded to other ports. Any known multicast traffic is forwarded to the group and not to the CPU. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 21-3 78-14064-04...
  • Page 308: Leaving A Multicast Group

    If the leave message was from the only remaining interface with hosts interested in the group and IGMP snooping does not receive an IGMP Join in Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 21-4...
  • Page 309: Understanding Igmp Snooping Querier

    IGMP reports to establish appropriate forwarding. You can enable the IGMP snooping querier on all the Cisco 7600 series routers in the VLAN, but for each VLAN that is connected to switches that use IGMP to report interest in IP multicast traffic, you must set at least one switch as the IGMP snooping querier.
  • Page 310: Understanding Igmp Version 3 Support

    When enabled, the IGMP snooping querier disables itself if it detects IGMP traffic from a multicast router. You can enable the IGMP snooping querier on all the Cisco 7600 series routers in the VLAN. On • each VLAN that is connected to switches that use IGMP to report interest in IP multicast traffic, you must set one switch as the IGMP querier.
  • Page 311: Restrictions

    IP multicast routing, the IP multicast router acts as the IGMP querier. Note To enable IP multicast routing on the Cisco 7600 series routers on a specific VLAN, enter the ip pim sparse-mode command, the ip pim sparse-dense-mode command, or the ip pim dense-mode command on that interface.
  • Page 312: Configuring Igmp Snooping

    Switching”) or enable the IGMP snooping querier in the subnet (see “Enabling the IGMP Snooping Querier” section on page 21-7). IGMP snooping allows Cisco 7600 series routers to examine IGMP packets and make forwarding decisions based on their content. These sections describe how to configure IGMP snooping: •...
  • Page 313: Enabling Igmp Snooping

    IGMP snooping is globally enabled IGMP snooping is enabled on this interface IGMP snooping fast-leave is enabled on this interface IGMP snooping querier is disabled on this interface Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 21-9 78-14064-04...
  • Page 314: Configuring Igmp Snooping Learning

    All releases support the mac-address-table static command. The ip igmp snooping mrouter interface command, which was available in earlier releases and which provided the same functionality as the mac-address-table static command, is deprecated in Release 12.1(13)E and later releases. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 21-10 78-14064-04...
  • Page 315: Configuring The Igmp Query Interval

    Router(config-if)# ip igmp snooping fast-leave Configuring fast leave on vlan 200 Router(config-if)# end Router# show ip igmp interface vlan 200 | include fast-leave IGMP snooping fast-leave is enabled on this interface Router(config-if)# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 21-11 78-14064-04...
  • Page 316: Configuring A Host Statically

    When you enable IGMP snooping, the router automatically learns to which interface multicast routers are connected. To display multicast router interfaces, perform this task: Command Purpose Displays multicast router interfaces. Router# show ip igmp snooping mrouter interface vlan_ID Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 21-12 78-14064-04...
  • Page 317: Displaying Mac Address Multicast Entries

    IGMP max query response time is 10 seconds Last member query response interval is 1000 ms Inbound IGMP access group is not set IGMP activity: 0 joins, 0 leaves Multicast routing is enabled on interface Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 21-13 78-14064-04...
  • Page 318 IGMP snooping is globally enabled IGMP snooping is enabled on this interface IGMP snooping fast-leave is enabled on this interface IGMP snooping querier is disabled on this interface Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 21-14 78-14064-04...
  • Page 319: Chapter 22 Configuring Rgmp

    The RGMP hello message tells the Cisco 7600 series router not to send multicast data to the router unless an RGMP join message has also been sent to the Cisco 7600 series router from that router. When an RGMP join message is sent, the router is able to receive multicast data.
  • Page 320: Default Rgmp Configuration

    When RGMP is enabled on the router, no multicast data traffic is sent to the router by the Cisco 7600 series router unless an RGMP join is specifically sent for a group. When RGMP is disabled on the router, all multicast data traffic is sent to the router by the Cisco 7600 series router.
  • Page 321: Enabling Rgmp On Layer 3 Interfaces

    Because multiple IP multicast addresses can map to one MAC address (see RFC 1112), RGMP cannot differentiate between the IP multicast groups that might map to a MAC address. – The capability of the Cisco 7600 series router to constrain traffic is limited by its content-addressable memory (CAM) table capacity. Note With Release 12.1(11b)E and later releases, when you are in configuration mode you can enter EXEC...
  • Page 322 Chapter 22 Configuring RGMP Enabling RGMP on Layer 3 Interfaces Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 22-4 78-14064-04...
  • Page 323: Chapter 23 Configuring Network Security

    C H A P T E R Configuring Network Security This chapter contains network security information unique to the Cisco 7600 series routers, which supplements the network security information and procedures in these publications: Cisco IOS Security Configuration Guide, Release 12.1, at this URL: •...
  • Page 324: Hardware And Software Acl Support

    Internetwork Packet Exchange (IPX) access lists – Extended MAC address access list – Protocol type-code access list – Note IP packets with a header length of less than five will not be access controlled. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 23-2 78-14064-04...
  • Page 325: Guidelines And Restrictions For Using Layer 4 Operators In Acls

    For example, in this ACL there are two different Layer 4 operations because one ACE applies to the source port and one applies to the destination port..Src gt 10 ..Dst gt 10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 23-3 78-14064-04...
  • Page 326: Determining Logical Operation Unit Usage

    Configuring the Cisco IOS Firewall Feature Set Release 12.1(11b)E and later releases include firewall feature set images. Note These sections describe configuring the Cisco IOS firewall feature set on the Cisco 7600 series routers: Cisco IOS Firewall Feature Set Support Overview, page 23-5 •...
  • Page 327: Cisco Ios Firewall Feature Set Support Overview

    Cisco IOS Security Command Reference publication at this URL: • http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_r/index.htm The following features are supported with and without the use of a Cisco IOS firewall image: • Standard access lists and static extended access lists • Lock-and-key (dynamic access lists) •...
  • Page 328: Firewall Configuration Guidelines And Restrictions

    You need to do additional CBAC configuration on the Cisco 7600 series routers. On a network device other than a Cisco 7600 series router, when ports are configured to deny traffic, CBAC permits traffic to flow bidirectionally through the port if it is configured with the ip inspect command. The same behavior...
  • Page 329: Configuring Mac Address-Based Traffic Blocking

    If the FTP session enters on VLAN 100 and needs to leave on VLAN 200, CBAC on a Cisco 7600 series router permits the FTP traffic only through ACLs deny_ftp_a and deny_ftp_b. To permit the traffic...
  • Page 330: Configuring Vlan Acls

    VLAN or, with releases 12.1(13)E or later, a WAN interface for VACL capture. Unlike regular Cisco IOS standard or extended ACLs that are configured on router interfaces only and are applied on routed packets only, VACLs apply to all packets and can be applied to any VLAN or WAN interface. VACLS are processed in hardware.
  • Page 331: Bridged Packets

    VACL applied on bridged packets. Figure 23-1 Applying VACLs on Bridged Packets VACL Bridged Host A Catalyst 6500 Series Switch Host B with PFC (VLAN 10) (VLAN 10) Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 23-9 78-14064-04...
  • Page 332: Routed Packets

