Cisco 6500 Series Software Configuration Manual

Hide thumbs

Advertisement

Table of Contents
Catalyst 6500 Series Switch Cisco IOS
Software Configuration Guide—Release
12.1 E
Cisco IOS Release 12.1 E
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Customer Order Number: DOC-7814099=
Text Part Number: 78-14099-04

Advertisement

Table of Contents
loading

  Related Manuals for Cisco 6500 Series

  Summary of Contents for Cisco 6500 Series

  • Page 1 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E Cisco IOS Release 12.1 E Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7814099=...
  • Page 2 OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
  • Page 3: Table Of Contents

    Using the Setup Facility or the setup Command Using Configuration Mode Checking the Running Configuration Before Saving Saving the Running Configuration Settings Reviewing the Configuration Configuring a Default Gateway Configuring a Static Route Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 4 Supervisor Engine Redundancy Guidelines and Restrictions RPR+ Guidelines and Restrictions Hardware Configuration Guidelines and Restrictions Restrictions Configuration Mode Restrictions Configuring Supervisor Engine Redundancy Configuring RPR and RPR+ Synchronizing the Supervisor Engine Configurations Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 5 Configuring a LAN Port for Layer 2 Switching Configuring a Layer 2 Switching Port as a Trunk Configuring a LAN Interface as a Layer 2 Access Port Configuring a Custom IEEE 802.1Q EtherType Field Value Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 6 Configuring Private VLANs Configuring a VLAN as a Private VLAN Associating Secondary VLANs with a Primary VLAN Mapping Secondary VLANs to the Layer 3 VLAN Interface of a Primary VLAN Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 7 Configuring EtherChannel Load Balancing Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling C H A P T E R Understanding How 802.1Q Tunneling Works 802.1Q Tunneling Configuration Guidelines and Restrictions Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 8 Message Age and Hop Count Default STP Configuration STP and MST Configuration Guidelines Configuring STP Enabling STP Enabling the Extended System ID Configuring the Root Bridge Configuring a Secondary Root Bridge Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 9 C H A P T E R Understanding How Layer 3 Switching Works Understanding Hardware Layer 3 Switching on PFC2 and DFCs Understanding Layer 3-Switched Packet Rewrite Default Hardware Layer 3 Switching Configuration Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 10 Clearing IP Multicast Layer 3 Switching Statistics Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1 C H A P T E R Understanding How IP MLS Works IP MLS Overview Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 11 Enabling IPX MLS Globally Enabling IPX MLS on a Layer 3 Interface Configuring the MLS Aging Time Configuring the Minimum IPX MLS Flow Mask Displaying IPX MLS Information Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 12 C H A P T E R ACL Configuration Guidelines Hardware and Software ACL Support Guidelines and Restrictions for Using Layer 4 Operators in ACLs Determining Layer 4 Operation Usage Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 13 Authentication Initiation and Message Exchange Ports in Authorized and Unauthorized States Supported Topologies Default 802.1X Port-Based Authentication Configuration 802.1X Port-Based Authentication Guidelines and Restrictions Configuring 802.1X Port-Based Authentication Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 14 Default Traffic Storm Control Configuration Enabling Traffic Storm Control Displaying Traffic Storm Control Settings Configuring Broadcast Suppression C H A P T E R Understanding How Broadcast Suppression Works Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 15 Configuring the Trust State of Ethernet LAN and OSM Ingress Ports Configuring the Ingress LAN Port CoS Value Configuring Standard-Queue Drop Threshold Percentages Mapping CoS Values to Drop Thresholds Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 16 C H A P T E R Understanding How Local SPAN and RSPAN Work Local SPAN and RSPAN Overview Local SPAN and RSPAN Sessions Monitored Traffic SPAN Sources Destination Ports Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 17 Running a Reverse Proxy Service Example Registering a Router to a Multicast Address Example Using Access Lists Example Setting a Password for a Router and Cache Engines Example Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 18 Using the CLI to Power Cycle Modules Determining System Power Requirements Understanding How Environmental Monitoring Works Using CLI Commands to Monitor System Environmental Status Understanding LED Environmental Indications Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 19 Contents Acronyms A P P E N D I X I N D E X Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 20 Contents Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 21 Preface This preface describes who should read the Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, how it is organized, and its document conventions. Audience This guide is for experienced network administrators who are responsible for configuring and maintaining Catalyst 6500 series switches.
  • Page 22 (CDP). Chapter 32 Configuring UDLD Describes how to configure the UniDirectional Link Detection (UDLD) protocol. Chapter 31 Configuring PFC QoS Describes how to configure quality of service (QoS). Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 23: Related Documentation

    • Catalyst 6500 Series Switch Cisco IOS System Message Guide • Release Notes for Cisco IOS Release 12.1 E on the Catalyst 6500 and Cisco 7600 • Supervisor Engine and MSFC Cisco IOS Configuration Guides and Command References—Use these publications to help you •...
  • Page 24 Internetwork Design Guide – Internetwork Troubleshooting Guide – Configuration Builder Getting Started Guide – The Cisco IOS Configuration Guides and Command References are located at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.htm For information about MIBs, go to this URL: • http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml Conventions This document uses the following conventions:...
  • Page 25: Obtaining Documentation And Submitting A Service Request

    Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...
  • Page 26 Preface Obtaining Documentation and Submitting a Service Request Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 27: Product Overview

    Except for VLANs, Layer 2 and Layer 3 configuration is stored in a standard IOS configuration file • Refer to the Release Notes for Cisco IOS Release 12.1 E on the Catalyst 6500 and Cisco 7600 Supervisor Engine and MSFC publication for complete information about the chassis, modules, and software features supported by the Catalyst 6500 series switches: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/ol_2310.htm...
  • Page 28: Configuring Embedded Ciscoview Support

    Configures the SNMP password for read/write operation. Router(config)# snmp-server community string rw Note The default password for accessing the switch web page is the enable-level password of the switch. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 29: Displaying Embedded Ciscoview Information

    Chapter 1 Product Overview Configuring Embedded CiscoView Support For more information about web access to the switch, refer to “Using the Cisco Web Browser” in the IOS Configuration Fundamentals Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/fun_c/fcprt1/fcd105.htm Displaying Embedded CiscoView Information To display the Embedded CiscoView information, enter the following EXEC commands:...
  • Page 30 Chapter 1 Product Overview Configuring Embedded CiscoView Support Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 31: Accessing The Cli

    C H A P T E R Command-Line Interfaces This chapter describes the command-line interfaces (CLIs) you use to configure the Catalyst 6500 series switches. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 6500 Series Switch Cisco IOS Command Reference publication and the Release 12.1...
  • Page 32: Accessing The Cli Through Telnet

    Router# Return. Step 3 Initiates enable mode enable. Router> enable Step 4 Completes enable mode enable. Password: password Router# Step 5 Exits the session when finished. Router# quit Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 33: Performing History Substitution

    The history buffer stores the last 20 commands you entered. History substitution allows you to access these commands without retyping them, by using special abbreviated commands. Table 2-2 lists the history substitution commands. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 34: Cisco Ios Command Modes

    Reference publication at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.htm The Cisco IOS user interface is divided into many different modes. The commands available to you depend on which mode you are currently in. To get a list of the commands in a given mode, type a question mark (?) at the system prompt.
  • Page 35: Displaying A List Of Cisco Ios Commands And Syntax

    The Cisco IOS command interpreter, called the EXEC, interprets and executes the commands you enter. You can abbreviate commands and keywords by entering just enough characters to make the command unique from other commands. For example, you can abbreviate the show command to sh and the configure terminal command to config t.
  • Page 36: Rom-Monitor Command-Line Interface

    Once you are in ROM-monitor mode, the prompt changes to rommon 1>. Enter a question mark (?) to see the available ROM-monitor commands. For more information about the ROM-monitor commands, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
  • Page 37: Configuring The Switch For The First Time

    C H A P T E R Configuring the Switch for the First Time This chapter contains information about how to initially configure the Catalyst 6500 series switch, which supplements the administration information and procedures in these publications: Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.1, at this URL: •...
  • Page 38: Configuring The Switch

    You can run the setup facility by entering the setup command at the enable prompt (#). Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 39: Configuring The Global Parameters

    Step 1 to the user EXEC prompt ( Router> The following display appears after you boot the Catalyst 6500 series switch (depending on your configuration, your display might not exactly match the example): System Bootstrap, Version 6.1(2) Copyright (c) 1994-2000 by cisco Systems, Inc.
  • Page 40 The first two sections of the configuration script (the banner and the installed hardware) appear only at initial system startup. On subsequent uses of the setup command facility, the setup script begins with the following System Configuration Dialog. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 41 This example of a yes response (displayed during the setup command facility) shows a switch with some interfaces already configured: Current interface summary Interface IP-Address OK? Method Status Protocol Vlan1 unassigned YES TFTP administratively down down Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 42 The enable and enable secret passwords need to be different for effective security. You can enter the same password for both enable and enable secret during the setup script, but you receive a warning message indicating that you should enter a different password. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 43 5 $1$S3Lx$uiTYg2UrFK1U0dgWdjvxw. enable password lab line vty 0 4 password lab no snmp-server ip routing eigrp 301 interface Vlan1 shutdown no ip address interface GigabitEthernet1/1 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 44 Class B network is 172.20.0.0, 29 subnet bits; mask is /29 Repeat this step for each interface you need to configure. Proceed to Step 3 to check and verify your configuration parameters. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 45 48 FastEthernet/IEEE 802.3 interface(s) 2 Gigabit Ethernet/IEEE 802.3 interface(s) 381K bytes of non-volatile configuration memory. 16384K bytes of Flash internal SIMM (Sector size 512K). Configuration register is 0x2102 Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 46: Using Configuration Mode

    Chapter 3 Configuring the Switch for the First Time Configuring the Switch For detailed interface configuration information, refer to the Cisco IOS Interface Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/inter_c/index.htm Using Configuration Mode If you prefer not to use the setup facility, you can configure the switch from configuration mode as follows: Connect a console terminal to the console interface of your supervisor engine.
  • Page 47: Saving The Running Configuration Settings

    Reviewing the Configuration To display information stored in NVRAM, enter the show startup-config EXEC command. The display should be similar to the display from the show running-config EXEC command. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-11 78-14099-04...
  • Page 48: Configuring A Default Gateway

    171.10.5.10 on the switch with a subnet mask and IP address 172.20.3.35 of the forwarding router: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# ip route 171.10.5.10 255.255.255.255 172.20.3.35 Router(config)# end Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-12 78-14099-04...
  • Page 49 0 transport input none line vty 0 4 exec-timeout 0 0 password lab login transport input lat pad dsipcon mop telnet rlogin udptn nasi Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-13 78-14099-04...
  • Page 50: Configuring A Bootp Server

    -- time offset (seconds) ts -- time servers <information deleted> ######################################################################### # Start of individual host entries ######################################################################### Router: tc=netcisco0: ha=0000.0ca7.ce00: ip=172.31.7.97: dross: tc=netcisco0: ha=00000c000139: ip=172.31.7.26: <information deleted> Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-14 78-14099-04...
  • Page 51: Protecting Access To Privileged Exec Commands

    Router(config)# enable secret [level level] {password | encryption-type encrypted-password} encryption method. (If enable password and enable secret commands are both set, users must enter the enable secret password.) Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-15 78-14099-04...
  • Page 52: Setting Or Changing A Line Password

    To set the TACACS+ protocol to determine whether or not a user can access privileged EXEC mode, perform this task: Command Purpose Sets the TACACS-style user ID and password-checking Router(config)# enable use-tacacs mechanism for the privileged EXEC mode. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-16 78-14099-04...
  • Page 53: Encrypting Passwords

    3-19. Configuring Multiple Privilege Levels By default, the Cisco IOS software has two modes of password security: user EXEC mode and privileged EXEC mode. You can configure up to 16 hierarchical levels of commands for each mode. By configuring multiple passwords, you can allow different sets of users to have access to specified commands.
  • Page 54 Logging In to a Privilege Level To log in at a specified privilege level, perform this task: Command Purpose Logs into a specified privilege level. Router# enable level Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-18 78-14099-04...
  • Page 55: Recovering A Lost Enable Password

    For example, in ProComm, the Alt-B keys generate the Break signal. In a Windows terminal session, you press the Break or Ctrl and Break keys simultaneously. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-19...
  • Page 56: Modifying The Supervisor Engine Startup Configuration

    ROM-monitor mode. Note The Break key is always enabled for 60 seconds after rebooting, regardless of whether the configuration-register setting has the Break key disabled. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-20 78-14099-04...
  • Page 57: Configuring The Software Configuration Register

    3-3) 0x0040 Causes system software to ignore NVRAM contents 0x0080 bit enabled 0x0100 Break disabled 0x0200 Use secondary bootstrap 0x0400 Internet Protocol (IP) broadcast with all zeros Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-21 78-14099-04...
  • Page 58 0 or slot 1 on the supervisor engine. If you set the boot field to any bit pattern other than 0 or 1, the system uses the resulting number to form a filename for booting over the network. You must set the boot field for the boot functions you require. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-22 78-14099-04...
  • Page 59 Step 5 Reboots to make your changes take effect. Router# reload To modify the configuration register while the switch is running Cisco IOS, follow these steps: Step 1 Enter the enable command and your password to enter privileged level as follows: Router>...
  • Page 60: Specifying The Startup System Image

    Security Features, page 3-25 • Flash Memory Configuration Process, page 3-25 The descriptions in the following sections applies to both the bootflash device and to removable Flash Note memory cards. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-24 78-14099-04...
  • Page 61: Bootldr Environment Variable

