Cisco 7604 Software Configuration Guide
Cisco 7604 Manual
 |
View all Cisco 7604 manuals
Add to My Manuals
Save this manual to your list of manuals |
Cisco 7604 manual content summary:
- Cisco 7604 | Software Configuration Guide - Page 1
7600 Series Router Cisco IOS Software Configuration Guide Release 12.2(18)SXF and Rebuilds and Earlier Releases Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Text Part Number - Cisco 7604 | Software Configuration Guide - Page 2
mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R) Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX and Rebuilds and Erarlier Releases © 2001-2009 - Cisco 7604 | Software Configuration Guide - Page 3
1 Default Configuration 2 Configuring the Router 2 Using the Setup Facility or the setup Command 2 Using Configuration Mode 10 Checking the Running Configuration Before Saving 10 Saving the Running Configuration Settings 11 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 4
1 Flash Memory on a Supervisor Engine 32 2 Supervisor Engine 32 Ports 2 Configuring the Supervisor Engine 2 and the Switch Fabric Module 1 Using the Slots on a Supervisor Engine 2 1 Understanding How the Switch Fabric Module Works 2 Contents OL-4266-08 Cisco 7600 Series Router Cisco IOS Software - Cisco 7604 | Software Configuration Guide - Page 5
11 NSF Configuration Tasks 11 Configuring SSO 12 Configuring Multicast MLS NSF with SSO 12 Verifying Multicast NSF with SSO 13 Configuring CEF NSF 13 Verifying CEF NSF 13 Configuring BGP NSF 14 Contents OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 6
Interface Command 2 Configuring a Range of Interfaces 4 Defining and Using Interface-Range Macros 6 Configuring Optional Interface Features 6 Configuring Ethernet Interface Speed and Duplex Mode 7 Configuring Jumbo Frame Support 10 Contents OL-4266-08 Cisco 7600 Series Router Cisco IOS Software - Cisco 7604 | Software Configuration Guide - Page 7
Flex Links 3 Monitoring Flex Links 4 Configuring EtherChannels 1 Understanding How EtherChannels Work 1 EtherChannel Feature Overview 2 Understanding How EtherChannels Are Configured 2 Contents OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 5 - Cisco 7604 | Software Configuration Guide - Page 8
Default Configuration 6 VLAN Configuration Guidelines and Restrictions 8 Configuring VLANs 9 VLAN Configuration Options 9 Creating or Modifying an Ethernet VLAN 10 Assigning a Layer 2 LAN Interface to a VLAN 12 Contents OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 9
3 Cisco IP Phone Power Configurations 3 Other Cisco IP Phone Features 4 Default Cisco IP Phone Support Configuration 5 Cisco IP Phone Support Configuration Guidelines and Restrictions 5 Configuring Cisco IP Phone Support 6 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 10
16 Specifying the MST Region Configuration and Enabling MST 17 Configuring the Root Bridge 19 Configuring a Secondary Root Bridge 20 Configuring Port Priority 21 Configuring Path Cost 22 Contents OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 8 - Cisco 7604 | Software Configuration Guide - Page 11
Instances 18 MST Configuration Parameters 18 MST Regions 19 Message Age and Hop Count 20 Default STP Configuration 21 STP and MST Configuration Guidelines and Restrictions 21 Configuring STP 22 Enabling STP 22 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 12
BPDU Guard 12 Enabling UplinkFast 12 Enabling BackboneFast 13 Enabling EtherChannel Guard 14 Enabling Root Guard 14 Enabling Loop Guard 15 Contents OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 10 - Cisco 7604 | Software Configuration Guide - Page 13
VPN Guidelines and Restrictions 11 PFC3BXL or PFC3B Mode MPLS VPN Supported Commands 11 Configuring MPLS VPN 11 MPLS VPN Sample Configuration 12 Any Transport over MPLS 13 AToM Load Balancing 14 Contents OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 11 - Cisco 7604 | Software Configuration Guide - Page 14
DFC3 Layer 3 Switching 1 Features that Support IPv6 Multicast 2 IPv6 Multicast Guidelines and Restrictions 2 New or Changed IPv6 Multicast Commands 3 Configuring IPv6 Multicast Layer 3 Switching 3 Contents OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 15
3 Interfaces 11 Configuring the Replication Mode 12 Enabling Local Egress Replication 14 Configuring the Layer 3 Switching Global Threshold 15 Enabling Installation of Directly Connected Subnets 15 Contents OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 16
Enabling MLDv2 Snooping 10 Configuring a Static Connection to a Multicast Receiver 11 Configuring a Multicast Router Port Statically 11 Configuring the MLD Snooping Query Interval 12 Enabling Fast-Leave Processing 13 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 14 - Cisco 7604 | Software Configuration Guide - Page 17
4 PIM Snooping Configuration Guidelines and Restrictions 4 Configuring PIM Snooping 5 Enabling PIM Snooping Globally 5 Enabling PIM Snooping in a VLAN 5 Disabling PIM Snooping Designated-Router Flooding 6 Contents OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 18