    Figure 23-2 Applying VACLs on Routed Packets Routed Output IOS ACL Input IOS ACL MSFC VACL Bridged Bridged VACL Catalyst 6500 series switches with MSFC Host B Host A (VLAN 20) (VLAN 10) Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 23-10 78-14064-04...
  • Page 333: Configuring Vacls

    Configuring an Action Clause in a VLAN Access Map Sequence, page 23-14 • Applying a VLAN Access Map, page 23-14 • Verifying VLAN Access Map Configuration, page 23-15 • Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 23-11 78-14064-04...
  • Page 334: Vacl Configuration Overview

    Configuring a Capture Port, page 23-16 VACL Configuration Overview VACLs use standard and extended Cisco IOS IP and IPX ACLs, and MAC-Layer named ACLs (see the “Configuring MAC-Layer Named Access Lists (Optional)” section on page 32-39) and VLAN access maps.
  • Page 335 You can select one or more ACLs. • • VACLs attached to WAN interfaces support only standard and extended Cisco IOS IP ACLs. • Use the no keyword to remove a match clause or specified ACLs in the clause. •...
  • Page 336: Applying A Vlan Access Map

    VACLs applied to WAN interfaces support only the forward capture action. VACLs applied to WAN interfaces do not support the drop, forward, or redirect actions. Forwarded packets are still subject to any configured Cisco IOS security ACLs. • The capture action sets the capture bit for the forwarded packets so that ports with the capture •...
  • Page 337: Verifying Vlan Access Map Configuration

    Assume IP-named ACL net_10 and any_host are defined as follows: Router# show ip access-lists net_10 Extended IP access list net_10 permit ip 10.0.0.0 0.255.255.255 any Router# show ip access-lists any_host Standard IP access list any_host permit any Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 23-15 78-14064-04...
  • Page 338: Configuring A Capture Port

    Step 3 Configures the port to capture VACL-filtered traffic. Router(config-if)# switchport capture Disables the capture function on the interface. Router(config-if)# no switchport capture type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 23-16 78-14064-04...
  • Page 339: Configuring Vacl Logging

    Log messages are generated on a per-flow basis. A flow is defined as packets with the same IP addresses and Layer 4 (UDP or TCP) port numbers. When a log message is generated, the timer and packet count is reset. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 23-17...
  • Page 340: Configuring Tcp Intercept

    With Supervisor Engine 2 and PFC2, TCP intercept flows are processed in hardware. With Supervisor Engine 1 and PFC, TCP intercept flows are processed in software. For configuration procedures, refer to the Cisco IOS Security Configuration Guide, Release 12.1, “Traffic Filtering and Firewalls,” “Configuring TCP Intercept,” at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt3/scddenl.htm...
  • Page 341: Configuring Unicast Reverse Path Forwarding

    With Supervisor Engine 1 and PFC, the MSFC or MSFC 2 supports Unicast RPF in software. Configuring Unicast RPF For configuration procedures, refer to the Cisco IOS Security Configuration Guide, Release 12.1, “Other Security Features,” “Configuring Unicast Reverse Path Forwarding” at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt5/scdrpf.htm...
  • Page 342: Configuring The Unicast Rpf Checking Mode

    If the access list includes the logging action, information about the spoofed packets is sent to the log server. Note When you enter the ip verify unicast source reachable-via command, the Unicast RPF checking mode changes on all ports in the router. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 23-20 78-14064-04...
  • Page 343: Configuring Unicast Flood Protection

    The unicast flood protection feature protects the system from disruptions caused by unicast flooding. The Cisco 7600 series routers use forwarding tables to direct traffic to specific ports based on the VLAN number and the destination MAC address of the frame. When there is no entry corresponding to the frame’s destination MAC address in the incoming VLAN, the frame is sent to all forwarding ports within...
  • Page 344: Configuring Mac Move Notification

    To configure MAC move notification, perform this task: Command Purpose Step 1 Enables MAC move notification globally. Router(config)# [no] mac-address-table notification mac-move Step 2 Displays MAC move notification information. Router# show mac-address-table notification mac-move Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 23-22 78-14064-04...
  • Page 345 Configuring MAC Move Notification This example shows how to enable the MAC move notification feature: Router(config)# mac-address-table notification mac-move Router# show mac-address-table notification mac-move MAC Move Notification: enabled Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 23-23 78-14064-04...
  • Page 346 Chapter 23 Configuring Network Security Configuring MAC Move Notification Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 23-24 78-14064-04...
  • Page 347: Chapter 24 Configuring Denial Of Service Protection

    This chapter contains information on how to protect your system against Denial of Service (DoS) attacks. The information covered in this chapter is unique to the Cisco 7600 series routers, and it supplements the network security information and procedures in the “Configuring Network Security”...
  • Page 348: Configuring Dos Protection

    ICMP unreachable messages. Security ACLs The Cisco 7600 series router can deny packets in hardware using security ACLs and can drop DoS packets before they reach the CPU inband datapath. Because security ACLs are applied in hardware using the TCAM, long security ACLs can be used without impacting the throughput of other traffic.
  • Page 349 Router# show access-list 199 Extended IP access list 199 deny ip host 199.1.1.1 any (103 matches rate limiting at 0.5 pps permit ip any any Router # Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 24-3 78-14064-04...
  • Page 350: Qos Acls

    2w0d: %OSPF-5-ADJCHG: Process 100, Nbr 6.6.6.122 on Vlan46 from LOADING to FULL, Loading Done Router# show ip eigrp neighbors IP-EIGRP neighbors for process 200 Address Interface Hold Uptime SRTT Seq Type (sec) (ms) Cnt Num 4.4.4.122 Vl44 13 00:00:48 6565 Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 24-4 78-14064-04...
  • Page 351: Forwarding Information Base Rate-Limiting

    ARP throttling limits the rate at which packets destined to a connected network are forwarded to the route processor. Most of these packets are dropped, but a small number are sent to the router (rate limited). Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 24-5 78-14064-04...
  • Page 352: Monitoring Packet Drop Statistics

    Displaying Netflow entries in module 4 DstIP SrcIP Prot:SrcPort:DstPort Src i/f:AdjPtr -------------------------------------------------------------------- 9.9.9.177 9.9.9.2 Pkts Bytes LastSeen Attributes --------------------------------------------------- 01:56:59 L3 - Dynamic Router# show mls ip mod 4 | include 9.9.9 9.9.9.177 9.9.9.2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 24-6 78-14064-04...
  • Page 353 Router# show monitor session 1 Session 1 --------- Source Ports: RX Only: None TX Only: None Both: None Source VLANs: RX Only: None TX Only: None Both: Destination Ports: Gi9/1 Filter VLANs: None Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 24-7 78-14064-04...
  • Page 354 Chapter 24 Configuring Denial of Service Protection Configuring DoS Protection Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 24-8 78-14064-04...
  • Page 355: Chapter 25 Configuring Ieee 802.1X Port-Based Authentication