    Flash Memory Configuration Process To configure your switch to boot from Flash memory, follow these steps: Copy a system image to Flash memory using TFTP or rcp (refer to the Cisco IOS Configuration Step 1 Fundamentals Configuration Guide, Release 12.1, “Cisco IOS File Management,” “Loading and Maintaining System Images,”...
  • Page 62: Config_File Environment Variable

    For Class A Flash file systems, the CONFIG_FILE environment variable specifies the file system and filename of the configuration file to use for initialization (startup). Valid file systems can include nvram:, slot0:, and sup-bootflash:. For detailed file management configuration information, refer to the Cisco IOS Configuration Fundamentals Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/fun_c/index.htm...
  • Page 63 Router (config)# end Router# copy system:running-config nvram:startup-config [ok] Router# show bootvar BOOT variable = sup-bootflash:c6sup-js-mz.120-7.XE.bin,1; CONFIG_FILE variable does not exist BOOTLDR variable = bootflash:c6msfc-boot-mz.120-7.XE.bin Configuration register is 0x0 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-27 78-14099-04...
  • Page 64 Chapter 3 Configuring the Switch for the First Time Modifying the Supervisor Engine Startup Configuration Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-28 78-14099-04...
  • Page 65: Chapter 4 Configuring Ehsa Supervisor Engine Redundancy

    C H A P T E R Configuring EHSA Supervisor Engine Redundancy With 12.1 E releases earlier than Release 12.1(13)E, the Catalyst 6500 series switch supports dual supervisor engines with EHSA. EHSA is not supported in Release 12.1(13)E and later releases (see Chapter 5, “Configuring RPR and...
  • Page 66: Supervisor Engine Redundancy Requirements

    Make a separate console connection to each supervisor engine. Do not connect a “Y” cable to the console ports. Both supervisor engines must have the same system image (see the “Copying Files to the Redundant • Supervisor Engine” section on page 4-4). Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 67: Synchronizing The Supervisor Engine Configurations

    Router(config)# redundancy Router(config-r)# main-cpu Router(config-r-mc)# auto-sync standard Router(config-r-mc)# auto-sync bootvar Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 68: Displaying The Supervisor Engine Redundancy

    Copying Files to the Redundant Supervisor Engine Use the following command to copy a file to the slot0: device on a redundant supervisor engine: Router# copy source_device:source_filename slaveslot0:target_filename Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 69 Use the following command to copy a file to the bootflash: device on a redundant supervisor engine: Router# copy source_device:source_filename slavesup-bootflash:target_filename Use the following command to copy a file to the bootflash: device on a redundant MSFC: Router# copy source_device:source_filename slavebootflash:target_filename Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 70 Chapter 4 Configuring EHSA Supervisor Engine Redundancy Supervisor Engine Redundant Operation Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 71: Configuring Rpr And Rpr

    • Supervisor Engine Redundancy Overview Catalyst 6500 series switches support fault resistance by allowing a redundant supervisor engine to take over if the primary supervisor engine fails. RPR supports a switchover time of 2 to 4 minutes and RPR+ supports a switchover time of 30 to 60 seconds.
  • Page 72: Rpr Operation

    Card (MSFC or MSFC2) and Policy Feature Card (PFC or PFC2) become fully operational. The MSFC and PFC on the redundant supervisor engine come out of reset but are not operational. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 73: Supervisor Engine Synchronization

    You cannot enter CLI commands on the redundant supervisor engine. Synchronization of the startup configuration file is enabled by default in RPR+ mode. • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 74: Supervisor Engine Redundancy Guidelines And Restrictions

    • With RPR+, both supervisor engines must run the same version of Cisco IOS software. If the supervisor engines are not running the same version of Cisco IOS software, the redundant supervisor engine comes online in RPR mode.
  • Page 75: Hardware Configuration Guidelines And Restrictions

    • not enter the vtp file file_name command on a switch that has a redundant supervisor engine. Cisco IOS running on the supervisor engine and the MSFC supports redundant configurations where • the supervisor engines and MSFC routers are identical. If they are not identical, one will boot first and become active and hold the other supervisor engine and MSFC in a reset condition.
  • Page 76: Configuration Mode Restrictions

    Redundancy Mode (Operational) = Route Processor Redundancy Plus Redundancy Mode (Configured) = Route Processor Redundancy Plus Split Mode = Disabled Manual Swact = Disabled Reason: Simplex mode Communications = Down Reason: Simplex mode Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 77: Synchronizing The Supervisor Engine Configurations

    This example shows how to disable default automatic synchronization and only allow automatic synchronization of the config-registers of the active supervisor engine to the redundant supervisor engine while disallowing synchronization of the startup configuration: Router(config)# redundancy Router(config-red)# main-cpu Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 78: Displaying The Redundancy States

    Reason: Simplex mode client count = 11 client_notification_TMR = 30000 milliseconds keep_alive TMR = 9000 milliseconds keep_alive count = 0 keep_alive threshold = 18 RF debug mask = 0x0 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 79: Performing A Fast Software Upgrade

    Performing a Fast Software Upgrade Performing a Fast Software Upgrade The fast software upgrade (FSU) procedure supported by RPR allows you to upgrade the Cisco IOS image on the supervisor engines without reloading the system. If you are performing a first-time upgrade to RPR from EHSA, you must reload both supervisor engines.
  • Page 80: Copying Files To An Msfc

    Use the following command to copy a file to the bootflash: device on an active MSFC: Router# copy source_device:source_filename bootflash:target_filename Use the following command to copy a file to the bootflash: device on a redundant MSFC: Router# copy source_device:source_filename slavebootflash:target_filename Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 5-10 78-14099-04...
  • Page 81: Understanding Interface Configuration

    – For WAN interfaces, refer to the configuration note for the WAN module. Note Slot number—The slot in which the module is installed. On the Catalyst 6500 series switch, slots • are numbered starting with 1, from top to bottom.
  • Page 82: Using The Interface Command

    Configuring Interfaces Using the Interface Command Port number—The physical port number on the module. On the Catalyst 6500 series switch, the port • numbers always begin with 1. When facing the rear of the switch, ports are numbered from the left to the right.
  • Page 83 Ctrl-Z to get out of interface configuration mode and return to privileged EXEC mode. Step 7 After you configure an interface, check its status by using the EXEC show commands listed in “Monitoring and Maintaining Interfaces” section on page 6-17. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 84: Configuring A Range Of Interfaces

    With releases earlier than Release 12.1(14)E, you cannot use the no keyword with the range keyword to delete VLAN interfaces. With Release 12.1(14)E and later releases, you can use the interface range command to create • VLAN interfaces. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 85 6 08:29:29: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet5/ 3, changed state to up *Oct 6 08:29:29: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet5/ 4, changed state to up Router(config-if)# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 86: Defining And Using Interface-Range Macros

    This example shows how to change to the interface-range configuration mode using the interface-range macro enet_list: Router(config)# interface range macro enet_list Router(config-if)# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 87: Configuring Optional Interface Features

    You usually configure Ethernet port speed and duplex mode parameters to auto and allow the Catalyst 6500 series switch to negotiate the speed and duplex mode between ports. If you decide to configure the port speed and duplex modes manually, consider the following information: If you set the Ethernet port speed to auto, the switch automatically sets the duplex mode to auto.
  • Page 88 Link negotiation does not negotiate port speed. Note On Gigabit Ethernet ports, link negotiation exchanges flow-control parameters, remote fault information, and duplex information. Link negotiation is enabled by default. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 89 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:33, output never, output hang never Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 90: Configuring Jumbo Frame Support

    Understanding Jumbo Frame Support These sections describe jumbo frame support: Jumbo Frame Support Overview, page 6-11 • Ethernet Ports, page 6-12 • VLAN Interfaces, page 6-13 • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 6-10 78-14099-04...
  • Page 91 64 bytes. With a nondefault MTU size configured, 10, 10/100, and 100 Mbps Ethernet LAN ports do not check for oversize egress frames. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 6-11...
  • Page 92 On a Layer 2 port, you can only configure an MTU size that matches the global LAN port MTU size (see “Configuring the Global LAN Port MTU Size” section on page 6-14). Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 6-12 78-14099-04...
  • Page 93 “Configuring the Global LAN Port MTU Size” section on page 6-14). For Layer 2 Ethernet ports with earlier releases, the only supported MTU size is 9216 bytes. • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 6-13 78-14099-04...
  • Page 94: Configuring Ieee 802.3Z Flow Control

    Configuring IEEE 802.3Z Flow Control Gigabit Ethernet and 10-Gigabit Ethernet ports on the Catalyst 6500 series switches use flow control to stop the transmission of frames to the port for a specified time; other Ethernet ports use flow control to respond to flow-control requests.
  • Page 95: Configuring The Port Debounce Timer

    300 milliseconds 3100 milliseconds 10/100BASE-TX ports 300 milliseconds 3100 milliseconds 100BASE-FX ports 300 milliseconds 3100 milliseconds 10/100/1000BASE-TX ports 300 milliseconds 3100 milliseconds 1000BASE-TX ports 300 milliseconds 3100 milliseconds Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 6-15 78-14099-04...
  • Page 96: Adding A Description For An Interface

    To add a description for an interface, perform this task: Command Purpose Adds a description for an interface. Router(config-if)# description string Deletes a description from an interface. Router(config-if)# no description Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 6-16 78-14099-04...
  • Page 97: Understanding Online Insertion And Removal

    LEDs before continuing. For module LED descriptions, refer to the Catalyst 6500 Series Switch Installation Guide. When a module has been removed or installed, the Catalyst 6500 series switch stops processing traffic for the module and scans the system for a configuration change. Each interface type is verified against the system configuration, and then the system runs diagnostics on the new module.
  • Page 98: Clearing Counters On An Interface

    The clear counters command clears all the current counters from the interface unless the optional arguments specify a specific interface. The clear counters command clears counters displayed with the EXEC show interfaces command, not Note counters retrieved using SNMP. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 6-18 78-14099-04...
  • Page 99: Resetting An Interface

    To check if an interface is disabled, enter the EXEC show interfaces command. An interface that has been shut down is shown as administratively down in the show interfaces command display. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 6-19...
  • Page 100 Chapter 6 Configuring Interfaces Monitoring and Maintaining Interfaces Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 6-20 78-14099-04...
  • Page 101: Understanding How Layer 2 Switching Works

    This chapter describes how to use the command-line interface (CLI) to configure Ethernet, Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet LAN ports for Layer 2 switching on the Catalyst 6500 series switches. The configuration tasks in this chapter apply to LAN ports on LAN switching modules and to the LAN ports on the supervisor engine.
  • Page 102: Understanding Vlan Trunks

    2-Gbps effective bandwidth. Switching Frames Between Segments Each LAN port on a Catalyst 6500 series switch can connect to a single workstation or server, or to a hub through which workstations or servers connect to the network.
  • Page 103: Trunking Overview

    To autonegotiate trunking, the LAN ports must be in the same VTP domain. Use the trunk or nonegotiate keywords to force LAN ports in different domains to trunk. For more information on VTP domains, see Chapter 8, “Configuring VTP.” Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 104: Layer 2 Lan Port Modes

    Puts the LAN port into permanent trunking mode but prevents the port from generating DTP frames. You must configure the neighboring port manually as a trunk port to establish a trunk link. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 105: Default Layer 2 Lan Interface Configuration

    19 for 10/100-Mbps Fast Ethernet LAN ports • 19 for 100-Mbps Fast Ethernet LAN ports • 4 for 1,000-Mbps Gigabit Ethernet LAN ports • 2 for 10,000-Mbps 10-Gigabit Ethernet LAN • ports Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 106: Layer 2 Lan Interface Configuration Guidelines And Restrictions

    BPDUs on each VLAN allowed on the trunks. The BPDUs on the native VLAN of the trunk are sent untagged to the reserved IEEE 802.1d spanning tree multicast MAC address (01-80-C2-00-00-00). The BPDUs on all other VLANs on the trunk are sent tagged to the reserved Cisco Shared Spanning Tree (SSTP) multicast MAC address (01-00-0c-cc-cc-cd).
  • Page 107: Configuring Lan Interfaces For Layer 2 Switching

    Configuring LAN Interfaces for Layer 2 Switching Configuring LAN Interfaces for Layer 2 Switching These sections describe how to configure Layer 2 switching on the Catalyst 6500 series switches: Configuring a LAN Port for Layer 2 Switching, page 7-7 •...
  • Page 108: Configuring A Layer 2 Switching Port As A Trunk

    (required only if the LAN port is not already configured for Layer 2 switching; see the “Configuring a LAN Port for Layer 2 Switching” section on page 7-7). type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 109 Table 7-2 on page 7-4 for information about trunking modes. • Note Complete the steps in the “Completing Trunk Configuration” section on page 7-13 after performing the tasks in this section. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 110 Complete the steps in the “Preparing a Layer 2 Switching Port for Configuration as a Trunk” section on Note page 7-8 before performing the tasks in this section. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 7-10 78-14099-04...
  • Page 111 Complete the steps in the “Preparing a Layer 2 Switching Port for Configuration as a Trunk” section on page 7-8 before performing the tasks in this section. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 7-11 78-14099-04...
  • Page 112 With Release 12.1(11b)E or later, you can remove VLAN 1. If you remove VLAN 1 from a trunk, • the trunk interface continues to send and receive management traffic, for example, Cisco Discovery Protocol (CDP), VLAN Trunking Protocol (VTP), Port Aggregation Protocol (PAgP), and DTP in VLAN 1.
  • Page 113 The default list of VLANs allowed to be pruned contains all VLANs. • Network devices in VTP transparent mode do not send VTP Join messages. On Catalyst 6500 series • switches with trunk connections to network devices in VTP transparent mode, configure the VLANs used by the transparent-mode network devices or that need to be carried across the transparent-mode network devices as pruning ineligible.
  • Page 114: Configuring A Lan Interface As A Layer 2 Access Port