3 Multicast Packets 4 Configuring VACLs 4 VACL Configuration Overview 5 Defining a VLAN Access Map 5 Configuring a Match Clause in a VLAN Access Map Sequence 6 Configuring an Action Clause in a VLAN Access Map Sequence 7 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 19
Sources 2 DHCP Snooping Binding Database 2 Packet Validation 3 DHCP Snooping Option-82 Data Insertion 3 Overview of the DHCP Snooping Database Agent 5 Default Configuration for DHCP Snooping 6 Contents OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 17 - Cisco 7604 | Software Configuration Guide - Page 20
for DAI Filtering 8 Configuring ARP Packet Rate Limiting 9 Enabling DAI Error-Disabled Recovery 11 Enabling Additional Validation 11 Configuring DAI Logging 13 Displaying DAI Information 15 DAI Configuration Samples 16 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 21
Map Class Command Restrictions 54 Supported Granularity for CIR and PIR Rate Values 55 Supported Granularity for CIR and PIR Token Bucket Sizes 55 IP Precedence and DSCP Values 56 Configuring PFC QoS 56 Contents OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 22
Ports 91 Configuring the Ingress LAN Port CoS Value 93 Configuring Standard-Queue Drop Threshold Percentages 93 Mapping QoS Labels to Queues and Drop Thresholds 99 Allocating Bandwidth Between Standard Transmit Queues 109 Setting 4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 23
Uniform Mode 40 Configuring the Ingress PE Router-Customer Facing Interface 40 Configuring the Ingress PE Router-P Facing Interface 41 Configuring the Egress PE Router-Customer Facing Interface 42 Contents OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 24
and Unauthorized States 4 Supported Topologies 5 Default 802.1X Port-Based Authentication Configuration 6 802.1X Port-Based Authentication Guidelines and Restrictions 6 Configuring 802.1X Port-Based Authentication 7 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 22 - Cisco 7604 | Software Configuration Guide - Page 25
on a Port 12 Displaying Port Security Settings 13 Configuring CDP 1 Understanding How CDP Works 1 Configuring CDP 2 Enabling CDP Globally 2 Displaying the CDP Global Configuration 2 Enabling CDP on a Port 3 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 26
Overview 2 NDE on the MSFC 2 NDE on the PFC 3 Default NDE Configuration 10 NDE Configuration Guidelines and Restrictions 10 Configuring NDE 10 Configuring NDE on the PFC 11 Configuring NDE on the MSFC 13 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 24 OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 27
Globally 2 Disabling SNMP IfIndex Persistence Globally 2 Enabling and Disabling SNMP IfIndex Persistence on Specific Interfaces 3 Clearing SNMP IfIndex Persistence Configuration from a Specific Interface 3 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 28
Power Management Works 1 Enabling or Disabling Power Redundancy 2 Powering Modules Off and On 3 Viewing System Power Status 4 Power Cycling Modules 5 Determining System Power Requirements 5 Determining System Hardware Capacity 3 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 29
Port Tests 3 TestNonDisruptiveLoopback 4 TestLoopback 4 TestActiveToStandbyLoopback 5 TestTransceiverIntegrity 5 TestNetflowInlineRewrite 5 PFC Layer 2 Forwarding Engine 18 DFC Layer 3 Forwarding Engine Tests 19 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 27 - Cisco 7604 | Software Configuration Guide - Page 30
Exhaustive Memory Tests 28 TestFibTcamSSRAM 29 TestAsicMemory 29 TestAclQosTcam 30 TestNetflowTcam 30 TestQoSTcam 30 IPSEC Services 35 TestSynchedFabChannel 35 General Tests 36 ScheduleSwitchover 36 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 28 OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 31
A A P P E N D I X INDEX TestFirmwareDiagStatus 36 Acronyms 1 Contents OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 29 - Cisco 7604 | Software Configuration Guide - Page 32
Series Router Module Installation Guide • Cisco IOS Master Command List, Release 12.2SX • Cisco 7600 Series Router Cisco IOS System Message Guide • Release Notes for Cisco IOS Release 12.2SX on the Supervisor Engine 720, Supervisor Engine 32, and Supervisor Engine 2 • Cisco IOS Configuration Guides - Cisco 7604 | Software Configuration Guide - Page 33
are in screen font. Information you must enter is in boldface screen font. Arguments for which you supply values are in italic screen font. This pointer highlights an important line of text in an example. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 31 - Cisco 7604 | Software Configuration Guide - Page 34
additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 35
supported by the Cisco 7600 series routers, refer to the Release Notes for Cisco IOS Release 12.2SX on the Supervisor Engine 720, Supervisor Engine 32, and Supervisor Engine 2. User Interfaces Release 12.2SX supports configuration using the following interfaces: • CLI-See Chapter 2, "Command-Line - Cisco 7604 | Software Configuration Guide - Page 36