    802.1X port-based authentication. For complete syntax and usage information for the commands used in this chapter, refer to the Note Cisco 7600 Series Router Cisco IOS Command Reference publication. This chapter consists of these sections: Understanding 802.1X Port-Based Authentication, page 25-1 •...
  • Page 356: Device Roles

    The Remote Authentication Dial-In User Service (RADIUS) security system with Extensible Authentication Protocol (EAP) extensions is the only supported authentication server; it is available in Cisco Secure Access Control Server, version 3.0. RADIUS uses a client-server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients.
  • Page 357: Authentication Initiation And Message Exchange

    Figure 25-2 Message Exchange Authentication Catalyst switch server Client Cisco Router (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity RADIUS Access-Request EAP-Request/OTP RADIUS Access-Challenge EAP-Response/OTP RADIUS Access-Request EAP-Success RADIUS Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 25-3 78-14064-04...
  • Page 358: Ports In Authorized And Unauthorized States

    If the link state of a port transitions from up to down, or if an EAPOL-logoff frame is received, the port returns to the unauthorized state. Supported Topologies The 802.1X port-based authentication is supported in two topologies: Point-to-point • Wireless LAN • Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 25-4 78-14064-04...
  • Page 359: Default 802.1X Port-Based Authentication Configuration

    Number of seconds between 3600 seconds reauthentication attempts Quiet period 60 seconds (number of seconds that the router remains in the quiet state following a failed authentication exchange with the client) Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 25-5 78-14064-04...
  • Page 360: 802.1X Port-Based Authentication Guidelines And Restrictions

    Switch Port Analyzer (SPAN) destination port—You can enable 802.1X on a port that is a SPAN – destination port; however, 802.1X is disabled until the port is removed as a SPAN destination port. You can enable 802.1X on a SPAN source port. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 25-6 78-14064-04...
  • Page 361: Configuring 802.1X Port-Based Authentication

    Changing the Quiet Period, page 25-11 • Changing the Cisco 7600 Series Router-to-Client Retransmission Time, page 25-12 • Setting the Cisco 7600 Series Router-to-Client Frame Retransmission Number, page 25-14 Enabling Multiple Hosts, page 25-14 • Resetting the 802.1X Configuration to the Default Values, page 25-15 •...
  • Page 362: Configuring Cisco 7600 Series Router-To-Radius-Server Communication

    = 30 Seconds TxPeriod = 30 Seconds Configuring Cisco 7600 Series Router-to-RADIUS-Server Communication RADIUS security servers are identified by any of the following: • Host name • Host IP address Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 25-8 78-14064-04...
  • Page 363 If you want to configure these options on a per-server basis, use the radius-server timeout, radius-server retransmit, and the radius-server key global configuration commands. For more information, refer to the Cisco IOS Security Configuration Guide, Release 12.1, publication and the Cisco IOS Security Command Reference, Release 12.1, publication at this URL:...
  • Page 364: Enabling Periodic Reauthentication

    = ethernet, fastethernet, gigabitethernet, or tengigabitethernet This example shows how to enable periodic reauthentication and set the number of seconds between reauthentication attempts to 4000: Router(config-if)# dot1x reauthentication Router(config-if)# dot1x timeout re-authperiod 4000 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 25-10 78-14064-04...
  • Page 365: Manually Reauthenticating The Client Connected To A Port

    The idle time is determined by the quiet-period value. A failed authentication of the client might occur because the client provided an invalid password. You can provide a faster response time to the user by entering a smaller number than the default. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 25-11 78-14064-04...
  • Page 366: Changing The Cisco 7600 Series Router-To-Client Retransmission Time

    This example shows how to set 60 as the number of seconds that the router waits for a response to an EAP-request/identity frame from the client before retransmitting the request: Router(config)# dot1x timeout tx-period 60 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 25-12 78-14064-04...
  • Page 367: Setting The Cisco 7600 Series Router-To-Client Retransmission Time For Eap-Request Frames

    Chapter 25 Configuring IEEE 802.1X Port-Based Authentication Configuring 802.1X Port-Based Authentication Setting the Cisco 7600 Series Router-to-Client Retransmission Time for EAP-Request Frames The client notifies the router that it received the EAP-request frame. If the router does not receive this notification, the router waits a set period of time, and then retransmits the frame.
  • Page 368: Setting The Cisco 7600 Series Router-To-Client Frame Retransmission Number

    25 seconds: Router(config-if)# dot1x timeout server-timeout 25 Setting the Cisco 7600 Series Router-to-Client Frame Retransmission Number In addition to changing the router-to-client retransmission time, you can change the number of times that the router sends an EAP-request/identity frame (assuming no response is received) to the client before restarting the authentication process.
  • Page 369: Resetting The 802.1X Configuration To The Default Values

    EXEC command. To display the 802.1X administrative and operational status for a specific interface, use the show dot1x interface interface-id privileged EXEC command. For detailed information about the fields in these displays, refer to the Cisco 7600 Series Router Cisco IOS Command Reference publication.
  • Page 370 Chapter 25 Configuring IEEE 802.1X Port-Based Authentication Displaying 802.1X Status Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 25-16 78-14064-04...
  • Page 371: Chapter 26 Configuring Port Security

    Note For complete syntax and usage information for the commands used in this chapter, refer to the Cisco 7600 Series Router Cisco IOS Command Reference publication. This chapter consists of these sections: • Understanding Port Security, page 26-1 Default Port Security Configuration, page 26-2 •...
  • Page 372: Default Port Security Configuration

    Configuring Port Security These sections describe how to configure port security: Configuring Port Security on an Interface, page 26-3 • Configuring Port Security Aging, page 26-4 • Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 26-2 78-14064-04...
  • Page 373: Configuring Port Security On An Interface

    To bring a secure port out of the error-disabled state, enter the errdisable recovery cause psecure_violation global configuration command or you can manually reenable it by entering the shutdown and no shut down interface configuration commands. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 26-3 78-14064-04...
  • Page 374: Configuring Port Security Aging

    Use this feature to remove and add PCs on a secure port without manually deleting the existing secure MAC addresses while still limiting the number of secure addresses on a port. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 26-4...
  • Page 375: Displaying Port Security Settings

    The show interfaces counters privileged EXEC commands display the count of discarded packets. The show storm control and show port-security privileged EXEC commands display those features. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 26-5 78-14064-04...
  • Page 376 Fa5/5 0005.0005.0002 SecureConfigured Fa5/5 0005.0005.0003 SecureConfigured Fa5/5 0011.0011.0001 SecureConfigured Fa5/11 25 (I) 0011.0011.0002 SecureConfigured Fa5/11 25 (I) ------------------------------------------------------------------- Total Addresses in System: 10 Max Addresses limit in System: 128 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 26-6 78-14064-04...
  • Page 377: Chapter 27 Configuring Layer 3 Protocol Filtering On Supervisor Engine