    Selects the LAN port to configure. Router(config)# interface type slot/port Step 2 (Optional) Shuts down the interface to prevent traffic flow Router(config-if)# shutdown until configuration is complete. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 7-14 78-14099-04...
  • Page 115 This example shows how to verify the configuration: Router# show running-config interface fastethernet 5/6 Building configuration... Current configuration: interface FastEthernet5/6 no ip address switchport access vlan 200 switchport mode access Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 7-15 78-14099-04...
  • Page 116: Configuring A Custom Ieee 802.1Q Ethertype Field Value

    VLAN. If you misconfigure a custom EtherType field value, frames might be placed into the wrong VLAN. You can configure a custom EtherType field value on these modules: • Supervisor engines – WS-X6516A-GBIC – Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 7-16 78-14099-04...
  • Page 117 You cannot form an EtherChannel from ports that are configured with custom EtherType field • values. This example shows how to configure the EtherType field value to 0x1234: Router (config-if)# switchport dot1q ethertype 1234 Router (config-if)# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 7-17 78-14099-04...
  • Page 118 Chapter 7 Configuring LAN Ports for Layer 2 Switching Configuring LAN Interfaces for Layer 2 Switching Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 7-18 78-14099-04...
  • Page 119: Configuring Vtp

    C H A P T E R Configuring VTP This chapter describes how to configure the VLAN Trunking Protocol (VTP) on the Catalyst 6500 series switches. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
  • Page 120: Understanding The Vtp Domain

    (CLI) or Simple Network Management Protocol (SNMP). By default, the Catalyst 6500 series switch is in VTP server mode and is in the no-management domain state until the switch receives an advertisement for a domain over a trunk link or you configure a management domain.
  • Page 121: Understanding Vtp Version 2

    For VTP pruning to be effective, all devices in the management domain must support VTP pruning. On devices that do not support VTP pruning, you must manually configure the VLANs allowed on trunks. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 122 Switch 1. Switch 1 floods the broadcast, and every network device in the network receives it, even though Switches 3, 5, and 6 have no ports in the Red VLAN. You enable pruning globally on the Catalyst 6500 series switch (see the “Enabling VTP Pruning” section on page 8-7).
  • Page 123: Vtp Default Configuration

    2-capable network devices in the domain enable VTP version 2. In a Token Ring environment, you must enable VTP version 2 for Token Ring VLAN switching to • function properly. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 124: Configuring Vtp Global Parameters

    If there is insufficient DRAM available for use by VTP, the VTP mode changes to transparent. • Network devices in VTP transparent mode do not send VTP Join messages. On Catalyst 6500 series • switches with trunk connections to network devices in VTP transparent mode, configure the VLANs that are used by the transparent-mode network devices or that need to be carried across trunks as pruning ineligible.
  • Page 125: Enabling Vtp Pruning

    Every network device in the VTP domain must use the same VTP version. Do not enable VTP version 2 unless every network device in the VTP domain supports version 2. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 126: Configuring The Vtp Mode

    VTP server in the domain. You cannot clear the domain name. Note Step 3 Exits VLAN configuration mode. Router(config)# end Step 4 Verifies the configuration. Router# show vtp status Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 127 Configuration last modified by 127.0.0.12 at 8-7-02 11:21:43 Router# This example shows how to disable VTP on the switch: Router# configure terminal Router(config)# vtp mode transparent Setting device to VTP TRANSPARENT mode. Router(config)# end Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 128: Displaying Vtp Statistics

    Number of config digest errors Number of V1 summary errors VTP pruning statistics: Trunk Join Transmitted Join Received Summary advts received from non-pruning-capable device ---------------- ---------------- ---------------- --------------------------- Fa5/8 43071 42766 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 8-10 78-14099-04...
  • Page 129: Configuring Vlans

    C H A P T E R Configuring VLANs This chapter describes how to configure VLANs on the Catalyst 6500 series switches. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
  • Page 130: Vlan Ranges

    15-3). With Release 12.1(13)E and later releases, Catalyst 6500 series switches support 4096 VLANs in accordance with the IEEE 802.1Q standard. These VLANs are organized into several ranges; you use each range slightly differently. Some of these VLANs are propagated to other switches in the network when you use the VLAN Trunking Protocol (VTP).
  • Page 131: Configurable Vlan Parameters

    • Catalyst 6500 series switches do not support Inter-Switch Link (ISL)-encapsulated Token Ring frames. Note When a Catalyst 6500 series switch is configured as a VTP server, you can configure Token Ring VLANs from the switch. Token Ring TrBRF VLANs...
  • Page 132 Ring Ring For source routing, the Catalyst 6500 series switch appears as a single bridge between the logical rings. The TrBRF can function as a source-route bridge (SRB) or a source-route transparent (SRT) bridge running either the IBM or IEEE STP. If an SRB is used, you can define duplicate MAC addresses on different logical rings.
  • Page 133 TrCRFs through the backup TrCRF. When the ISL connection is reestablished, all but one port in the backup TrCRF is disabled. Figure 9-4 illustrates the backup TrCRF. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 134: Vlan Default Configuration

    Default Range VLAN ID 1002 1–1005 VLAN name “fddi-default” — 802.10 SAID 101002 1–4294967294 MTU size 1500 1500–18190 Ring number 1–4095 Parent VLAN 0–1005 Translational bridge 1 0–1005 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 135 VLAN state active active, suspend Table 9-6 Token Ring (TrBRF) VLAN Defaults and Ranges Parameter Default Range VLAN ID 1005 1–1005 VLAN name “trnet-default” — 802.10 SAID 101005 1–4294967294 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 136: Vlan Configuration Guidelines And Restrictions

    Before installing a redundant supervisor engine, enter the no vtp file command to return to the • default configuration. Before you can create a VLAN, the Catalyst 6500 series switch must be in VTP server mode or VTP • transparent mode. For information on configuring VTP, see Chapter 8, “Configuring VTP.”...
  • Page 137: Vlan Configuration Options

    Chapter 9 Configuring VLANs Configuring VLANs When a Catalyst 6500 series switch is configured as a VTP server, you can configure FDDI and • Token Ring VLANs from the switch. • You must configure a TrBRF before you configure the TrCRF (the parent TrBRF VLAN you specify must exist).
  • Page 138: Creating Or Modifying An Ethernet Vlan

    Router(config-vlan)# end Updates the VLAN database and returns to privileged EXEC mode. Router(vlan)# exit Step 4 Router# show vlan [id | name] vlan Verifies the VLAN configuration. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 9-10 78-14099-04...
  • Page 139 ---- -------------------------------- --------- --------------------- VLAN0003 active VLAN Type SAID Parent RingNo BridgeNo Stp Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- ------ ------ enet 100003 1500 Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 9-11 78-14099-04...
  • Page 140: Assigning A Layer 2 Lan Interface To A Vlan

    The valid range of user-configurable ISL VLANs is 1 through 1001 and 1006 through 4094. The valid range of VLANs specified in the IEEE 802.1Q standard is 1 to 4094. You can map 802.1Q VLAN numbers to ISL VLAN numbers. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 9-12 78-14099-04...
  • Page 141 ISL VLAN is blocked. For example, if you map 802.1Q VLAN 1007 to ISL VLAN 200, traffic on 802.1Q VLAN 200 is blocked. VLAN mappings are local to each Catalyst 6500 series switch. Make sure you configure the same •...
  • Page 142 Chapter 9 Configuring VLANs Configuring VLANs Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 9-14 78-14099-04...
  • Page 143: Chapter 10 Configuring Private Vlans

    C H A P T E R Configuring Private VLANs This chapter describes how to configure private VLANs on the Catalyst 6500 series switches. Release 12.1 E supports private VLANs with Release 12.1(11b)E and later. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
  • Page 144: Private Vlan Configuration Restrictions And Guidelines

    Configure Layer 3 VLAN interfaces only for primary VLANs. Layer 3 VLAN interfaces for isolated • and community VLANs are inactive while the VLAN is configured as an isolated or community VLAN. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 10-2 78-14099-04...
  • Page 145 Private VLAN ports can be on different network devices as long as the devices are trunk connected • and the primary and secondary VLANs have not been removed from the trunk. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 10-3 78-14099-04...
  • Page 146 You cannot apply VACLs to secondary VLANs (see the “Configuring VLAN ACLs” section on • page 23-8). To apply Cisco IOS output ACLs to all outgoing private VLAN traffic, configure them on the Layer • 3 VLAN interface of the primary VLAN (see Chapter 23, “Configuring Network Security”).
  • Page 147: Configuring A Vlan As A Private Vlan

    This example shows how to configure VLAN 202 as a primary VLAN and verify the configuration: Router# configure terminal Router(config)# vlan 202 Router(config-vlan)# private-vlan primary Router(config-vlan)# end Router# show vlan private-vlan Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 10-5 78-14099-04...
  • Page 148: Associating Secondary Vlans With A Primary Vlan

    The secondary_vlan_list parameter can contain only one isolated VLAN ID. • Enter a secondary_vlan_list or use the add keyword with a secondary_vlan_list to associate • secondary VLANs with a primary VLAN. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 10-6 78-14099-04...
  • Page 149: Mapping Secondary Vlans To The Layer 3 Vlan Interface Of A Primary Vlan

    The secondary_vlan_list parameter cannot contain spaces. It can contain multiple comma-separated • items. Each item can be a single private VLAN ID or a hyphenated range of private VLAN IDs. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 10-7 78-14099-04...
  • Page 150: Configuring A Layer 2 Interface As A Private Vlan Host Port

    Router(config-if)# no switchport private-vlan host-association Step 5 Exits configuration mode. Router(config-if)# end Step 6 Verifies the configuration. Router# show interfaces [type slot/port] switchport type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 10-8 78-14099-04...
  • Page 151: Configuring A Layer 2 Interface As A Private Vlan Promiscuous Port

    VLANs. Step 5 Exits configuration mode. Router(config-if)# end Step 6 Verifies the configuration. Router# show interfaces [type slot/port] switchport type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 10-9 78-14099-04...
  • Page 152 Administrative private-vlan host-association: none ((Inactive)) Administrative private-vlan mapping: 202 (VLAN0202) 303 (VLAN0303) 440 (VLAN0440) Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 10-10 78-14099-04...
  • Page 153: Configuring Cisco Ip Phone Support

    C H A P T E R Configuring Cisco IP Phone Support This chapter describes how to configure support for Cisco IP Phones on the Catalyst 6500 series switches. Release 12.1(13)E and later releases support Cisco IP Phones. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 6500 Series Switch Cisco IOS Command Reference publication for this release.
  • Page 154: Cisco Ip Phone Voice Traffic

    The Cisco IP Phone transmits voice traffic with Layer 3 IP precedence and Layer 2 CoS values, which are both set to 5 by default. The sound quality of a Cisco IP Phone call can deteriorate if the voice traffic is transmitted unevenly.
  • Page 155: Cisco Ip Phone Data Traffic

    Untrusted mode—All traffic in 802.1Q or 802.1p frames received through the access port on the • Cisco IP Phone is marked with a configured Layer 2 CoS value. The default Layer 2 CoS value is 0. Untrusted mode is the default.
  • Page 156: Default Cisco Ip Phone Support Configuration

    Cisco IP Phones may have different power requirements. The supervisor engine initially allocates the configured default of 7 W (167 mA at 42V) to the Cisco IP Phone. When the correct amount of power is determined from the CDPv2 messaging with the Cisco IP Phone, the supervisor engine reduces or increases the allocated power.
  • Page 157: Configuring Cisco Ip Phone Support

    – – If the Cisco IP Phone uses 802.1Q frames and the voice VLAN is the same as the access VLAN • The Cisco IP Phone and a device attached to the Cisco IP Phone cannot communicate if they are in the same VLAN and subnet but use different frame types, because traffic between devices in the same subnet is not routed (routing would eliminate the frame type difference).
  • Page 158 When configuring the way in which the Cisco IP Phone transmits voice traffic, note the following syntax information: Enter a voice VLAN ID to send CDPv2 packets that configure the Cisco IP Phone to transmit voice • traffic in 802.1Q frames, tagged with the voice VLAN ID and a Layer 2 CoS value (the default is 5).
  • Page 159: Configuring Data Traffic Support

    To send CDPv2 packets that configure the Cisco IP Phone to trust tagged traffic received from a • device connected to the access port on the Cisco IP Phone, do not enter the cos keyword and CoS value. To send CDPv2 packets that configure the Cisco IP Phone to mark tagged ingress traffic received •...
  • Page 160: Configuring Inline Power Support

    [fastethernet slot/port] When configuring inline power support, note the following syntax information: • To configure auto-detection of a Cisco IP Phone, enter the auto keyword. To disable auto-detection of a Cisco IP Phone, enter the never keyword. • This example shows how to disable inline power on Fast Ethernet port 5/1:...
  • Page 161: Chapter 12 Configuring Layer 3 Interfaces