the SNMP password for read-only operation. Configures the SNMP password for read/write operation. Note The default password for accessing the router web page is the enable-level password of the router. Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 1-2 OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 37
Filtering and Firewalls," at this URL: http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfacls.html • VLAN ACLs (VACLs)-To configure VACLs, see Chapter 35, "Configuring VLAN ACLs." OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 1-3 - Cisco 7604 | Software Configuration Guide - Page 38
Release 12.2, "IP Addressing and Services," "Configuring IP Addressing," "Configuring Network Address Translation," at this URL: http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfipadr.html Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 1-4 OL-4266 - Cisco 7604 | Software Configuration Guide - Page 39
US/docs/ios/12_2/interface/command/reference/irfshoip.html To configure the tunnel tos and tunnel ttl commands, refer to this publication: http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_tos.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 40
additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 41
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 42
). Perform initial configuration over a connection to the EIA/TIA-232 console interface. See the Cisco 7600 Series Router Module Installation Guide for console interface cable connection procedures. To make a console connection, perform this task: Step 1 Step 2 Step 3 Step 4 Command Press Return - Cisco 7604 | Software Configuration Guide - Page 43
the end of the command line. Press Esc B Moves the cursor back one word. Press Esc F Moves the cursor forward one word. 1. The arrow keys function only on ANSI-compatible terminals such as VT100s. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 2-3 - Cisco 7604 | Software Configuration Guide - Page 44
and a variety of protocol-specific modes. Note With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC mode-level commands by entering the do keyword before the EXEC mode-level command. Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 45
/port command. Router(config-if)# Console configuration From the directly connected console or the virtual terminal used with Telnet, use this configuration mode to configure the console interface. From global configuration mode, Router(config-line)# enter the line console 0 command. The Cisco - Cisco 7604 | Software Configuration Guide - Page 46
For more information about Kerberos, see "Configuring Kerberos" at this URL: http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfkerb.html • Configuring a secure connection with SSH or HTTPS Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 2-6 OL - Cisco 7604 | Software Configuration Guide - Page 47
, the prompt changes to rommon 1>. Enter a question mark (?) to see the available ROM-monitor commands. For more information about the ROM-monitor commands, see the Cisco IOS Master Command List, Release 12.2SX. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 48
2 Command-Line Interfaces Tip For additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html Cisco 7600 Series Router Cisco IOS Software - Cisco 7604 | Software Configuration Guide - Page 49
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 50
facility functions exactly the same as a completely unconfigured system functions when you first boot it up.) You can run the setup facility by entering the setup command at the enable prompt (#). Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 3-2 OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 51
the setup command, you are queried by the system to configure the global parameters, which are used for controlling system-wide settings. To boot the router and enter the global parameters, follow these steps: Step 1 Connect a console terminal to the console interface on the supervisor engine, and - Cisco 7604 | Software Configuration Guide - Page 52
script (the banner and the installed hardware) appear only at initial system startup. On subsequent uses of the setup command facility, the setup script begins with the following System Configuration Dialog. Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 3-4 OL - Cisco 7604 | Software Configuration Guide - Page 53
setup command facility) shows a router with some interfaces already configured: Current interface summary Interface Vlan1 IP-Address unassigned OK? Method Status Protocol YES TFTP administratively down down OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 54
EXEC level. Because many privileged EXEC commands are used to set operating parameters, you should protect these commands with passwords to prevent unauthorized use. should enter a different password. Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 3-6 OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 55