    Protocol filtering cannot be configured on Layer 3 interfaces—only nontrunk Layer 2 LAN ports support Layer 3 protocol filtering. Layer 3 protocol filtering does not support the features available with standard and extended Cisco IOS ACLs. Layer 2 protocols, such as Spanning Tree Protocol (STP) and Cisco Discovery Protocol (CDP), are not affected by Layer 3 protocol filtering.
  • Page 378: Configuring Layer 3 Protocol Filtering

    To enable Layer 3 protocol filtering globally, perform this task: Command Purpose Enables Layer 3 protocol filtering globally. Router(config)# protocol-filter Disables Layer 3 protocol filtering globally. Router(config)# no protocol-filter Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 27-2 78-14064-04...
  • Page 379: Configuring Layer 3 Protocol Filtering On A Layer 2 Lan Interface

    IPX Mode Group Mode Other Mode -------------------------------------------------------------------------- Fa5/8 Router# The show protocol filtering command shows only ports that have at least one protocol set to the Note nondefault configuration. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 27-3 78-14064-04...
  • Page 380 Chapter 27 Configuring Layer 3 Protocol Filtering on Supervisor Engine 1 Configuring Layer 3 Protocol Filtering Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 27-4 78-14064-04...
  • Page 381: Chapter 28 Configuring Traffic Storm Control

    C H A P T E R Configuring Traffic Storm Control This chapter describes how to configure the traffic storm control feature on the Cisco 7600 series routers. Release 12.1(12c)E1 and later releases support traffic storm control. For earlier releases, refer to Chapter 29, “Configuring Broadcast Suppression.”...
  • Page 382: Default Traffic Storm Control Configuration

    The storm-control multicast command is Note modes enabled on the interface. supported only on Gigabit Ethernet interfaces. Disables multicast traffic storm control on the interface. Router(config-if)# no storm-control multicast level Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 28-2 78-14064-04...
  • Page 383 Gigabit Ethernet interface 3/16: Router# configure terminal Router(config)# interface gigabitethernet 3/16 Router(config-if)# storm-control multicast level 70.5 Router(config-if)# end Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 28-3 78-14064-04...
  • Page 384: Displaying Traffic Storm Control Settings

    The show interfaces [{interface_type slot/port} | {port-channel number}] counters command does not Note display the discard count. You must use one of the traffic-type keywords: broadcast, multicast, or unicast, which all display the same discard count. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 28-4 78-14064-04...
  • Page 385: Chapter 29 Configuring Broadcast Suppression

    C H A P T E R Configuring Broadcast Suppression This chapter describes how to configure broadcast suppression on the Cisco 7600 series routers. Releases earlier than Release 12.1(12c)E1 support broadcast suppression. Use traffic storm control with Release 12.1(12c)E1 and later releases (see Chapter 28, “Configuring Traffic Storm...
  • Page 386: Broadcast Suppression Configuration Guidelines And Restrictions

    A higher threshold allows more broadcast packets to pass through. Broadcast suppression on the Cisco 7600 series routers is implemented in hardware. The suppression circuitry monitors packets passing from a LAN interface to the switching bus. Using the...
  • Page 387: Enabling Broadcast Suppression

    FastEthernet 3/1 and verify the configuration: Router# configure terminal Router(config)# interface fastethernet 3/1 Router(config-if)# broadcast suppression 0.25 Router(config-if)# end Router# show running-config interface fastethernet 3/1 | include suppression broadcast suppression 0.25 Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 29-3 78-14064-04...
  • Page 388 Chapter 29 Configuring Broadcast Suppression Enabling Broadcast Suppression Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 29-4 78-14064-04...
  • Page 389: Chapter 30 Configuring Cdp

    • Understanding How CDP Works CDP is a protocol that runs over Layer 2 (the data link layer) on all Cisco routers, bridges, access servers, and switches. CDP allows network management applications to discover Cisco devices that are neighbors of already known devices, in particular, neighbors running lower-layer, transparent protocols.
  • Page 390: Enabling Cdp Globally

    Enabling CDP on a Port To enable CDP on a port, perform this task: Command Purpose Step 1 Selects the port to configure. Router(config)# interface {{type slot/port} | {port-channel number}} Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 30-2 78-14064-04...
  • Page 391: Displaying The Cdp Interface Configuration

    Router# show cdp neighbors [type slot/port] [detail] Displays information about neighbors. The display can be limited to neighbors on a specific interface and expanded to provide more detailed information. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 30-3 78-14064-04...
  • Page 392 Fas 5/2 WS-C2948 2/45 JAB023807H1 Fas 5/1 WS-C2948 2/44 JAB023807H1 Gig 1/2 WS-C2948 2/50 JAB023807H1 Gig 1/1 WS-C2948 2/49 JAB03130104 Fas 5/8 WS-C4003 2/47 JAB03130104 Fas 5/9 WS-C4003 2/48 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 30-4 78-14064-04...
  • Page 393: Understanding How Udld Works

    Configuring UDLD This chapter describes how to configure the UniDirectional Link Detection (UDLD) protocol in Release 12.1(2)E and later releases on the Cisco 7600 series routers. Note For complete syntax and usage information for the commands used in this chapter, refer to the Cisco 7600 Series Router Cisco IOS Command Reference publication.
  • Page 394: Chapter 31 Configuring Udld

    Layer 1. The Cisco 7600 series router periodically transmits UDLD packets to neighbor devices on LAN ports with UDLD enabled. If the packets are echoed back within a specific time frame and they are lacking a specific acknowledgment (echo), the link is flagged as unidirectional and the LAN port is shut down.
  • Page 395: Default Udld Configuration

    This command only configures fiber-optic LAN ports. Note Individual LAN port configuration overrides the setting of this command. Disables UDLD globally on fiber-optic LAN ports. Router(config)# no udld {enable | aggressive} Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 31-3 78-14064-04...
  • Page 396: Enabling Udld On Individual Lan Interfaces

    LAN port configuration to the udld enable global configuration command setting. Step 3 Verifies the configuration. Router# show udld type slot/number type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 31-4 78-14064-04...
  • Page 397: Disabling Udld On Fiber-Optic Lan Interfaces

    7 to 90 seconds. Returns to the default value (60 seconds). Router(config)# no udld message Step 2 Verifies the configuration. Router# show udld type slot/number Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 31-5 78-14064-04...
  • Page 398: Resetting Disabled Lan Interfaces

    To reset all LAN ports that have been shut down by UDLD, perform this task: Command Purpose Resets all LAN ports that have been shut down by UDLD. Router# udld reset Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 31-6 78-14064-04...
  • Page 399: Understanding How Pfc Qos Works

    (PFC) on the Cisco 7600 series routers. Note For complete syntax and usage information for the commands used in this publication, refer to the Cisco 7600 Series Router Cisco IOS Command Reference publication. This chapter contains these sections: •...
  • Page 400: Chapter 32 Configuring Pfc Qo

    QoS makes network performance more predictable and bandwidth utilization more effective. On the Cisco 7600 series routers, queue architecture and QoS queueing features such as Note Weighted-Round Robin (WRR) and Weighted Random Early Detection (WRED) are implemented with a fixed configuration in Application Specific Integrated Circuits (ASICs).
  • Page 401: Qos Terminology