    C H A P T E R Configuring Layer 3 Interfaces This chapter contains information about how to configure Layer 3 interfaces on the Catalyst 6500 series switches, which supplements the information and procedures in the Release 12.1 publications at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.htm...
  • Page 162: Configuring Ip Routing And Addresses

    Chapter 9, “Configuring VLANs” Chapter 8, “Configuring VTP.” Catalyst 6500 series switches support Layer 3 trunks only on the 4-port Gigabit Ethernet WAN • modulea (OSM-4GE-WAN and OSM-2+4GE-WAN+). You cannot configure subinterfaces or use the encapsulation keyword on LAN ports. Catalyst 6500 series switches support Layer 2 trunks and Layer 3 VLAN interfaces, which provide equivalent capabilities for LAN ports.
  • Page 163 The Multilayer Switch Feature Card 2 (MSFC2) provides processing in software for route-map sequences that use the match length and set interface keywords. To configure PBR, refer to the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.1, “Classification,” “Configuring Policy-Based Routing,” at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/qos_c/qcprt1/qcdpbr.htm...
  • Page 164 TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Policy routing is disabled Network address translation is disabled WCCP Redirect outbound is disabled Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 12-4 78-14099-04...
  • Page 165 Fast Ethernet port 5/4: Router# show running-config interfaces fastethernet 5/4 Building configuration... Current configuration: interface FastEthernet5/4 description "Router port" ip address 172.20.52.106 255.255.255.248 no ip directed-broadcast Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 12-5 78-14099-04...
  • Page 166: Configuring Ipx Routing And Network Numbers

    Configuring IPX Routing and Network Numbers Configuring IPX Routing and Network Numbers For complete information and procedures, refer to these publications: Cisco IOS AppleTalk and Novell IPX Configuration Guide, Release 12.1, at this URL: • http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/atipx_c/index.htm Cisco IOS AppleTalk and Novell IPX Command Reference, Release 12.1, at this URL: •...
  • Page 167: Configuring Appletalk Routing, Cable Ranges, And Zones

    Configuring AppleTalk Routing, Cable Ranges, and Zones Configuring AppleTalk Routing, Cable Ranges, and Zones For complete information and procedures, refer to these publications: Cisco IOS AppleTalk and Novell IPX Configuration Guide, Release 12.1, at this URL: • http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/atipx_c/index.htm Cisco IOS AppleTalk and Novell IPX Command Reference, Release 12.1, at this URL: •...
  • Page 168: Configuring Other Protocols On Layer 3 Interfaces

    Configuring Other Protocols on Layer 3 Interfaces Configuring Other Protocols on Layer 3 Interfaces Refer to these publications for information about configuring other protocols on Layer 3 interfaces: Cisco IOS Apollo Domain, VINES, DECnet, ISO CLNS, and XNS Configuration Guide, • Release 12.1, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/apollo_c/index.htm...
  • Page 169: Configuring Etherchannels

    • Catalyst 6500 Series Switch Cisco IOS Command Reference publication. The commands in the following sections can be used on all LAN ports in Catalyst 6500 series • switches, including the ports on the supervisor engine and a redundant supervisor engine.
  • Page 170: Etherchannel Feature Overview

    You can form an EtherChannel with up to eight compatibly configured LAN ports on any module in a Catalyst 6500 series switch. All LAN ports in each EtherChannel must be the same speed and must all be configured as either Layer 2 or Layer 3 LAN ports.
  • Page 171 Release 12.1(13)E and later releases support IEEE 802.3ad LACP EtherChannels. LACP supports the automatic creation of EtherChannels by exchanging LACP packets between LAN ports. LACP packets are exchanged only between ports in passive and active modes. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 13-3 78-14099-04...
  • Page 172 You can configure an additional 8 standby ports (total of 16 ports associated with the EtherChannel). Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 13-4 78-14099-04...
  • Page 173: Understanding Port Channel Interfaces

    Configure all LAN ports in an EtherChannel to operate at the same speed and in the same duplex mode. LACP does not support half-duplex. Half-duplex ports in an LACP EtherChannel are put in the • suspended state. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 13-5 78-14099-04...
  • Page 174: Configuring Etherchannels

    With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC mode • commands by entering the do keyword before the EXEC mode command. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 13-6 78-14099-04...
  • Page 175: Configuring Port Channel Logical Interfaces For Layer 3 Etherchannels

    This example shows how to verify the configuration of port channel interface 1: Router# show running-config interface port-channel 1 Building configuration... Current configuration: interface Port-channel1 ip address 172.32.52.10 255.255.255.0 no ip directed-broadcast Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 13-7 78-14099-04...
  • Page 176: Configuring Channel Groups

    You cannot put Layer 2 LAN ports into a manually created port channel interface. For Cisco IOS to create port channel interfaces for Layer 2 EtherChannels, the Layer 2 LAN ports •...
  • Page 177 Local information: Hello Partner PAgP Learning Group Port Flags State Timers Interval Count Priority Method Ifindex Fa5/2 U1/S1 Age of the port in the current state: 04d:18h:57m:19s Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 13-9 78-14099-04...
  • Page 178: Configuring The Lacp System Priority And System Id

    This example shows how to verify the configuration: Router# show lacp sys-id 23456,0050.3e8d.6400 Router# The system priority is displayed first, followed by the MAC address of the switch. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 13-10 78-14099-04...
  • Page 179: Configuring Etherchannel Load Balancing

    Router# configure terminal Router(config)# port-channel load-balance src-dst-ip Router(config)# end Router(config)# This example shows how to verify the configuration: Router# show etherchannel load-balance Source XOR Destination IP address Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 13-11 78-14099-04...
  • Page 180 Chapter 13 Configuring EtherChannels Configuring EtherChannels Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 13-12 78-14099-04...
  • Page 181: Understanding How 802.1Q Tunneling Works

    Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling With Release 12.1(13)E and later, the Catalyst 6500 series switches support IEEE 802.1Q tunneling and Layer 2 protocol tunneling. This chapter describes how to configure IEEE 802.1Q tunneling and Layer 2 protocol tunneling on the Catalyst 6500 series switches.
  • Page 182 Trunk Trunk ports ports Tunnel port Tunnel port VLAN 40 VLAN 40 Customer B Customer B Trunk VLANs 1 to 200 VLANs 1 to 200 Asymmetric link Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 14-2 78-14099-04...
  • Page 183 Tunnel traffic carries a second 802.1Q tag only when it is on a trunk link between service-provider network devices, with the outer tag containing the service-provider-assigned VLAN ID and the inner tag containing the customer-assigned VLAN IDs. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 14-3 78-14099-04...
  • Page 184: 802.1Q Tunneling Configuration Guidelines And Restrictions

    Tunnel ports learn customer MAC addresses. • On an asymmetrical link, the Cisco Discovery Protocol (CDP) reports a native VLAN mismatch if • the VLAN of the tunnel port does not match the native VLAN of the 802.1Q trunk. The 802.1Q tunnel feature does not require that the VLANs match.
  • Page 185: Configuring 802.1Q Tunneling

    Ensure that only the appropriate tunnel ports are in any VLAN used for tunneling and that one VLAN is Caution used for each tunnel. Incorrect assignment of tunnel ports to VLANs can forward traffic inappropriately. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 14-5 78-14099-04...
  • Page 186: Preconfiguration Tasks

    Step 3 Configures the Layer 2 port as a tunnel port. Router(config-if)# switchport mode dot1qtunnel Clears the tunnel port configuration. Router(config-if)# no switchport mode dot1qtunnel Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 14-6 78-14099-04...
  • Page 187: Configuring The Switch To Tag Native Vlan Traffic

    PDUs creates different spanning tree domains (different spanning tree roots) for the customer switches. For example, STP for a VLAN on switch 1 (see Figure 14-3) builds a spanning tree Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 14-7 78-14099-04...
  • Page 188: Configuring Support For Layer 2 Protocol Tunneling

    An ingress edge switch rewrites the destination MAC address of the PDUs received on a Layer 2 tunnel port with the Cisco proprietary multicast address (01-00-0c-cd-cd-d0). The PDU is then flooded to the native VLAN of the Layer 2 tunnel port. If you enable Layer 2 protocol tunneling on a port, PDUs of an enabled protocol are not sent out.
  • Page 189 A new keyword, l2ptguard, has been added to the following commands: Note • errdisable detect cause • errdisable recovery cause Refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication for more information. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 14-9...
  • Page 190 Router# show l2protocol-tunnel summary Port Protocol Threshold (cos/cdp/stp/vtp) ---------------------------------------- Router# This example shows how to clear Layer 2 protocol tunneling port counters: Router# clear l2protocol-tunnel counters Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 14-10 78-14099-04...
  • Page 191: Configuring Stp And Ieee 802.1S Mst

    For information on configuring the PortFast, UplinkFast, and BackboneFast STP enhancements, see Note • Chapter 16, “Configuring Optional STP Features.” Release 12.1(13)E and later releases support IEEE 802.1s MST and IEEE 802.1w, rapid • reconfiguration of spanning tree. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-1 78-14099-04...
  • Page 192: Understanding How Stp Works

    LAN segment or a switched LAN of multiple segments. Catalyst 6500 series switches use STP (the IEEE 802.1D bridge protocol) on all VLANs. By default, a single instance of STP runs on each configured VLAN (provided you do not manually disable STP). You can enable and disable STP on a per-VLAN basis.
  • Page 193: Understanding The Bridge Id

    1024 STP MAC Address Allocation Catalyst 6500 series switch chassis have either 64 or 1024 MAC addresses available to support software features such as STP. To view the MAC address range on your chassis, enter the show catalyst6000 chassis-mac-address command.
  • Page 194: Understanding Bridge Protocol Data Units

    When you change the bridge priority value, you change the probability that the switch will be elected as the root bridge. Configuring a higher value increases the probability; a lower value decreases the probability. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-4 78-14099-04...
  • Page 195: Stp Protocol Timers

    The goal is to make the fastest link the root port. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-5...
  • Page 196: Stp Port States

    LAN before starting to forward frames. They must allow the frame lifetime to expire for frames that have been forwarded using the old topology. Each Layer 2 LAN port on a Catalyst 6500 series switch using STP exists in one of the following five states: •...
  • Page 197 Forwarding state When you enable STP, every port in the Catalyst 6500 series switch, VLAN, and network goes through the blocking state and the transitory states of listening and learning at power up. If properly configured, each Layer 2 LAN port stabilizes to the forwarding or blocking state.
  • Page 198: Blocking State

    Receives BPDUs and directs them to the system module. • Does not transmit BPDUs received from the system module. • • Receives and responds to network management messages. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-8 78-14099-04...
  • Page 199: Listening State

    Receives BPDUs and directs them to the system module. • Receives, processes, and transmits BPDUs received from the system module. • Receives and responds to network management messages. • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-9 78-14099-04...
  • Page 200: Learning State

    Receives BPDUs and directs them to the system module. • Receives, processes, and transmits BPDUs received from the system module. • Receives and responds to network management messages. • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-10 78-14099-04...
  • Page 201: Forwarding State

    • Receives BPDUs and directs them to the system module. • Processes BPDUs received from the system module. • Receives and responds to network management messages. • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-11 78-14099-04...
  • Page 202: Disabled State

    • STP and IEEE 802.1Q Trunks 802.1Q trunks impose some limitations on the STP strategy for a network. In a network of Cisco network devices connected through 802.1Q trunks, the network devices maintain one instance of STP for each VLAN allowed on the trunks. However, non-Cisco 802.1Q network devices maintain only one instance of STP for all VLANs allowed on the trunks.
  • Page 203: Understanding How Ieee 802.1W Rstp Works

    In Cisco IOS release 12.1(11)EX and later releases, RSTP is implemented as part of Multiple Spanning Note Tree Protocol (MSTP). In Cisco IOS release 12.1(13)E and later releases, RSTP is also available as a standalone protocol in Rapid-Per-VLAN-Spanning Tree (Rapid-PVST) mode. In this mode, the switch runs an RSTP instance on each VLAN, which follows the usual PVST+ approach.
  • Page 204: Rstp Port States

    In Cisco IOS release 12.1(11)EX and later releases, RSTP is implemented as part of Multiple Spanning Tree Protocol (MSTP). In Cisco IOS release 12.1(13)E and later releases, RSTP is also available as a standalone protocol in Rapid-Per-VLAN-Spanning Tree (Rapid-PVST) mode. In this mode, the switch runs an RSTP instance on each VLAN, which follows the usual PVST+ approach.
  • Page 205: Ieee 802.1S Mst Overview

    (RST) algorithm to multiple spanning trees. This extension provides both rapid convergence and load balancing in a VLAN environment. MST converges faster than PVST+. MST is backward compatible with 802.1D STP, 802.1w (rapid spanning tree protocol [RSTP]), and the Cisco PVST+ architecture.
  • Page 206: Mst-To-Pvst Interoperability

    Figure 15-8 Network with Interconnected SST and MST Regions Region Region Region F/f = Forwarding B/b = Blocking R = Root Bridge Region = Root port Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-16 78-14099-04...
  • Page 207 VLANs on its designated ports, root guard sets the port to the blocking state. Do not designate switches with a slower CPU running PVST+ as a switch running MST. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-17...
  • Page 208: Common Spanning Tree

    CST (802.1Q) is a single spanning tree for all the VLANs. In a Catalyst 6000 family switch running PVST+, the VLAN 1 spanning tree corresponds to CST. In a Catalyst 6500 series switch running MST, IST (instance 0) corresponds to CST.
  • Page 209: Mst Regions