created: hostname router enable secret 5 $1$S3Lx$uiTYg2UrFK1U0dgWdjvxw. enable password lab line vty 0 4 password lab no snmp-server ! ip routing eigrp 301 ! interface Vlan1 shutdown no ip address ! interface GigabitEthernet1/1 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 56
255.255.255.248 Class B network is 172.20.0.0, 29 subnet bits; mask is /29 Repeat this step for each interface you need to configure. Proceed to Step 3 to check and verify your configuration parameters. Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 3-8 OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 57
.3 interface(s) 2 Gigabit Ethernet/IEEE 802.3 interface(s) 381K bytes of non-volatile configuration memory. 16384K bytes of Flash internal SIMM (Sector size 512K). Configuration register is 0x2 Router# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 3-9 - Cisco 7604 | Software Configuration Guide - Page 58
can check the configuration settings you entered or changes you made by entering the show running-config command at the privileged EXEC prompt (#) as follows: Router# show running-config Building configuration... 3-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 59
the system. Reviewing the Configuration To display information stored in NVRAM, enter the show startup-config EXEC command. The display should be similar to the display from the show running-config EXEC command. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 60
35 of the forwarding router: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# ip route 171.10.5.10 255.255.255.255 172.20.3.35 Router(config)# end Router# 3-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 61
.255 Vlan1 no ip http server ! ! x25 host z ! line con 0 transport input none line vty 0 4 exec-timeout 0 0 password lab login transport input lat pad dsipcon mop telnet rlogin udptn nasi ! end Router# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 3-13 - Cisco 7604 | Software Configuration Guide - Page 62
deleted> # # Start of individual host entries Router: tc=netcisco0: ha=0000.0ca7.ce00: ip=172.31.7.97: dross: tc=netcisco0: ha=00000c000139: ip=172.31.7.26: 3-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 63
EXEC mode. Specifies a secret password, saved using a nonreversible encryption method. (If enable password and enable secret commands are both set, users must enter the enable secret password.) OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 3-15 - Cisco 7604 | Software Configuration Guide - Page 64
user can access privileged EXEC mode, perform this task: Command Router(config)# enable use-tacacs Purpose Sets the TACACS-style user ID and password-checking mechanism for the privileged EXEC mode. 3-16 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 65
EXEC mode. You can configure up to 16 hierarchical levels of commands for each mode. By configuring multiple passwords, you can allow different sets of users to have access to specified commands. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 3-17 - Cisco 7604 | Software Configuration Guide - Page 66
" section on page 3-19. Logging In to a Privilege Level To log in at a specified privilege level, perform this task: Command Router# enable level Purpose Logs into a specified privilege level. 3-18 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 67
to the console interface. Configure the router to boot up without reading the configuration memory (NVRAM). Reboot the system. Access enable mode (which can be done without a password when one is not configured). View or change the password, or erase the configuration. Reconfigure the router to boot - Cisco 7604 | Software Configuration Guide - Page 68
enter the send break command to enter ROM-monitor mode. Note The Break key is always enabled for 60 seconds after rebooting, regardless of whether the configuration-register setting has the Break key disabled. 3-20 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 69
reasons for changing the software configuration register settings: • To select a boot source and default boot filename. • To enable or disable the Break function. • To control broadcast addresses. • To set the console terminal baud rate. • To load operating software from flash memory. • To recover - Cisco 7604 | Software Configuration Guide - Page 70
flash memory). Otherwise, you can instruct the system to boot from a specific flash image (using the boot system flash filename command). You can also use the boot command to boot images stored in the Flash PC cards located in Flash PC card slot 0 or slot 1 on the supervisor engine. If you set the - Cisco 7604 | Software Configuration Guide - Page 71
register changes take effect only after the system reloads, such as when you enter a reload command from the console. Reboot the system. The new configuration register value takes effect with the next system boot. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 72