    The PFC does not provide QoS for FlexWAN module ports. Refer to the following publications for information about FlexWAN module QoS features: – Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.1: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/qos_c/index.htm – Cisco IOS Quality of Service Solutions Command Reference, Release 12.1: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/qos_r/index.htm...
  • Page 402 Policing is limiting bandwidth used by a flow of traffic. Policing is done on the Policy Feature Card • (PFC) or on the Policy Feature Card 2 (PFC2) and distributed forwarding cards (DFCs). Policing can mark or drop traffic. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-4 78-14064-04...
  • Page 403 3-bit IP 6 MSb of ToS 6-bit Precedence DSCP Precedence DSCP 8 7 6 5 4 3 8 7 6 5 4 3 1. MSb = most significant bit Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-5 78-14064-04...
  • Page 404: Pfc Qos Feature Flowcharts

    Traffic that is Layer 3-switched does not go through the MSFC and retains the Layer 2 CoS value • assigned by the PFC. Figure 32-3 through Figure 32-8 show how the PFC QoS features are implemented on the router components. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-6 78-14064-04...
  • Page 405 Apply Port set to port untrusted? Apply ISL or port 802.1Q? Port set to trust-ipprec? Port set to trust-dscp? Port is set to Drop thresholds trust-cos switching engine Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-7 78-14064-04...
  • Page 406 DSCP Marker Ingress OSM Port Received CoS* Layer 3 ToS byte Untrusted (Only From Untrusted Port) No received Layer 2 QoS labels Policer DSCP Marker CoS* *LAN ports only Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-8 78-14064-04...
  • Page 407 From PFC Multilayer Switch Feature Card (MSFC) marking Write ToS IP traffic byte into from PFC? packet Route traffic CoS = 0 for all traffic (not configurable) To egress port Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-9 78-14064-04...
  • Page 408 Ethernet egress port scheduling, congestion avoidance, and marking PFC3 only DSCP Write ToS IP traffic Drop thresholds rewrite byte into from PFC? enabled? packet Write CoS ISL or into 802.1Q? frame Transmit frame Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-10 78-14064-04...
  • Page 409: Pfc Qos Feature Summary

    You can disable marking and policing on a per-interface basis with the no mls qos interface • command (see the “Enabling or Disabling PFC Features on an Interface” section on page 32-51. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-11 78-14064-04...
  • Page 410: Ingress Lan Port Features

    PFC QoS implements ingress LAN port congestion avoidance only on LAN ports configured to trust CoS. Note Ingress LAN port marking, scheduling, and congestion avoidance use Layer 2 CoS values and does not use or set Layer 3 IP precedence or DSCP values. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-12 78-14064-04...
  • Page 411 Marking at Trusted Ingress LAN Ports When an ISL frame enters the Cisco 7600 series router through a trusted ingress LAN port, PFC QoS accepts the three least significant bits in the User field as a CoS value. When an 802.1Q frame enters the router through a trusted ingress LAN port, PFC QoS accepts the User Priority bits as a CoS value.
  • Page 412 CoS 0 or 1 when the receive-queue buffer is 50 percent or more full. – Using standard receive-queue tail-drop threshold 2, the router drops incoming frames with CoS 2 or 3 when the receive-queue buffer is 60 percent or more full. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-14 78-14064-04...
  • Page 413 CoS values mapped only to the queue. The switch uses WRED-drop thresholds for traffic carrying CoS values mapped to the queue and a threshold. See the “Configuring Standard-Queue Drop Threshold Percentages” section on page 32-54. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-15 78-14064-04...
  • Page 414: Pfc Marking And Policing

    To mark untrusted traffic without policing in earlier releases, create a policer that only marks and does not police. These sections describe PFC marking and policing: • Internal DSCP Values, page 32-17 • Policy Maps, page 32-18 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-16 78-14064-04...
  • Page 415 IP packets. For trust-dscp and untrusted IP traffic, the ToS byte includes the original 2 least-significant bits from the received ToS byte. The internal DSCP value can mimic an IP precedence value (see Table 32-1 on page 32-5). Note Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-17 78-14064-04...
  • Page 416 Policy-map classes specify filtering with the following: Cisco IOS access control lists (optional for IP, required for IPX and MAC-Layer filtering) • Class-map match commands for Layer 3 IP precedence and DSCP values •...
  • Page 417 You create named aggregate policers with the mls qos aggregate-policer command. If you attach a named aggregate policer to multiple ingress ports, it polices the matched traffic from all the ingress ports to which it is attached. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-19 78-14064-04...
  • Page 418 PFC QoS applies a marked-down DSCP value. Note To avoid inconsistent results, ensure that all traffic policed by the same aggregate policer has the same trust state. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-20 78-14064-04...
  • Page 419: Lan Egress Port Features

    The command displays one of the following: • 2q2t indicates two standard queues, each with two configurable tail-drop thresholds • 1p2q2t indicates one strict-priority queue and two standard queues, each with two configurable WRED-drop thresholds. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-21 78-14064-04...
  • Page 420 The explanations in these sections use default values. You can configure many of the parameters (for more information, see the “Configuring PFC QoS” section on page 32-33). All ports of the same type use the same drop-threshold configuration. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-22 78-14064-04...
  • Page 421 You can configure each standard transmit queue to use both a non-configurable 100 percent tail-drop threshold and a configurable WRED-drop threshold (see the “Configuring Standard-Queue Drop Threshold Percentages” section on page 32-54). Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-23 78-14064-04...
  • Page 422: Pfc Qos Statistics Data Export

    The PFC QoS statistics data collection occurs periodically at a fixed interval, but you can configure the interval at which the data is exported. PFC QoS statistics collection is enabled by default, and the data export feature is disabled by default for all ports and all aggregate policers configured on the Cisco 7600 series router.
  • Page 423: Pfc Qos Default Configuration

    DSCP 48–55 = CoS 6 DSCP 56–63 = CoS 7 Marked-down DSCP from DSCP map Marked-down DSCP value equals original DSCP value (no markdown) Policers None Policy maps None Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-25 78-14064-04...
  • Page 424 – CoS 0, 1, 2, 3, and 4 – Tail-drop threshold: 80% Threshold 2: • CoS 5, 6, and 7 – Tail-drop threshold: 100% (not configurable) – Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-26 78-14064-04...
  • Page 425 CoS 0, 1, 2, 3, 4, 6, and 7 • percentages Tail-drop: 100% (nonconfigurable) • Strict-priority receive queue: • CoS 5 • Tail-drop: 100% (nonconfigurable) Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-27 78-14064-04...
  • Page 426 WRED-drop: 60% low, 90% high • Threshold 6: CoS 7 – Tail-drop: 100% – WRED-drop (enabled): 70% low, 100% high – Strict-priority receive queue: • CoS 5 • Tail-drop: 100% (nonconfigurable) Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-28 78-14064-04...
  • Page 427 CoS 6 and 7 – WRED-drop: 70% low, 100% high – Strict-priority receive queue: • CoS 5 • Tail-drop: 100% (nonconfigurable) 1p7q8t transmit-queue CoS value and • drop-threshold mapping Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-29 78-14064-04...
  • Page 428 With PFC QoS disabled Ingress LAN port trust state trust-dscp Receive-queue drop-threshold percentages All thresholds set to 100% Transmit-queue drop-threshold All thresholds set to 100% percentages Transmit-queue bandwidth allocation ratio 255:1 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-30 78-14064-04...
  • Page 429: Pfc Qos Configuration Guidelines And Restrictions