    If the CST root is outside the MST region, then one of the MST bridges at the boundary is selected as the IST master. Other bridges on the boundary that belong to the same region eventually block the boundary ports that lead to the root. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-19 78-14099-04...
  • Page 210: Message Age And Hop Count

    The message age and maximum age timer settings in the RST portion of the BPDU remain the same throughout the region, and the same values are propagated by the region’s designated ports at the boundary. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-20 78-14099-04...
  • Page 211: Default Stp Configuration

    Do not use PVST bridges as the root of CST. • Ensure that all PVST spanning tree root bridges have lower (numerically higher) priority than the • CST root bridge. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-21 78-14099-04...
  • Page 212: Configuring Stp

    Do not disable spanning tree in a VLAN without ensuring that there are no physical loops present in the VLAN. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-22...
  • Page 213: Enabling Stp

    STP is enabled by default on VLAN 1 and on all newly created VLANs. Note You can enable STP on a per-VLAN basis. The Catalyst 6500 series switch maintains a separate instance of STP for each VLAN (except on VLANs on which you disable STP).
  • Page 214: Enabling The Extended System Id

    Note When you enable or disable the extended system ID, the bridge IDs of all active STP instances are updated, which might change the spanning tree topology. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-24 78-14099-04...
  • Page 215: Configuring The Root Bridge

    Extended system ID is enabled. Configuring the Root Bridge Catalyst 6500 series switches maintain a separate instance of STP for each active VLAN. A bridge ID, consisting of the bridge priority and the bridge MAC address, is associated with each instance. For each VLAN, the network device with the lowest bridge ID becomes the root bridge for that VLAN.
  • Page 216: Configuring A Secondary Root Bridge

    Step 2 Exits configuration mode. Router(config)# end This example shows how to configure the Catalyst 6500 series switch as the root bridge for VLAN 10, with a network diameter of 4: Router# configure terminal Router(config)# spanning-tree vlan 10 root primary diameter 4...
  • Page 217: Configuring Stp Port Priority

    The possible priority range is 0 through 240 (default 128), configurable in increments of 16. Cisco IOS uses the port priority value when the LAN port is configured as an access port and uses VLAN port priority values when the LAN port is configured as a trunk port.
  • Page 218 ---------------- ---- --- --------- -------- -------------------------------- VLAN0001 Back BLK 200000 160.196 VLAN0006 Back BLK 200000 160.196 VLAN0199 Back BLK 200000 160.196 VLAN0200 Desg FWD 200000 64.196 Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-28 78-14099-04...
  • Page 219: Configuring Stp Port Cost

    This example shows how to verify the configuration: Router# show spanning-tree interface fastEthernet 4/4 Vlan Role Sts Cost Prio.Nbr Status ---------------- ---- --- --------- -------- -------------------------------- VLAN0001 Back BLK 1000 160.196 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-29 78-14099-04...
  • Page 220: Configuring The Bridge Priority Of A Vlan

    Be careful when using this command. For most situations, we recommend that you enter the Note spanning-tree vlan vlan_ID root primary and the spanning-tree vlan vlan_ID root secondary commands to modify the bridge priority. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-30 78-14099-04...
  • Page 221 This example shows how to verify the configuration: Router# show spanning-tree vlan 200 bridge Hello Max Vlan Bridge ID Time Age Delay Protocol ---------------- -------------------- ---- ---- ----- -------- VLAN200 33792 0050.3e8d.64c8 ieee Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-31 78-14099-04...
  • Page 222: Configuring The Hello Time

    Reverts to the default forward time. Router(config)# no spanning-tree vlan vlan_ID forward-time Step 2 Exits configuration mode. Router(config)# end Step 3 Verifies the configuration. Router# show spanning-tree vlan vlan_ID bridge [detail] Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-32 78-14099-04...
  • Page 223: Configuring The Maximum Aging Time For A Vlan

    To enable Rapid-PVST mode on the switch, enter the spanning-tree mode rapid-pvst command in privileged mode. To configure the switch in Rapid-PVST mode, see the “Configuring STP” section on page 15-22. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-33 78-14099-04...
  • Page 224: Configuring Ieee 802.1S Mst

    Configures MST mode. Step 3 Configures the MST region by entering the MST Router(config)# spanning-tree mst configuration configuration submode. Clears the MST configuration. Router(config)# no spanning-tree mst configuration Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-34 78-14099-04...
  • Page 225: Configuration Mode

    Vlans mapped -------- --------------------------------------------------------------------- 1001-4094 1-1000 ------------------------------------------------------------------------------- Router(config-mst)# no instance 2 Router(config-mst)# show pending Pending MST configuration Name [cisco] Revision Instance Vlans mapped -------- --------------------------------------------------------------------- 1-4094 ------------------------------------------------------------------------------- Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-35 78-14099-04...
  • Page 226: Displaying Mst Configurations

    Router(config-mst)# instance 1 vlan 1-10 Router(config-mst)# name cisco Router(config-mst)# revision 1 Router(config-mst)# ^Z Router# show spanning-tree mst configuration Name [cisco] Revision Instance Vlans mapped -------- --------------------------------------------------------------------- 11-4094 1-10 ------------------------------------------------------------------------------- Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-36 78-14099-04...
  • Page 227 :disable (default) Bpdus (MRecords) sent 2, received 364 Instance Role Sts Cost Prio.Nbr Vlans mapped -------- ---- --- --------- -------- ------------------------------- Back BLK 1000 160.196 1-10 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-37 78-14099-04...
  • Page 228 Pathcost method used is long Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------- MST00 MST01 ---------------------- -------- --------- -------- ---------- ---------- 2 msts Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-38 78-14099-04...
  • Page 229: Configuring Mst Instance Parameters

    Role Sts Cost Prio.Nbr Status ---------------- ---- --- --------- -------- -------------------------------- Fa4/4 Back BLK 1000 160.196 Fa4/5 Desg FWD 200000 128.197 Fa4/48 Boun FWD 200000 128.240 P2p Bound(STP) Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-39 78-14099-04...
  • Page 230: Configuring Mst Instance Port Parameters

    A switch also might continue to assign a boundary role to a port when the switch to which it is connected has joined the region. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-40...
  • Page 231 EXEC command to restart the protocol migration process on a specific interface. This example shows how to restart protocol migration: Router# clear spanning-tree detected-protocols interface fastEthernet 4/4 Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-41 78-14099-04...
  • Page 232 Chapter 15 Configuring STP and IEEE 802.1s MST Configuring IEEE 802.1s MST Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-42 78-14099-04...
  • Page 233: Configuring Optional Stp Features

    With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC • mode-level commands by entering the do keyword before the EXEC mode-level command. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-1 78-14099-04...
  • Page 234: Understanding How Portfast Works

    Explicate configuring PortFast BPDU filtering on a port that is not connected to a host can result in Caution bridging loops as the port will ignore any BPDU it receives and go to forwarding. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-2 78-14099-04...
  • Page 235: Understanding How Uplinkfast Works

    Switch B is in the blocking state. Figure 16-1 UplinkFast Example Before Direct Link Failure Switch A Switch B (Root) Blocked port Switch C Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-3 78-14099-04...
  • Page 236: Understanding How Backbonefast Works

    Switch B over link L1 and to Switch C over link L2. The Layer 2 LAN interface on Switch C that connects directly to Switch B is in the blocking state. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-4...
  • Page 237 However, the other network devices ignore these inferior BPDUs and the new network device learns that Switch B is the designated bridge to Switch A, the root bridge. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-5...
  • Page 238: Understanding How Etherchannel Guard Works

    Added switch Understanding How EtherChannel Guard Works EtherChannel guard detects a misconfigured EtherChannel where interfaces on the Catalyst 6500 series switch are configured as an EtherChannel while interfaces on the other device are not or not all the interfaces on the other device are in the same EtherChannel.
  • Page 239 If a set of ports that are already blocked by loop guard are grouped together to form a channel, – spanning tree loses all the state information for those ports and the new channel port may obtain the forwarding state with a designated role. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-7 78-14099-04...
  • Page 240: Enabling Portfast

    This example shows how to verify the configuration: Router# show running-config interface fastethernet 5/8 Building configuration... Current configuration: interface FastEthernet5/8 no ip address switchport switchport access vlan 200 switchport mode access spanning-tree portfast Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-8 78-14099-04...
  • Page 241 %Warning:portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION Router(config-if)# ^Z Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-9 78-14099-04...
  • Page 242: Enabling Portfast Bpdu Filtering

    UplinkFast is disabled BackboneFast is disabled Pathcost method used is long Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------- 2 vlans Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-10 78-14099-04...
  • Page 243: Enabling Bpdu Guard

    Step 3 Verifies the configuration. Router# show spanning-tree summary totals This example shows how to enable BPDU Guard: Router# configure terminal Router(config)# spanning-tree portfast bpduguard Router(config)# end Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-11 78-14099-04...
  • Page 244: Enabling Uplinkfast

    UplinkFast increases the bridge priority to 49152 and adds 3000 to the STP port cost of all Layer 2 LAN interfaces on the Catalyst 6500 series switch, decreasing the probability that the switch will become the root bridge. The max_update_rate value represents the number of multicast packets transmitted per second (the default is 150 packets per second).
  • Page 245: Enabling Backbonefast

    Number of RLQ request PDUs received (all VLANs) Number of RLQ response PDUs received (all VLANs) Number of RLQ request PDUs sent (all VLANs) Number of RLQ response PDUs sent (all VLANs) Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-13 78-14099-04...
  • Page 246: Enabling Etherchannel Guard

    Router# show running interface {type slot/port} | {port-channel port_channel_number} type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Enter the show spanning-tree inconsistentports command to display ports that are in the root-inconsistent state. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-14 78-14099-04...
  • Page 247: Enabling Loop Guard

    This example shows how to enable loop guard: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface fastEthernet 4/4 Router(config-if)# spanning-tree guard loop Router(config-if)# ^Z Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-15 78-14099-04...
  • Page 248 The port is in the portfast mode by portfast trunk configuration Link type is point-to-point by default Bpdu filter is enabled Loop guard is enabled on the port BPDU:sent 0, received 0 Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-16 78-14099-04...
  • Page 249 Distributed Forwarding Cards (DFCs), and Multilayer Switch Feature Card 2 (MSFC2). For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 6500 Series Switch Cisco IOS Command Reference publication and the publications at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.htm This chapter consists of these sections: •...
  • Page 250: Configuring Ip Unicast Layer 3 Switching On Supervisor Engine 2

    When a packet is Layer 3 switched from a source in one subnet to a destination in another subnet, the Catalyst 6500 series switch performs a packet rewrite at the egress port based on information learned from the MSFC2 so that the packets appear to have been routed by the MSFC2.
  • Page 251 MAC = Dd MSFC Host B MAC = Aa 171.59.3.1 Subnet 1/Sales Host A MAC = Cc 171.59.1.2 Data 171.59.1.2:171.59.2.2 Aa:Dd Host C 171.59.2.2 Data 171.59.1.2:171.59.2.2 Dd:Cc Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 17-3 78-14099-04...
  • Page 252: Default Hardware Layer 3 Switching Configuration

    With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC mode-level commands by entering the do keyword before the EXEC mode-level command. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 17-4 78-14099-04...
  • Page 253: Configuring Hardware Layer 3 Switching

    The Layer 3 switching packet count is updated approximately every five seconds. Note Cisco IOS CEF and dCEF are permanently enabled on the MSFC2. No configuration is required to support hardware Layer 3 switching. The Cisco IOS CEF ip load-sharing per-packet, ip cef accounting per-prefix, and ip cef accounting non-recursive commands on the MSFC2 apply only to traffic that is CEF-switched in software on the MSFC2.
  • Page 254: Displaying Hardware Layer 3 Switching Statistics

    Router# show adjacency gigabitethernet 9/5 detail Protocol Interface Address GigabitEthernet9/5 172.20.53.206(11) 504 packets, 6110 bytes 00605C865B82 000164F83FA50800 03:49:31 Adjacency statistics are updated approximately every 60 seconds. Note Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 17-6 78-14099-04...
  • Page 255: Configuring Ip Multicast Layer 3 Switching

    C H A P T E R Configuring IP Multicast Layer 3 Switching This chapter describes how to configure IP multicast Layer 3 switching on the Catalyst 6500 series switches. For more information on the syntax and usage for the commands used in this chapter, refer to the Note Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
  • Page 256: Ip Multicast Layer 3 Switching Overview

    Policy Feature Card 2 (PFC2) provides Layer 3 switching for IP multicast flows using the hardware replication table and hardware Cisco Express Forwarding (CEF), which uses the forwarding information base (FIB) and the adjacency table on the PFC2. In systems with Distributed Forwarding Cards (DFCs), IP multicast flows are Layer 3 switched locally using Multicast Distributed Hardware Switching (MDHS).
  • Page 257: Ip Multicast Layer 3 Switching Flow Mask

    Source Checksum Group G1 MAC Source A MAC Group G1 IP Source A IP calculation1 1. In this example, Destination B is a member of Group G1. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-3 78-14099-04...
  • Page 258: Partially And Completely Switched Flows

    The maximum transmission unit (MTU) of the RPF interface is greater than the MTU of any outgoing • interface. • If Network Address Translation (NAT) is configured on an interface, and source address translation is required for the outgoing interface. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-4 78-14099-04...
  • Page 259: Non-Rpf Traffic Processing