ROM monitor commands. The new setting instructs the router to load a system image from commands in the startup configuration file or from a default system image stored on a network server. Router1# show version | include Configuration register Configuration register is 0x2102 Router# Specifying the - Cisco 7604 | Software Configuration Guide - Page 73
you can use to protect data. You must set the switch to unprotected to write data to the Flash PC card. • The system image stored in flash memory can be changed only from privileged EXEC level on the console terminal. Flash Memory Configuration Process To configure your router to boot from flash - Cisco 7604 | Software Configuration Guide - Page 74
additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 3-26 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 75
, install the Supervisor Engine 720 in either slot 5 or 6. • With a 13-slot chassis, install the Supervisor Engine 720 in either slot 7 or 8. Tip For additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco - Cisco 7604 | Software Configuration Guide - Page 76
rebuilds support WS-CF-UPG=, which replaces the bootflash device with a CompactFlash adapter and 512 MB CompactFlash card (sup-bootdisk:). Refer to this publication: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_17277.html Using the Slots on a Supervisor Engine - Cisco 7604 | Software Configuration Guide - Page 77
enabled module. In this mode, all traffic passes between the local bus and the supervisor engine bus. Table 4-1 shows the switching modes used with fabric-enabled and nonfabric-enabled modules installed. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 4-3 - Cisco 7604 | Software Configuration Guide - Page 78
Functionality The switch fabric functionality supports a number of show commands for monitoring purposes. A fully automated startup sequence brings the module online and runs the connectivity diagnostics on the ports. Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 79
Fabric module is not required for system to operate Modules are allowed to operate in bus mode Truncated mode is allowed Module Slot 1 2 3 4 5 6 Switching Mode Crossbar dCEF dCEF dCEF Crossbar dCEF OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 4-5 - Cisco 7604 | Software Configuration Guide - Page 80
Router# show fabric utilization all Lo% Percentage of Low-priority traffic. Hi% Percentage of High-priority traffic. slot 5 9 Router# channel 0 0 speed Ingress Lo% 20G 0 8G 0 Egress Lo% Ingress Hi% Egress Hi% 0 0 0 0 0 0 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 81
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 82
Configuring and Monitoring the Switch Fabric Functionality Chapter 4 Configuring a Supervisor Engine 720 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 4-8 OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 83
or 6. • With a 13-slot chassis, install the Supervisor Engine 32 in either slot 7 or 8. • Supervisor Engine 32 does not support switch fabric connectivity. • For information about the hardware and software features supported by the Supervisor Engine 32, see the Release Notes for Cisco IOS Release 12 - Cisco 7604 | Software Configuration Guide - Page 84
CompactFlash Type II slot (supports CompactFlash Type II Flash PC cards) • sup-bootdisk:-256 MB internal CompactFlash memory (from ROMMON, it is bootdisk:) Supervisor Engine 32 Ports The console port for the Supervisor Engine 32 port is an EIA/TIA-232 (RS-232) port. The Supervisor Engine 32 also has - Cisco 7604 | Software Configuration Guide - Page 85
redundant Supervisor Engine 2 is slavedisk0:. With non-ATA Flash PC cards, the keyword for the slot on the active Supervisor Engine 2 is slot0: and the keyword for the slot on a redundant Supervisor Engine 2 is slaveslot0:. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 86
lower slot automatically takes over if the primary module fails. Forwarding Decisions for Layer 3-Switched Traffic Either a PFC2 or a Distributed Feature Card (DFC) makes the forwarding decision for Layer 3-switched traffic as follows: Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 87
modules. 2. Displayed as fabric mode in show commands. Configuring the Switch Fabric Module These section describe configuring the Switch Fabric Module: • Configuring the Switching Mode, page 6-4 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 6-3 - Cisco 7604 | Software Configuration Guide - Page 88
task: Command Router(config)# fabric required Router(config)# no fabric required Purpose Configures fabric-required mode, which prevents switching modules from operating without a switch fabric module. Clears fabric-required mode. Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 89
Switch Fabric Modules installed, if you remove both switch fabric modules or if both fail, the router removes power from all switching modules; only the supervisor engine remains active. Configuring an LCD Message To configure a message for display on the LCD, perform this task: Command Router - Cisco 7604 | Software Configuration Guide - Page 90