    (512 Mbps) 8388608 (8 Mb) 536870913 to 1073741824 (1 Gps) 16777216 (16 Mb) 1073741825 to 2147483648 (2 Gps) 33554432 (32 Mb) 2147483649 to 4294967296 (4 Gps) 67108864 (64 Mb) Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-31 78-14064-04...
  • Page 430 – class maps that contain multiple match commands – output service-policy keyword Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-32 78-14064-04...
  • Page 431: Configuring Pfc Qos

    – Configuring PFC QoS These sections describe how to configure PFC QoS on the Cisco 7600 series routers: • Enabling PFC QoS Globally, page 32-33 • Enabling Queueing-Only Mode, page 32-34 •...
  • Page 432: Enabling Queueing-Only Mode

    The router applies the port CoS value to untagged ingress traffic and to traffic that is received Note through ports that cannot be configured to trust CoS. This example shows how to enable queueing-only mode: Router# configure terminal Router(config)# mls qos queueing-only Router(config)# end Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-34 78-14064-04...
  • Page 433: Creating Named Aggregate Policers

    For TCP traffic, configure the token bucket size as a multiple of the TCP window size, with a – minimum value at least twice as large as the maximum Layer 3 packet size of the traffic being policed. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-35 78-14064-04...
  • Page 434 (Optional) For traffic that exceeds the PIR, you can specify a violate action as follows: – To mark traffic without policing, enter the transmit keyword to transmit all matched out-of-profile traffic. – The default violate action is equal to the exceed action. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-36 78-14064-04...
  • Page 435: Configuring A Pfc Qos Policy

    PFC QoS policies process both unicast and multicast traffic. PFC QoS Policy Configuration Overview To mark traffic without limiting bandwidth utilization, create a policer that uses the transmit keywords Note for both conforming and nonconforming traffic. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-37 78-14064-04...
  • Page 436 32-39. – In Release 12.1(19)E and later releases, PFC QoS supports time-based Cisco IOS ACLs. – In Release 12.1(1)E and later releases, PFC QoS supports IPX access lists that contain a source-network parameter and the optional destination-network and destination-node parameters.
  • Page 437 • 0x6000—etype-6000—DEC unassigned, experimental • 0x6001—mop-dump—DEC Maintenance Operation Protocol (MOP) Dump/Load Assistance • 0x6002—mop-console—DEC MOP Remote Console 0x6003—decnet-iv—DEC DECnet Phase IV Route • 0x6004—lat—DEC Local Area Transport (LAT) • Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-39 78-14064-04...
  • Page 438 Note section on page 32-39), access lists are not documented in this publication. See the reference under access-list in the “Configuring a PFC QoS Policy” section on page 32-37. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-40 78-14064-04...
  • Page 439 • Cisco 7600 series routers do not detect the use of unsupported commands until you attach a policy map to an interface (see the “Attaching a Policy Map to an Interface” section on page 32-49).
  • Page 440: Configuring A Policy Map

    Creating a Policy Map To create a policy map, perform this task: Command Purpose Creates a policy map. Router(config)# policy-map policy_name Deletes the policy map. Router(config)# no policy-map policy_name Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-42 78-14064-04...
  • Page 441 Put all trust-state and policing commands for each type of traffic in the same policy map class. • PFC QoS does not attempt to apply commands from more than one policy map class to traffic. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-43 78-14064-04...
  • Page 442 Router(config-pmap-c)# set ip {dscp dscp_value | precedence ip_precedence_value} traffic with the configured DSCP or IP precedence value. Clears the marking configuration. Router(config-pmap-c)# no set ip {dscp dscp_value | precedence ip_precedence_value} Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-44 78-14064-04...
  • Page 443 Configures the policy map class to use a previously defined Router(config-pmap-c)# police aggregate aggregate_name named aggregate policer. Clears use of the named aggregate policer. Router(config-pmap-c)# no police aggregate aggregate_name Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-45 78-14064-04...
  • Page 444 To sustain a specific rate, set the token bucket size to be at least the rate value divided by 4000, – because tokens are removed from the bucket every 1/4000th of a second (0.25 ms). Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-46 78-14064-04...
  • Page 445 (which is the case if you do not enter the maximum_burst_bytes parameter), the exceed-action policed-dscp-transmit keywords cause PFC QoS to mark traffic down as defined by the policed-dscp max-burst markdown map. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-47 78-14064-04...
  • Page 446 Exits policy map class configuration mode. Router(config-pmap-c)# end Note Enter additional class commands to create additional classes in the policy map. Step 2 Router# show policy-map policy_name Verifies the configuration. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-48 78-14064-04...
  • Page 447 This example shows how to attach the policy map named pmap1 to Fast Ethernet port 5/36: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface fastethernet 5/36 Router(config-if)# service-policy input pmap1 Router(config-if)# end Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-49 78-14064-04...
  • Page 448: Enabling Or Disabling Microflow Policing

    Enabling Microflow Policing of Bridged Traffic To apply microflow policing to multicast traffic, you must enter the mls qos bridged command on the Note Layer 3 multicast ingress interfaces. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-50 78-14064-04...
  • Page 449: Enabling Or Disabling Pfc Features On An Interface

    Router(config-if)# no mls qos Step 3 Router(config-if)# end Exits configuration interface. Step 4 Verifies the configuration. Router# show mls qos type = ethernet, fastethernet, gigabitethernet, tengigabitethernet, ge-wan, pos, or atm Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-51 78-14064-04...
  • Page 450: Enabling Vlan-Based Pfc Qos On Layer 2 Lan Ports

    Router(config-if)# end This example shows how to verify the configuration: Router# show mls qos | begin QoS is vlan-based QoS is vlan-based on the following interfaces: Fa5/42 <...Output Truncated...> Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-52 78-14064-04...
  • Page 451: Configuring The Trust State Of Ethernet Lan And Osm Ingress Ports

    Router(config-if)# mls qos trust cos Router(config-if)# end Router# This example shows how to verify the configuration: Router# show queueing interface gigabitethernet 1/1 | include trust Trust state: trust COS Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-53 78-14064-04...
  • Page 452: Configuring The Ingress Lan Port Cos Value