    (non-PIM DR) must drop this traffic because it has arrived on the wrong interface and fails the RPF check. Traffic that fails the RPF check is called non-RPF traffic. The Catalyst 6500 series switch processes non-RPF traffic in hardware on the PFC by filtering (dropping) or rate limiting the non-RPF traffic.
  • Page 260 PFC2 and the DFCs support both rate-limiting modes. CEF-based rate limiting of RPF failures is the Note default on systems with PFC2 and for DFCs. NetFlow-based rate limiting of RPF failures is the only rate limiting mode supported with PFC1. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-6 78-14099-04...
  • Page 261: Default Ip Multicast Layer 3 Switching Configuration

    Bridging of the flow on an interface with IGMP snooping disabled causes flooding to all forwarding interfaces of the VLAN. For details on configuring IGMP snooping, see Chapter 21, “Configuring IGMP Snooping.” Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-7 78-14099-04...
  • Page 262: Ip Multicast Layer 3 Switching Configuration Guidelines And Restrictions

    For PIM auto-RP multicast groups (IP multicast group addresses 224.0.1.39 and 224.0.1.40). • For flows that are forwarded on the multicast-shared tree (that is, {*,G,*} forwarding) when the • interface or group is running PIM sparse mode. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-8 78-14099-04...
  • Page 263: Pfc1 And Pfc2 General Restrictions

    With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC mode-level Note commands by entering the do keyword before the EXEC mode-level command. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-9 78-14099-04...
  • Page 264: Source Specific Multicast With Igmpv3, Igmp V3Lite, And Urd

    Layer 3 interfaces. For complete information and procedures, refer to these publications: • Cisco IOS IP and IP Routing Configuration Guide, Release 12.1, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/index.htm • Cisco IOS IP and IP Routing Command Reference, Release 12.1, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_r/index.htm...
  • Page 265: Enabling Ip Multicast Layer 3 Switching On Layer 3 Interfaces

    To configure the Layer 3 switching threshold, perform this task: Command Purpose Configures the IP MMLS threshold. Router(config)# mls ip multicast threshold ppsec Router(config)# no mls ip multicast threshold Reverts to the default IP MMLS threshold. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-11 78-14099-04...
  • Page 266: Enabling Installation Of Directly Connected Subnets

    Router(config)# no mls ip multicast non-rpf netflow globally. Step 2 Selects the Layer 3 interface to be configured. Router(config)# interface {{vlan vlan_ID} | {type slot/port} | {port-channel channel_ID}} Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-12 78-14099-04...
  • Page 267: Enabling Cef-Based Rate Limiting Of Rpf Failures

    4 mintues. To enable shortcut-consistency checking, perform this task: Command Purpose Enables shortcut-consistency checking. Router(config)# mls ip multicast consistency-check Restores the default. Router(config)# no mls ip multicast consistency-check Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-13 78-14099-04...
  • Page 268: Configuring Acl-Based Filtering Of Rpf Failures

    The show ip pim interface count command displays the IP multicast Layer 3 switching enable state on IP PIM interfaces and the number of packets received and sent on the interface. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-14...
  • Page 269 Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are never sent ICMP mask replies are never sent Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-15 78-14099-04...
  • Page 270: Displaying The Ip Multicast Routing Table

    (*, 230.13.13.2), 00:16:41/00:00:00, RP 10.15.1.20, flags:SJC Incoming interface:GigabitEthernet4/8, RPF nbr 10.15.1.20, RPF-MFD Outgoing interface list: GigabitEthernet4/9, Forward/Sparse-Dense, 00:16:41/00:00:00, H (10.20.1.15, 230.13.13.1), 00:14:31/00:01:40, flags:CJT Incoming interface:GigabitEthernet4/8, RPF nbr 10.15.1.20, RPF-MFD Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-16 78-14099-04...
  • Page 271: Displaying Ip Multicast Layer 3 Switching Statistics

    Router# show mls ip multicast interface vlan 10 Multicast hardware switched flows: (10.1.0.15, 224.2.2.15) Incoming interface: Vlan10, Packets switched: 0 Hardware switched outgoing interfaces: MFD installed: Vlan10 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-17 78-14099-04...
  • Page 272: Using Debug Commands

    Displays IP multicast Layer 3 switching events. [no] debug mls ip multicast events Turns on debug messages for multicast MLS-related errors. [no] debug mls ip multicast errors Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-18 78-14099-04...
  • Page 273: Clearing Ip Multicast Layer 3 Switching Statistics

    VLAN, the multicast group address, or the multicast traffic source. For an example of the show mls ip multicast statistics command, see the “Displaying IP Multicast Layer 3 Switching Statistics” section on page 18-17. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-19 78-14099-04...
  • Page 274 Chapter 18 Configuring IP Multicast Layer 3 Switching Configuring IP Multicast Layer 3 Switching Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-20 78-14099-04...
  • Page 275: Configuring Ip Unicast Layer 3 Switching On Supervisor Engine

    To configure the MSFC to support MLS on a Catalyst 5000 series switch, refer to the Layer 3 Switching Note Software Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_2/layer3/index.htm. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-1 78-14099-04...
  • Page 276: Understanding How Ip Mls Works

    IP MLS Operation, page 19-5 • IP MLS Overview IP MLS provides high-performance hardware-based Layer 3 switching for Catalyst 6500 series switches. IP MLS switches unicast IP data packet flows between IP subnets using advanced application-specific integrated circuit (ASIC) switching hardware, which offloads the processor-intensive packet routing from network routers.
  • Page 277: Layer 3 Mls Cache

    Interaction Between Software Features and Flow Mask Behavior This section describes the flow mask used when different software features are configured in a system with a Supervisor Engine 1. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-3 78-14099-04...
  • Page 278: Layer 3-Switched Packet Rewrite

    Layer 3 packets so that they appear to have been routed by a router. The PFC forwards the rewritten packet to Host B’s VLAN (the destination VLAN is stored in the MLS cache entry) and Host B receives the packet. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-4 78-14099-04...
  • Page 279: Ip Mls Operation

    MAC = Dd MSFC Host B MAC = Aa 171.59.3.1 Subnet 1/Sales Host A MAC = Cc 171.59.1.2 Data 171.59.1.2: 2000 Aa:Dd Host C 171.59.2.2 Data 171.59.1.2: 2000 Dd:Cc Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-5 78-14099-04...
  • Page 280: Default Ip Mls Configuration

    With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC mode-level Note commands by entering the do keyword before the EXEC mode-level command. Enabling IP MLS Globally IP MLS is enabled globally and cannot be disabled. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-6 78-14099-04...
  • Page 281: Disabling And Enabling Ip Mls On A Layer 3 Interface

    ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-7 78-14099-04...
  • Page 282: Configuring The Mls Aging-Time

    Reverts to the default IP MLS flow mask. Router(config)# no mls flow ip This example shows how to set the minimum IP MLS flow mask: Router(config)# mls flow ip destination Router(config)# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-8 78-14099-04...
  • Page 283: Displaying Ip Mls Cache Entries

    | flow [tcp | udp] | interface {{vlan vlan_ID} | {type slot/port} | {port-channel number}} | macd destination_mac_address | macs source_mac_address | multicast | source ip_address] 1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-9 78-14099-04...
  • Page 284: Displaying Ip Mls Cache Entries For A Specific Destination Address

    {{vlan vlan_ID} | {type slot/port} | {port-channel number}} | macd destination_mac_address | macs source_mac_address | multicast] 1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-10 78-14099-04...
  • Page 285: Displaying Entries For A Specific Ip Flow

    • remain in the table. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-11 78-14099-04...
  • Page 286: Displaying Ip Mls Contention Table And Statistics

    3, accelerated aging starts, and begins to age out entries at a rate suitable to reduce the current contention rate. The detailed option displays the breakdown of contention between different flows. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-12...
  • Page 287 Vlan 1 Statistics Information: ------------------------------- 65280 Layer 2 Packets Bridged, 0 Bytes 65280 Layer 3 Packets Input, 0 Bytes 65280 Layer 3 Packets Output, 0 Bytes Slot 2 ======= Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-13 78-14099-04...
  • Page 288: Troubleshooting Ip Mls

    This example shows how to configure all IP debugging: Router# debugging mls ip all mls ip all debugging is on Router# Enter the show tech-support command to display system information. Note Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-14 78-14099-04...
  • Page 289 The MSFC can be specified as the MLS route processor (MLS-RP) for Catalyst 5000 family switches using MLS. Refer to the Layer 3 Switching Configuration Guide—Catalyst 5000 Family, 4000 Family, 2926G Series, 2926 Series, and 2948G for MLS configuration procedures. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-1 78-14099-04...
  • Page 290: Configuring Ipx Unicast Layer 3 Switching On Supervisor Engine 1

    IPX MLS Operation, page 20-4 • IPX MLS Overview IPX MLS provides high-performance hardware-based Layer 3 switching for Catalyst 6500 series switches. IPX MLS switches unicast IPX data packet flows between networks using advanced application-specific integrated circuit (ASIC) switching hardware, offloading processor-intensive packet routing from network routers.
  • Page 291: Flow Masks

    Host B, the PFC recognizes that the packet was sent to the MAC address of the MSFC. The PFC checks the MLS cache and finds the entry matching the flow in question. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-3...
  • Page 292: Ipx Mls Operation

    Host B to Host A. The destination VLAN is stored as part of each IPX MLS entry so that the correct VLAN identifier is used when encapsulating traffic on trunk links. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-4...
  • Page 293: Default Ipx Mls Configuration

    IPX EIGRP—MLS is supported for EIGRP interfaces if the Transport Control (TC) maximum is set to a value greater than the default (16). The clear ipx route command clears all IPX MLS cache entries. – Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-5 78-14099-04...
  • Page 294: Configuring Ipx Mls

    = ethernet, fastethernet, gigabitethernet, or tengigabitethernet This example shows how to enable IPX MLS for Fast Ethernet interface 5/5: Router(config)# interface fastethernet 5/5 Router(config-if)# mls ipx Router(config-if)# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-6 78-14099-04...
  • Page 295: Configuring The Mls Aging Time

    The MLS aging time applies to all MLS cache entries. See the “Configuring the MLS Aging Time” section on page 33-10. IPX MLS does not use fast aging. Note Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-7 78-14099-04...
  • Page 296: Configuring The Minimum Ipx Mls Flow Mask

    Displaying IPX MLS Cache Entries, page 20-9 • Displaying the IPX MLS Contention Table, page 20-11 • • Displaying IPX MLS VLAN Statistics, page 20-12 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-8 78-14099-04...
  • Page 297: Displaying Ipx Mls Cache Entries

    This example shows how to display all IPX MLS entries on the switch: Router# show mls ipx DstNet-DstNode SrcNet DstVlan-DstMac Pkts Bytes ----------------------------------------------------------------------- SrcDstPorts SrcDstEncap Age LastSeen ---------------------------------------- Number of Entries Found = 0 Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-9 78-14099-04...
  • Page 298 This example shows how to display IPX MLS entries for a specific source IPX address: Router# show mls ipx source 1.2.2.2 DstNet-DstNode SrcNet DstVlan-DstMac Pkts Bytes ----------------------------------------------------------------------- SrcDstPorts SrcDstEncap Age LastSeen ---------------------------------------- Number of Entries Found = 0 Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-10 78-14099-04...
  • Page 299: Displaying The Ipx Mls Contention Table

    1 through 3, accelerated aging starts, which begins to age out entries at a rate suitable to reduce the current contention rate. The detailed option displays the breakdown of contention between different flows. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-11 78-14099-04...
  • Page 300: Displaying Ipx Mls Vlan Statistics

    Vlan 1 Statistics Information: ------------------------------- 65280 Layer 2 Packets Bridged, 0 Bytes 65280 Layer 3 Packets Input, 0 Bytes 65280 Layer 3 Packets Output, 0 Bytes Slot 2 ======= Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-12 78-14099-04...
  • Page 301: Clearing Ipx Mls Cache Entries

    Router# clear mls ipx interface fastethernet 5/5 Router# To display the MLS entries and confirm they have been cleared, see the “Displaying IPX MLS Information” section on page 20-8. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-13 78-14099-04...
  • Page 302: Troubleshooting Ipx Mls

    Displays packet data in and out of the SCP system. [no] debug scp packets Reports timeouts. [no] debug scp timeouts Turns on all SCP debugging messages. [no] debug scp all Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-14 78-14099-04...
  • Page 303: Configuring Igmp Snooping

    To support Cisco Group Management Protocol (CGMP) client devices, configure the Multilayer Note • Switch Feature Card (MSFC) as a CGMP server. Refer to the Cisco IOS IP and IP Routing Configuration Guide, Release 12.1, “IP Multicast,” “Configuring IP Multicast Routing,” at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt3/1cdmulti.htm...
  • Page 304: Igmp Snooping Overview

    IGMP snooping learning. Multicast group membership lists can consist of both static and IGMP snooping-learned settings. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 21-2 78-14099-04...
  • Page 305 21-2. Because the forwarding table directs IGMP messages only to the CPU, the message is not flooded to other ports. Any known multicast traffic is forwarded to the group and not to the CPU. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 21-3 78-14099-04...
  • Page 306: Leaving A Multicast Group

    If the leave message was from the only remaining interface with hosts interested in the group and IGMP snooping does not receive an IGMP Join in Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 21-4...
  • Page 307: Understanding Igmp Snooping Querier