Monitoring the Switch Fabric Module Chapter 6 Configuring the Supervisor Engine 2 and the Switch Fabric Module Note The Switch Fabric Module does not require any user configuration. Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 6-6 OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 91
the fabric channel switching mode of all modules: Router# show fabric switching-mode all bus-only mode is allowed Module Slot Switching Mode 1 Bus 2 Bus 3 DCEF 4 DCEF 5 No Interfaces 6 DCEF OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 92
0 0 0 7 1 0 0 Router# Displaying Fabric Errors To display fabric errors of one or all modules, perform this task: Command Router# show fabric errors [slot_number | all] Purpose Displays fabric errors. Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 6-8 OL - Cisco 7604 | Software Configuration Guide - Page 93
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 94
Monitoring the Switch Fabric Module Chapter 6 Configuring the Supervisor Engine 2 and the Switch Fabric Module 6-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 95
NSF with SSO Supervisor Engine Redundancy These sections describe supervisor engine redundancy using NSF with SSO: • NSF with SSO Supervisor Engine Redundancy Overview, page 7-2 • SSO Operation, page 7-2 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 96
, if all the installed switching modules have DFCs, enter the fabric switching-mode allow dcef-only command to disable the Ethernet ports on the redundant supervisor engine, which ensures that all modules are operating in dCEF mode. (CSCec05612) Cisco 7600 series routers support fault resistance by - Cisco 7604 | Software Configuration Guide - Page 97
new entries will receive the new version ("epoch") number, indicating that they have been refreshed. The forwarding information is updated on the line cards or forwarding engine during convergence. The OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 7-3 - Cisco 7604 | Software Configuration Guide - Page 98
OPEN message to the peer. Included in the message is a statement that the NSF-capable device has "graceful" restart capability. Graceful restart is the mechanism by which BGP routing peers avoid a routing flap following Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 99
supervisor engine switchover, the NSF-aware BGP peer marks all the routes associated with the NSF-capable router as stale; however, it continues to use these routes to make forwarding decisions for a set OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 7-5 - Cisco 7604 | Software Configuration Guide - Page 100
waits for a specified interval before it will attempt a second NSF restart. During this time, the new redundant supervisor engine will boot up and synchronize its configuration with the active supervisor Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 7-6 OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 101
packets, unless it is also a NSF restarting neighbor. Note A router may be NSF-aware but may not be participating in helping out the NSF restarting neighbor because it is coming up from a cold start. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 7-7 - Cisco 7604 | Software Configuration Guide - Page 102
active and standby supervisor engine during normal operation. HSRP and SSO can coexist but both features work independently. Traffic that relies on HSRP may switch to the HSRP standby in the event of a supervisor switchover. Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 103
describe supervisor engine redundancy guidelines and restrictions: • Redundancy Configuration Guidelines and Restrictions, page 7-10 • Hardware Configuration Guidelines and Restrictions, page 7-10 • Configuration Mode Restrictions, page 7-11 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software - Cisco 7604 | Software Configuration Guide - Page 104
to each supervisor engine. Do not connect a Y cable to the console ports. • Both supervisor engines must have the same system image (see the "Copying Files to the Redundant Supervisor Engine" section on page 7-20). 7-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 105
the active supervisor engine and boot the router with only the redundant supervisor engine installed. Follow the procedures in the current release notes to convert the redundant supervisor engine from the Catalyst operating system. • The configuration register in the startup-config must be set to - Cisco 7604 | Software Configuration Guide - Page 106
the system for SSO and display the redundancy state: Router> enable Router# configure terminal Enter configuration commands, one per line. Router(config)# redundancy Router(config-red)# mode sso Router(config-red)# end Router# show redundancy states my state = 13 -ACTIVE peer state = 8 -STANDBY HOT - Cisco 7604 | Software Configuration Guide - Page 107
show cef state command: router# show cef state CEF Status [RP] CEF enabled/running dCEF enabled/running CEF switching enabled/running CEF default capabilities: Always FIB switching: yes Default CEF switching: yes OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 108