    Configuring a Tail-Drop Receive Queue, page 32-55 Configuring a WRED-Drop Transmit Queue, page 32-56 • Configuring a WRED-Drop and Tail-Drop Transmit Queue, page 32-57 • Configuring 1q4t/2q2t Tail-Drop Threshold Percentages, page 32-58 • Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-54 78-14064-04...
  • Page 453 Traffic in the queue between the low- and high-WRED values has an increasing chance of being dropped as the queue fills. Configuring a Tail-Drop Receive Queue These port types have only tail-drop thresholds in their receive-queues: • 1p1q4t • 1q2t Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-55 78-14064-04...
  • Page 454 Router(config)# interface type slot/port Step 2 Configures the low WRED-drop thresholds. Router(config-if)# wrr-queue random-detect min-threshold queue_id thr1% [thr2%] Reverts to the default low WRED-drop thresholds. Router(config-if)# no wrr-queue random-detect min-threshold [queue_id] Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-56 78-14064-04...
  • Page 455 Gigabit Ethernet port 1/1: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface gigabitethernet 1/1 Router(config-if)# wrr-queue random-detect max-threshold 1 70 70 Router(config-if)# end Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-57 78-14064-04...
  • Page 456 The percentages range from 1 to 100. A value of 10 indicates a threshold when the buffer is 10-percent full. • Always set threshold 2 to 100 percent. • Ethernet and Fast Ethernet 1q4t ports do not support receive-queue tail-drop thresholds. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-58 78-14064-04...
  • Page 457: Mapping Cos Values To Drop Thresholds

    Queue number 1 is the lowest-priority standard queue. • Higher-numbered queues are higher priority standard queues. • You can map up to 8 CoS values to a threshold. • Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-59 78-14064-04...
  • Page 458 Router(config-if)# rcv-queue cos-map 1 1 0 1 Router(config-if)# end Router# This example shows how to verify the configuration: Router# show queueing interface gigabitethernet 1/1 <...Output Truncated...> queue thresh cos-map --------------------------------------- <...Output Truncated...> Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-60 78-14064-04...
  • Page 459 Reverts to the default mapping. Router(config-if)# no priority-queue cos-map Step 3 Exits configuration mode. Router(config-if)# end Step 4 Verifies the configuration. Router# show queueing interface type slot/port type = fastethernet, gigabitethernet, or tengigabitethernet Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-61 78-14064-04...
  • Page 460 Receive queue 1 (standard) threshold 3 = transmit queue 2 (standard high priority) threshold 1 • Receive queue 1 (standard) threshold 4 = transmit queue 2 (standard high priority) threshold 2 • Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-62 78-14064-04...
  • Page 461 Router(config-if)# end Router# This example shows how to verify the configuration: Router# show queueing interface fastethernet 5/36 | begin queue thresh cos-map queue thresh cos-map --------------------------------------- <...Output Truncated...> Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-63 78-14064-04...
  • Page 462: Allocating Bandwidth Between Lan-Port Transmit Queues

    Reverts to the default the size ratio. Router(config-if)# no rcv-queue queue-limit Step 3 Exits configuration mode. Router(config-if)# end Step 4 Verifies the configuration. Router# show queueing interface {fastethernet | tengigabitethernet} slot/port Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-64 78-14064-04...
  • Page 463: Setting The Lan-Port Transmit-Queue Size Ratio

    • Valid values are from 1 to 100 percent, except on 1p2q1t egress LAN ports, where valid values for the high priority queue are from 5 to 100 percent. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-65 78-14064-04...
  • Page 464: Configuring Dscp Value Maps

    Router(config)# mls qos map cos-dscp 0 1 2 3 4 5 6 7 Router(config)# end Router# This example shows how to verify the configuration: Router# show mls qos maps | begin Cos-dscp map Cos-dscp map: cos: ---------------------------------- dscp: <...Output Truncated...> Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-66 78-14064-04...
  • Page 465 You can enter up to 8 DSCP values that PFC QoS maps to a CoS value. • • You can enter multiple commands to map additional DSCP values to a CoS value. • You can enter a separate command for each CoS value. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-67 78-14064-04...
  • Page 466 You can enter the normal-burst keyword to configure the markdown map used by the • exceed-action policed-dscp-transmit keywords. You can enter the max-burst keyword to configure the markdown map used by the violate-action • policed-dscp-transmit keywords. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-68 78-14064-04...
  • Page 467 DSCP value is in the column labeled d1 and the second digit is in the top row. In the example shown, DSCP 41 maps to DSCP 41. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-69...
  • Page 468: Configuring Pfc Qos Statistics Data Export

    Export Delimiter : | Export Destination : Not configured Router# Note You must enable PFC QoS statistics data export globally for other PFC QoS statistics data export configuration to take effect. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-70 78-14064-04...
  • Page 469 Export type (“1” for a port) • Slot/port • Number of ingress packets Number of ingress bytes • Number of egress packets • Number of egress bytes • Time stamp • Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-71 78-14064-04...
  • Page 470 PFC or DFC slot number Number of in-profile packets • Number of packets that exceed the CIR • Number of packets that exceed the PIR • Time stamp • Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-72 78-14064-04...
  • Page 471 – Direction (“in”) Slot/port – Number of in-profile packets – Number of packets that exceed the CIR – Number of packets that exceed the PIR – Time stamp – Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-73 78-14064-04...
  • Page 472 Reverts to the default time interval for the PFC QoS interval interval_in_seconds statistics data export. Step 2 Exits configuration mode. Router(config)# end Step 3 Verifies the configuration. Router# show mls qos statistics-export info Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-74 78-14064-04...
  • Page 473 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-75 78-14064-04...
  • Page 474 QoS Statistics Data Export is enabled on following ports: --------------------------------------------------------- FastEthernet5/24 QoS Statistics Data export is enabled on following shared aggregate policers: ----------------------------------------------------------------------------- aggr1M QoS Statistics Data Export is enabled on following class-maps: --------------------------------------------------------------- class3 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-76 78-14064-04...
  • Page 475 QoS Statistics Data Export is enabled on following ports: --------------------------------------------------------- FastEthernet5/24 QoS Statistics Data export is enabled on following shared aggregate policers: ----------------------------------------------------------------------------- aggr1M QoS Statistics Data Export is enabled on following class-maps: --------------------------------------------------------------- class3 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-77 78-14064-04...
  • Page 476 Chapter 32 Configuring PFC QoS Configuring PFC QoS Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 32-78 78-14064-04...
  • Page 477: Understanding How Nde Works

    C H A P T E R Configuring NDE This chapter describes how to configure NetFlow Data Export (NDE) on the Cisco 7600 series routers. For complete syntax and usage information for the commands used in this chapter, refer to the Note Cisco 7600 Series Router Cisco IOS Command Reference publication and the Release 12.1 publications...
  • Page 478: Chapter 33 Configuring Nde

    The NetFlow cache on the MSFC captures statistics for routed flows. NDE on the Cisco 7600 series routers can use NDE version 1, 5, or 6 to export the statistics captured on the MSFC for routed traffic. For more information, refer to this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/switch_c/xcprt3/xcdnfov.htm...
  • Page 479 Residual nanoseconds since 0000 UTC 1970 16–19 flow_sequence Sequence counter of total flows seen 20–21 engine_type Type of flow switching engine 21–23 engine_id Slot number of the flow switching engine Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 33-3 78-14064-04...
  • Page 480 2. With the destination flowmask, the “Next hop router’s IP address” field and the “Output interface’s SNMP ifIndex” field might not contain information that is accurate for all flows. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 33-4 78-14064-04...
  • Page 481 Cumulative OR of TCP flags prot Layer 4 protocol (for example, 6=TCP, 17=UDP) IP type-of-service byte 40–41 src_as Autonomous system number of the source, either origin or peer Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 33-5 78-14064-04...
  • Page 482 With the full-interface or destination-source-interface flow masks, you can enable or disable sampled NetFlow on each LAN port. With all other flow masks, sampled Netflow is enabled or disabled globally. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 33-6...
  • Page 483: Default Nde Configuration