    You can use Cisco IOS commands to configure the Catalyst 6500 series switches to generate such IGMP queries on a VLAN regardless of whether or not IP multicast routing is enabled. To enable IP multicast routing on the Catalyst 6500 series switches on a specific VLAN, enter the ip pim Note sparse-mode command, the ip pim sparse-dense-mode command, or the ip pim dense-mode command on that interface.
  • Page 308: Understanding Igmp Version 3 Support

    When enabled, the IGMP snooping querier disables itself if it detects IGMP traffic from a multicast • router. You can enable the IGMP snooping querier on all the Catalyst 6500 series switches in the VLAN. • On each VLAN that is connected to switches that use IGMP to report interest in IP multicast traffic, you must set one switch as the IGMP querier.
  • Page 309: Restrictions

    IP-multicast router on a VLAN, you must configure another switch as the IGMP querier so that it can send queries. You can use Cisco IOS commands to configure the Catalyst 6500 series switches to generate such IGMP queries on a VLAN regardless of whether or not IP multicast routing is enabled.
  • Page 310: Configuring Igmp Snooping

    Switching”) or enable the IGMP snooping querier in the subnet (see “Enabling the IGMP Snooping Querier” section on page 21-7). IGMP snooping allows Catalyst 6500 series switches to examine IGMP packets and make forwarding decisions based on their content. These sections describe how to configure IGMP snooping: Enabling IGMP Snooping, page 21-9 •...
  • Page 311: Enabling Igmp Snooping

    IGMP snooping is globally enabled IGMP snooping is enabled on this interface IGMP snooping fast-leave is enabled on this interface IGMP snooping querier is disabled on this interface Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 21-9 78-14099-04...
  • Page 312: Configuring Igmp Snooping Learning

    All releases support the mac-address-table static command. The ip igmp snooping mrouter interface command, which was available in earlier releases and which provided the same functionality as the mac-address-table static command, is deprecated in Release 12.1(13)E and later releases. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 21-10 78-14099-04...
  • Page 313: Configuring The Igmp Query Interval

    Configuring fast leave on vlan 200 Router(config-if)# end Router# show ip igmp interface vlan 200 | include fast-leave IGMP snooping fast-leave is enabled on this interface Router(config-if)# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 21-11 78-14099-04...
  • Page 314: Configuring A Host Statically

    When you enable IGMP snooping, the switch automatically learns to which interface multicast routers are connected. To display multicast router interfaces, perform this task: Command Purpose Displays multicast router interfaces. Router# show ip igmp snooping mrouter interface vlan_ID Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 21-12 78-14099-04...
  • Page 315: Displaying Mac Address Multicast Entries

    Last member query response interval is 1000 ms Inbound IGMP access group is not set IGMP activity: 0 joins, 0 leaves Multicast routing is enabled on interface Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 21-13 78-14099-04...
  • Page 316 IGMP snooping is globally enabled IGMP snooping is enabled on this interface IGMP snooping fast-leave is enabled on this interface IGMP snooping querier is disabled on this interface Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 21-14 78-14099-04...
  • Page 317: Chapter 22 Configuring Rgmp

    The RGMP hello message tells the Catalyst 6500 series switch not to send multicast data to the router unless an RGMP join message has also been sent to the Catalyst 6500 series switch from that router. When an RGMP join message is sent, the router is able to receive multicast data.
  • Page 318: Default Rgmp Configuration

    When RGMP is enabled on the router, no multicast data traffic is sent to the router by the Catalyst 6500 series switch unless an RGMP join is specifically sent for a group. When RGMP is disabled on the router, all multicast data traffic is sent to the router by the Catalyst 6500 series switch.
  • Page 319: Enabling Rgmp On Layer 3 Interfaces

    Because multiple IP multicast addresses can map to one MAC address (see RFC 1112), RGMP cannot differentiate between the IP multicast groups that might map to a MAC address. The capability of the Catalyst 6500 series switch to constrain traffic is limited by its –...
  • Page 320 Chapter 22 Configuring RGMP Enabling RGMP on Layer 3 Interfaces Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 22-4 78-14099-04...
  • Page 321: Chapter 23 Configuring Network Security

    C H A P T E R Configuring Network Security This chapter contains network security information unique to the Catalyst 6500 series switches, which supplements the network security information and procedures in these publications: Cisco IOS Security Configuration Guide, Release 12.1, at this URL: •...
  • Page 322: Hardware And Software Acl Support

    Extended MAC address access list – Protocol type-code access list – IP packets with a header length of less than five will not be access controlled. Note Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-2 78-14099-04...
  • Page 323: Guidelines And Restrictions For Using Layer 4 Operators In Acls

    For example, in this ACL there are two different Layer 4 operations because one ACE applies to the source port and one applies to the destination port..Src gt 10 ..Dst gt 10 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-3 78-14099-04...
  • Page 324: Determining Logical Operation Unit Usage

    LOU 2 stores “gt 11” and “neq 6” • LOU 3 stores “gt 20” (with space for one more) • LOU 4 stores “range 11 13” (range needs the entire LOU) • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-4 78-14099-04...
  • Page 325: Configuring The Cisco Ios Firewall Feature Set

    Configuring the Cisco IOS Firewall Feature Set Release 12.1(11b)E and later releases include firewall feature set images. Note These sections describe configuring the Cisco IOS firewall feature set on the Catalyst 6500 series switches: Cisco IOS Firewall Feature Set Support Overview, page 23-5 •...
  • Page 326: Firewall Configuration Guidelines And Restrictions

    On other platforms, if you enter the ip inspect command on a port, CBAC modifies ACLs on other ports to permit the inspected traffic to flow through the network device. On Catalyst 6500 series switches, you must enter the mls ip inspect commands to permit traffic through any ACLs that would deny the traffic through other ports.
  • Page 327: Configuring Cbac On Catalyst 6500 Series Switches

    VLAN 100 and needs to leave on VLAN 300, CBAC permits the FTP traffic through ACLs deny_ftp_a, deny_ftp_b, deny_ftp_e, and deny_ftp_f. On a Catalyst 6500 series switch, when ports are configured to deny traffic, CBAC permits traffic to flow bidirectionally only through the port configured with the ip inspect command. You must configure other ports with the mls ip inspect command.
  • Page 328: Configuring Mac Address-Based Traffic Blocking

    VLAN or, with releases 12.1(13)E or later, a WAN interface for VACL capture. Unlike regular Cisco IOS standard or extended ACLs that are configured on router interfaces only and are applied on routed packets only, VACLs apply to all packets and can be applied to any VLAN or WAN interface. VACLS are processed in hardware.
  • Page 329: Bridged Packets

    VACL applied on bridged packets. Figure 23-1 Applying VACLs on Bridged Packets VACL Bridged VACL Host A Catalyst 6500 Series Switch Host B with PFC (VLAN 10) (VLAN 10) Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-9 78-14099-04...
  • Page 330: Routed Packets

    Figure 23-2 Applying VACLs on Routed Packets Routed Output IOS ACL Input IOS ACL MSFC VACL Bridged Bridged VACL Catalyst 6500 series switches with MSFC Host B Host A (VLAN 20) (VLAN 10) Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-10 78-14099-04...
  • Page 331: Multicast Packets

    Configuring an Action Clause in a VLAN Access Map Sequence, page 23-14 Applying a VLAN Access Map, page 23-14 • Verifying VLAN Access Map Configuration, page 23-15 • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-11 78-14099-04...
  • Page 332: Vacl Configuration Overview

    Configuring a Capture Port, page 23-16 • VACL Configuration Overview VACLs use standard and extended Cisco IOS IP and IPX ACLs, and MAC-Layer named ACLs (see the “Configuring MAC-Layer Named Access Lists (Optional)” section on page 31-39) and VLAN access maps.
  • Page 333 • You can select one or more ACLs. • VACLs attached to WAN interfaces support only standard and extended Cisco IOS IP ACLs. • Use the no keyword to remove a match clause or specified ACLs in the clause. For information about named MAC-Layer ACLs, refer to the “Configuring MAC-Layer Named...
  • Page 334: Applying A Vlan Access Map

    • interfaces do not support the drop, forward, or redirect actions. Forwarded packets are still subject to any configured Cisco IOS security ACLs. • The capture action sets the capture bit for the forwarded packets so that ports with the capture •...
  • Page 335: Verifying Vlan Access Map Configuration

    Router# show ip access-lists net_10 Extended IP access list net_10 permit ip 10.0.0.0 0.255.255.255 any Router# show ip access-lists any_host Standard IP access list any_host permit any Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-15 78-14099-04...
  • Page 336: Configuring A Capture Port

    Configures the port to capture VACL-filtered traffic. Router(config-if)# switchport capture Disables the capture function on the interface. Router(config-if)# no switchport capture type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-16 78-14099-04...
  • Page 337: Configuring Vacl Logging

    Log messages are generated on a per-flow basis. A flow is defined as packets with the same IP addresses and Layer 4 (UDP or TCP) port numbers. When a log message is generated, the timer and packet count is reset. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-17...
  • Page 338: Configuring Tcp Intercept

    With Supervisor Engine 2 and PFC2, TCP intercept flows are processed in hardware. With Supervisor Engine 1 and PFC, TCP intercept flows are processed in software. For configuration procedures, refer to the Cisco IOS Security Configuration Guide, Release 12.1, “Traffic Filtering and Firewalls,” “Configuring TCP Intercept,” at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt3/scddenl.htm...
  • Page 339: Configuring Unicast Reverse Path Forwarding

    With Supervisor Engine 1 and PFC, the MSFC or MSFC 2 supports Unicast RPF in software. Configuring Unicast RPF For configuration procedures, refer to the Cisco IOS Security Configuration Guide, Release 12.1, “Other Security Features,” “Configuring Unicast Reverse Path Forwarding” at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt5/scdrpf.htm...
  • Page 340: Configuring The Unicast Rpf Checking Mode

    If the access list includes the logging action, information about the spoofed packets is sent to the log server. Note When you enter the ip verify unicast source reachable-via command, the Unicast RPF checking mode changes on all ports in the switch. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-20 78-14099-04...
  • Page 341: Configuring Unicast Flood Protection

    The unicast flood protection feature protects the system from disruptions caused by unicast flooding. The Catalyst 6500 series switches use forwarding tables to direct traffic to specific ports based on the VLAN number and the destination MAC address of the frame. When there is no entry corresponding to the frame’s destination MAC address in the incoming VLAN, the frame is sent to all forwarding ports...
  • Page 342: Configuring Mac Move Notification

    To configure MAC move notification, perform this task: Command Purpose Step 1 Router(config)# [no] mac-address-table Enables MAC move notification globally. notification mac-move Step 2 Displays MAC move notification information. Router# show mac-address-table notification mac-move Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-22 78-14099-04...
  • Page 343 Configuring MAC Move Notification This example shows how to enable the MAC move notification feature: Router(config)# mac-address-table notification mac-move Router# show mac-address-table notification mac-move MAC Move Notification: enabled Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-23 78-14099-04...
  • Page 344 Chapter 23 Configuring Network Security Configuring MAC Move Notification Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-24 78-14099-04...
  • Page 345: Chapter 24 Configuring Denial Of Service Protection

    This chapter contains information on how to protect your system against Denial of Service (DoS) attacks. The information covered in this chapter is unique to the Catalyst 6500 series switches, and it supplements the network security information and procedures in the “Configuring Network Security”...
  • Page 346: Configuring Dos Protection

    ICMP unreachable messages. Security ACLs The Catalyst 6500 series switch can deny packets in hardware using security ACLs and can drop DoS packets before they reach the CPU inband datapath. Because security ACLs are applied in hardware using the TCAM, long security ACLs can be used without impacting the throughput of other traffic.
  • Page 347 Router# show access-list 199 Extended IP access list 199 deny ip host 199.1.1.1 any (103 matches rate limiting at 0.5 pps permit ip any any Router # Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 24-3 78-14099-04...
  • Page 348: Qos Acls

    Router# show ip eigrp neighbors IP-EIGRP neighbors for process 200 Address Interface Hold Uptime SRTT Seq Type (sec) (ms) Cnt Num 4.4.4.122 Vl44 13 00:00:48 6565 Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 24-4 78-14099-04...
  • Page 349: Forwarding Information Base Rate-Limiting

    ARP throttling limits the rate at which packets destined to a connected network are forwarded to the route processor. Most of these packets are dropped, but a small number are sent to the router (rate limited). Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 24-5 78-14099-04...
  • Page 350: Monitoring Packet Drop Statistics

    SrcIP Prot:SrcPort:DstPort Src i/f:AdjPtr -------------------------------------------------------------------- 9.9.9.177 9.9.9.2 Pkts Bytes LastSeen Attributes --------------------------------------------------- 01:56:59 L3 - Dynamic Router# show mls ip mod 4 | include 9.9.9 9.9.9.177 9.9.9.2 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 24-6 78-14099-04...
  • Page 351 Session 1 --------- Source Ports: RX Only: None TX Only: None Both: None Source VLANs: RX Only: None TX Only: None Both: Destination Ports: Gi9/1 Filter VLANs: None Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 24-7 78-14099-04...
  • Page 352 Chapter 24 Configuring Denial of Service Protection Configuring DoS Protection Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 24-8 78-14099-04...
  • Page 353: Chapter 25 Configuring Ieee 802.1X Port-Based Authentication

    Device Roles, page 25-2 • Authentication Initiation and Message Exchange, page 25-3 • Ports in Authorized and Unauthorized States, page 25-4 • Supported Topologies, page 25-4 • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-1 78-14099-04...
  • Page 354: Device Roles