    Table 33-6 Default NetFlow Data Export Configuration Feature Default Value Disabled NDE source addresses None NDE data collector address and UDP port None NDE filters None Sampled NetFlow Disabled Populating additional NDE fields Disabled Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 33-7 78-14064-04...
  • Page 484: Configuring Nde

    With Supervisor Engine 1 and PFC, if NDE is enabled and you disable Multilayer Switching (MLS), you Note lose the statistics for existing cache entries. They are not exported when MLS shuts down. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 33-8 78-14064-04...
  • Page 485 This example shows how to display the MLS flow mask configuration: Router# show mls netflow flowmask current ip flowmask for unicast: destination address current ipx flowmask for unicast: destination address Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 33-9 78-14064-04...
  • Page 486 Layer 3 • entry is in use. Long aging is used to prevent counter wraparound, which can cause inaccurate statistics. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 33-10 78-14064-04...
  • Page 487 With the full-interface or destination-source-interface flow masks, you can enable or disable sampled NetFlow on individual Layer 3 interfaces. With all other flow masks, sampled NetFlow is enabled or disabled globally. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 33-11 78-14064-04...
  • Page 488 = ethernet, fastethernet, gigabitethernet, or tengigabitethernet This example shows how to enable sampled NetFlow on Fast Ethernet port 5/12: Router# configure terminal Router(config)# interface fastethernet 5/12 Router(config-if)# mls netflow sampling Router(config)# end Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 33-12 78-14064-04...
  • Page 489: Configuring Nde On The Msfc

    1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet This example shows how to configure a loopback interface as the NDE flow source: Router(config)# ip flow-export source loopback 0 Router(config)# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 33-13 78-14064-04...
  • Page 490: Displaying The Nde Address And Port Configuration

    This example shows how to display the NDE export flow IP address, UDP port, and the NDE source interface configuration: Router# show ip flow export Flow export is enabled Exporting flows to 172.20.52.37 (200) Exporting using source interface FastEthernet5/8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 33-14 78-14064-04...
  • Page 491: Configuring Nde Flow Filters

    This example shows how to configure a port flow filter so that only expired flows to destination port 23 are exported (assuming the flow mask is set to ip-flow): Router(config)# mls nde flow include dest-port 35 Router(config)# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 33-15 78-14064-04...
  • Page 492 This example shows how to configure a TCP protocol flow filter so that only expired flows from destination port 35 are exported: Router(config)# mls nde flow include protocol tcp dest-port 35 Router(config)# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 33-16 78-14064-04...
  • Page 493: Displaying The Nde Configuration

    2.2.2.2, mask 255.255.255.0, port 23 source: ip address 0.0.0.0, mask 0.0.0.0, port 0 Total Netflow Data Export Packets are: 0 packets, 0 no packets, 0 records Router# Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 33-17 78-14064-04...
  • Page 494 Chapter 33 Configuring NDE Configuring NDE Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 33-18 78-14064-04...
  • Page 495: Understanding How Local Span And Rspan Work

    Configuring Local SPAN and RSPAN This chapter describes how to configure local Switched Port Analyzer (SPAN) and remote SPAN (RSPAN) on the Cisco 7600 series routers. The Cisco 7600 series routers support RSPAN with Release 12.1(13)E and later releases. This chapter consists of these sections: Understanding How Local SPAN and RSPAN Work, page 34-1 •...
  • Page 496: Chapter 34 Configuring Local Span And Rspan

    Understanding How Local SPAN and RSPAN Work Local SPAN Overview Local SPAN supports source ports, source VLANs, and destination ports on the same Cisco 7600 series router. Local SPAN copies traffic from one or more source ports in any VLAN or from one or more...
  • Page 497: Local Span And Rspan Sessions

    To configure an RSPAN source session on one network device, you associate a set of source ports and VLANs with an RSPAN VLAN. To configure an RSPAN destination session on another device, you associate the destination port with the RSPAN VLAN. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 34-3 78-14064-04...
  • Page 498: Monitored Traffic

    You can configure source ports in any VLAN. Trunk ports can be configured as source ports and mixed with nontrunk source ports, but SPAN does not copy the encapsulation from a source trunk port. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 34-4...
  • Page 499: Destination Ports

    Cisco 7600 Series Router Local SPAN Sessions RSPAN Source Sessions RSPAN Destination Sessions 2 (ingress or egress or both) 1 ingress 1 (ingress or egress or both) 1 or 2 egress Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 34-5 78-14064-04...
  • Page 500: Local Span And Rspan Source And Destination Limits

    When enabled, local SPAN or RSPAN uses any previously entered configuration. • When you specify sources and do not specify a traffic direction (ingress, egress, or both), “both” is used by default. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 34-6 78-14064-04...
  • Page 501: Vspan Guidelines And Restrictions

    MAC address learning is disabled on the RSPAN VLAN. You can use an output access control list (ACL) on the RSPAN VLAN in the RSPAN source router • to filter the traffic sent to an RSPAN destination. Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 34-7 78-14064-04...
  • Page 502: Configuring Local Span And Rspan

    Step 1 Creates or modifies an Ethernet VLAN, a range of Router(config)# vlan vlan_ID{[-vlan_ID]|[,vlan_ID]) Ethernet VLANs, or several Ethernet VLANs specified in a comma-separated list (do not enter space characters). Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 34-8 78-14064-04...
  • Page 503: Configuring Local Or Rspan Sources

    , vlan_range , ... When clearing monitor sessions, note the following syntax information: • The no monitor session number command entered with no other parameters clears session session_number. • session_range is first_session_number-last_session_number Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 34-9 78-14064-04...
  • Page 504: Monitoring Specific Source Vlans On A Source Trunk Port

    Configures the port to trunk unconditionally. Router(config-if)# switchport mode trunk Step 5 Configures the trunk not to use DTP. Router(config-if)# switchport nonegotiate type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 34-10 78-14064-04...
  • Page 505 When clearing monitor sessions, note the following syntax information: • Enter the no monitor session number command with no other parameters to clear session session_number. • session_range is first_session_number-last_session_number Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 34-11 78-14064-04...
  • Page 506: Verifying The Configuration

    Router(config)# monitor session 2 source interface gigabitethernet 1/2 tx Router(config)# monitor session 2 source interface port-channel 102 Router(config)# monitor session 2 source filter vlan 2 - 3 Router(config)# monitor session 2 destination remote vlan 901 Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E 34-12 78-14064-04...
  • Page 507 Router(config)# no monitor session 2 filter vlan 3 This example shows how to configure an RSPAN destination session: Router(config)# monitor session 8 source remote vlan