    The Remote Authentication Dial-In User Service (RADIUS) security system with Extensible Authentication Protocol (EAP) extensions is the only supported authentication server; it is available in Cisco Secure Access Control Server, version 3.0. RADIUS uses a client-server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients.
  • Page 355: Authentication Initiation And Message Exchange

    Authentication Catalyst switch server Client (RADIUS) Cisco Router EAPOL-Start EAP-Request/Identity EAP-Response/Identity RADIUS Access-Request EAP-Request/OTP RADIUS Access-Challenge EAP-Response/OTP RADIUS Access-Request EAP-Success RADIUS Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-3 78-14099-04...
  • Page 356: Ports In Authorized And Unauthorized States

    If the link state of a port transitions from up to down, or if an EAPOL-logoff frame is received, the port returns to the unauthorized state. Supported Topologies The 802.1X port-based authentication is supported in two topologies: Point-to-point • Wireless LAN • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-4 78-14099-04...
  • Page 357: Default 802.1X Port-Based Authentication Configuration

    3600 seconds reauthentication attempts Quiet period 60 seconds (number of seconds that the switch remains in the quiet state following a failed authentication exchange with the client) Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-5 78-14099-04...
  • Page 358: 802.1X Port-Based Authentication Guidelines And Restrictions

    Switch Port Analyzer (SPAN) destination port—You can enable 802.1X on a port that is a SPAN destination port; however, 802.1X is disabled until the port is removed as a SPAN destination port. You can enable 802.1X on a SPAN source port. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-6 78-14099-04...
  • Page 359: Configuring 802.1X Port-Based Authentication

    802.1X port-based authentication. Step 5 Enables 802.1X port-based authentication on the Router(config-if)# dot1x port-control auto interface. Disables 802.1X port-based authentication on the Router(config-if)# no dot1x port-control auto interface. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-7 78-14099-04...
  • Page 360: Configuring Switch-To-Radius-Server Communication

    = 30 Seconds TxPeriod = 30 Seconds Configuring Switch-to-RADIUS-Server Communication RADIUS security servers are identified by any of the following: Host name • Host IP address • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-8 78-14099-04...
  • Page 361 If you want to configure these options on a per-server basis, use the radius-server timeout, radius-server retransmit, and the radius-server key global configuration commands. For more information, refer to the Cisco IOS Security Configuration Guide, Release 12.1, publication and the Cisco IOS Security Command Reference, Release 12.1, publication at this URL:...
  • Page 362: Enabling Periodic Reauthentication

    This example shows how to enable periodic reauthentication and set the number of seconds between reauthentication attempts to 4000: Router(config-if)# dot1x reauthentication Router(config-if)# dot1x timeout re-authperiod 4000 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-10 78-14099-04...
  • Page 363: Manually Reauthenticating The Client Connected To A Port

    You can provide a faster response time to the user by entering a smaller number than the default. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-11 78-14099-04...
  • Page 364: Changing The Switch-To-Client Retransmission Time

    This example shows how to set 60 as the number of seconds that the switch waits for a response to an EAP-request/identity frame from the client before retransmitting the request: Router(config)# dot1x timeout tx-period 60 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-12 78-14099-04...
  • Page 365: Setting The Switch-To-Client Retransmission Time For Eap-Request Frames

    Router(config-if)# no dot1x timeout server-timeout Step 3 Returns to privileged EXEC mode. Router(config-if)# end Step 4 Verifies your entries. Router# show dot1x all type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-13 78-14099-04...
  • Page 366: Setting The Switch-To-Client Frame Retransmission Number

    If the port becomes unauthorized (reauthentication fails or an EAPOL-logoff message is received), all attached clients are denied access to the network. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-14 78-14099-04...
  • Page 367: Resetting The 802.1X Configuration To The Default Values

    EXEC command. To display the 802.1X administrative and operational status for a specific interface, use the show dot1x interface interface-id privileged EXEC command. For detailed information about the fields in these displays, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
  • Page 368 Chapter 25 Configuring IEEE 802.1X Port-Based Authentication Displaying 802.1X Status Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-16 78-14099-04...
  • Page 369: Chapter 26 Configuring Port Security

    You can allow the port to dynamically configure secure MAC addresses with the MAC addresses of • connected devices. You can configure a number of addresses and allow the rest to be dynamically configured. • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 26-1 78-14099-04...
  • Page 370: Default Port Security Configuration

    Take care when you enable port security on the ports connected to the adjacent switches when there • are redundant links running between the switches because port security might error-disable the ports due to port security violations. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 26-2 78-14099-04...
  • Page 371: Configuring Port Security

    MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment. shutdown—Puts the interface into the error-disabled state immediately and sends an SNMP trap • notification. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 26-3 78-14099-04...
  • Page 372: Configuring Port Security Aging

    Use this feature to remove and add PCs on a secure port without manually deleting the existing secure MAC addresses while still limiting the number of secure addresses on a port. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 26-4...
  • Page 373: Displaying Port Security Settings

    The show interfaces counters privileged EXEC commands display the count of discarded packets. The show storm control and show port-security privileged EXEC commands display those features. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 26-5 78-14099-04...
  • Page 374 SecureConfigured Fa5/5 0005.0005.0003 SecureConfigured Fa5/5 0011.0011.0001 SecureConfigured Fa5/11 25 (I) 0011.0011.0002 SecureConfigured Fa5/11 25 (I) ------------------------------------------------------------------- Total Addresses in System: 10 Max Addresses limit in System: 128 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 26-6 78-14099-04...
  • Page 375: Configuring Layer 3 Protocol Filtering On Supervisor Engine

    Protocol filtering cannot be configured on Layer 3 interfaces—only nontrunk Layer 2 LAN ports support Layer 3 protocol filtering. Layer 3 protocol filtering does not support the features available with standard and extended Cisco IOS ACLs. Layer 2 protocols, such as Spanning Tree Protocol (STP) and Cisco Discovery Protocol (CDP), are not affected by Layer 3 protocol filtering.
  • Page 376: Configuring Layer 3 Protocol Filtering

    To enable Layer 3 protocol filtering globally, perform this task: Command Purpose Enables Layer 3 protocol filtering globally. Router(config)# protocol-filter Disables Layer 3 protocol filtering globally. Router(config)# no protocol-filter Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 27-2 78-14099-04...
  • Page 377: Configuring Layer 3 Protocol Filtering On A Layer 2 Lan Interface

    Group Mode Other Mode -------------------------------------------------------------------------- Fa5/8 Router# The show protocol filtering command shows only ports that have at least one protocol set to the Note nondefault configuration. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 27-3 78-14099-04...
  • Page 378 Chapter 27 Configuring Layer 3 Protocol Filtering on Supervisor Engine 1 Configuring Layer 3 Protocol Filtering Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 27-4 78-14099-04...
  • Page 379: Chapter 28 Configuring Traffic Storm Control

    C H A P T E R Configuring Traffic Storm Control This chapter describes how to configure the traffic storm control feature on the Catalyst 6500 series switches. Release 12.1(12c)E1 and later releases support traffic storm control. For earlier releases, refer Chapter 29, “Configuring Broadcast Suppression.”...
  • Page 380: Default Traffic Storm Control Configuration

    The storm-control multicast command is modes enabled on the interface. supported only on Gigabit Ethernet interfaces. Disables multicast traffic storm control on the interface. Router(config-if)# no storm-control multicast level Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 28-2 78-14099-04...
  • Page 381 Gigabit Ethernet interface 3/16: Router# configure terminal Router(config)# interface gigabitethernet 3/16 Router(config-if)# storm-control multicast level 70.5 Router(config-if)# end Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 28-3 78-14099-04...
  • Page 382: Displaying Traffic Storm Control Settings

    The show interfaces [{interface_type slot/port} | {port-channel number}] counters command does not Note display the discard count. You must use one of the traffic-type keywords: broadcast, multicast, or unicast, which all display the same discard count. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 28-4 78-14099-04...
  • Page 383: Chapter 29 Configuring Broadcast Suppression

    C H A P T E R Configuring Broadcast Suppression This chapter describes how to configure broadcast suppression on the Catalyst 6500 series switches. Releases earlier than Release 12.1(12c)E1 support broadcast suppression. Use traffic storm control with Release 12.1(12c)E1 and later releases (see Chapter 28, “Configuring Traffic Storm...
  • Page 384: Broadcast Suppression Configuration Guidelines And Restrictions

    A higher threshold allows more broadcast packets to pass through. Broadcast suppression on the Catalyst 6500 series switches is implemented in hardware. The suppression circuitry monitors packets passing from a LAN interface to the switching bus. Using the...
  • Page 385: Enabling Broadcast Suppression

    FastEthernet 3/1 and verify the configuration: Router# configure terminal Router(config)# interface fastethernet 3/1 Router(config-if)# broadcast suppression 0.25 Router(config-if)# end Router# show running-config interface fastethernet 3/1 | include suppression broadcast suppression 0.25 Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 29-3 78-14099-04...
  • Page 386 Chapter 29 Configuring Broadcast Suppression Enabling Broadcast Suppression Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 29-4 78-14099-04...
  • Page 387: Configuring Cdp

    Configuring CDP, page 30-1 Understanding How CDP Works CDP is a protocol that runs over Layer 2 (the data link layer) on all Cisco routers, bridges, access servers, and switches. CDP allows network management applications to discover Cisco devices that are neighbors of already known devices, in particular, neighbors running lower-layer, transparent protocols.
  • Page 388: Enabling Cdp Globally

    Enabling CDP on a Port To enable CDP on a port, perform this task: Command Purpose Step 1 Selects the port to configure. Router(config)# interface {{type slot/port} | {port-channel number}} Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 30-2 78-14099-04...
  • Page 389: Displaying The Cdp Interface Configuration

    Displays information about neighbors. The display can be Router# show cdp neighbors [type slot/port] [detail] limited to neighbors on a specific interface and expanded to provide more detailed information. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 30-3 78-14099-04...
  • Page 390 WS-C2948 2/45 JAB023807H1 Fas 5/1 WS-C2948 2/44 JAB023807H1 Gig 1/2 WS-C2948 2/50 JAB023807H1 Gig 1/1 WS-C2948 2/49 JAB03130104 Fas 5/8 WS-C4003 2/47 JAB03130104 Fas 5/9 WS-C4003 2/48 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 30-4 78-14099-04...
  • Page 391: Chapter 31 Configuring Pfc Qos

    Typically, networks operate on a best-effort delivery basis, which means that all traffic has equal priority and an equal chance of being delivered in a timely manner. When congestion occurs, all traffic has an equal chance of being dropped. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-1 78-14099-04...
  • Page 392: Hardware Supported By Pfc Qos

    QoS makes network performance more predictable and bandwidth utilization more effective. On the Catalyst 6500 series switches, queue architecture and QoS queueing features such as Note Weighted-Round Robin (WRR) and Weighted Random Early Detection (WRED) are implemented with a fixed configuration in Application Specific Integrated Circuits (ASICs).
  • Page 393: Qos Terminology

    Layer 2 802.1Q frame headers have a 2-byte Tag Control Information field that carries the CoS value in the three most significant bits, which are called the User Priority bits. Other frame types cannot carry Layer 2 CoS values. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-3 78-14099-04...
  • Page 394 Policing is limiting bandwidth used by a flow of traffic. Policing is done on the Policy Feature Card • (PFC) or on the Policy Feature Card 2 (PFC2) and distributed forwarding cards (DFCs). Policing can mark or drop traffic. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-4 78-14099-04...
  • Page 395 6 MSb of ToS 6-bit Precedence DSCP Precedence DSCP 8 7 6 5 4 3 8 7 6 5 4 3 1. MSb = most significant bit Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-5 78-14099-04...
  • Page 396: Pfc Qos Feature Flowcharts

    Traffic that is Layer 3-switched does not go through the MSFC and retains the Layer 2 CoS value • assigned by the PFC. Figure 31-3 through Figure 31-8 show how the PFC QoS features are implemented on the switch components. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-6 78-14099-04...
  • Page 397 Port set to port untrusted? Apply ISL or port 802.1Q? Port set to trust-ipprec? Port set to trust-dscp? Port is set to Drop thresholds trust-cos switching engine Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-7 78-14099-04...
  • Page 398 Ingress OSM Port Received CoS* Layer 3 ToS byte Untrusted (Only From Untrusted Port) No received Layer 2 QoS labels Policer DSCP Marker CoS* *LAN ports only Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-8 78-14099-04...
  • Page 399 Multilayer Switch Feature Card (MSFC) marking Write ToS IP traffic byte into from PFC? packet Route traffic CoS = 0 for all traffic (not configurable) To egress port Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-9 78-14099-04...
  • Page 400 Ethernet egress port scheduling, congestion avoidance, and marking PFC3 only DSCP Write ToS IP traffic Drop thresholds rewrite byte into from PFC? enabled? packet Write CoS ISL or into 802.1Q? frame Transmit frame Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-10 78-14099-04...
  • Page 401: Pfc Qos Feature Summary

    You can disable marking and policing on a per-interface basis with the no mls qos interface • command (see the “Enabling or Disabling PFC Features on an Interface” section on page 31-51. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-11 78-14099-04...
  • Page 402: Ingress Lan Port Features

    Ingress LAN port marking, scheduling, and congestion avoidance use Layer 2 CoS values and does not Note use or set Layer 3 IP precedence or DSCP values. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-12 78-14099-04...
  • Page 403 Marking at Trusted Ingress LAN Ports When an ISL frame enters the Catalyst 6500 ser