Step 1 Verify that "bgp graceful-restart" appears in the BGP configuration of the SSO-enabled router by entering the show running-config command: Router# show running-config . . . router bgp 120 . . . 7-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 109
SSO-enabled networking device. To verify OSPF NSF, follow these steps: Step 1 Verify that 'nsf' appears in the OSPF configuration of the SSO-enabled device by entering the show running-config command: OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 7-15 - Cisco 7604 | Software Configuration Guide - Page 110
Chapter 7 Configuring NSF with SSO Supervisor Engine Redundancy Router# show running-config router ospf 120 log-adjacency-changes nsf network 192.168.20.0 0.0.0.255 area 0 network 192.168.30.0 0.0.0.255 area 1 network 192.168.40.0 0.0.0.255 area 2 . . . Step 2 Enter the show ip ospf command to - Cisco 7604 | Software Configuration Guide - Page 111
mode 'cisco' RP is STANDBY, chkpt msg receive count:ADJ 2, LSP 7 NSF interval timer notification received (NSF restart enabled) Checkpointing enabled, no errors Local state:STANDBY HOT, Peer state:ACTIVE, Mode:SSO OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 112
NSF with SSO Supervisor Engine Redundancy Step 3 If the NSF configuration is set to ietf, enter the show isis nsf command to verify that NSF is enabled on the device. The following display shows sample output for the IETF IS-IS configuration on the networking device: router# show isis nsf NSF - Cisco 7604 | Software Configuration Guide - Page 113
network summarization is in effect Maximum path: 4 Routing for Networks: Routing Information Sources: Gateway Distance Last Update Distance: internal 90 external 170 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 7-19 - Cisco 7604 | Software Configuration Guide - Page 114
additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 7-20 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 115
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 116
occurs: • All switching modules power up again • Remaining subsystems on the MSFC (including Layer 2 and Layer 3 protocols) are brought up • Access control lists (ACLs) are reprogrammed into supervisor engine hardware Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 117
-config file on the active supervisor engine to trigger synchronization of the startup-config file on the redundant supervisor engine and with RPR+, reload the redundant supervisor engine and MSFC. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 8-3 - Cisco 7604 | Software Configuration Guide - Page 118
engine and MSFC. • Supervisor engine switchover takes place after the failed supervisor engine completes a core dump. A core dump can take up to 15 minutes. To get faster switchover time, disable core dump on the supervisor engines. Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 119
own, which means all supervisor engine resources are duplicated, including all flash devices. • Make separate console connections to each supervisor engine. Do not connect a Y cable to the console ports. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 8-5 - Cisco 7604 | Software Configuration Guide - Page 120
Router(config-red)# mode { rpr | rpr-plus} Purpose Enters redundancy configuration mode. Configures RPR or RPR+. When this command is entered, the redundant supervisor engine is reloaded and begins to work in RPR or RPR+ mode. Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 121
system for RPR+ and display the redundancy state: Router> enable Router# configure terminal Enter configuration commands, one per line. Router(config)# redundancy Router(config-red)# mode rpr-plus Router(config-red)# end Router# show redundancy states my state = 13 -ACTIVE peer state = 1 -DISABLED - Cisco 7604 | Software Configuration Guide - Page 122
: device on the redundant supervisor engine. Copies the new Cisco IOS image to the bootflash: device on the redundant supervisor engine. Configures the supervisor engines to boot the new image. Saves the configuration. Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 123
the Cisco IOS software). Note Before reloading the redundant supervisor engine, make sure you wait long enough to ensure that all configuration synchronization changes have completed. Step 5 Router# redundancy force-switchover Conducts a manual switchover to the redundant supervisor engine. The - Cisco 7604 | Software Configuration Guide - Page 124
additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 8-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 125
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 126
in this display: Router# show interfaces fastethernet 5/48 FastEthernet5/48 is up, line protocol is up Hardware is C6k 100Mb 802.3, address is 0050.f0ac.3083 (bia 0050.f0ac.3083) Internet address is 172.20.52.18/27 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 127
slot number/port number at the privileged EXEC prompt, as shown in the following example: Router# configure terminal Enter configuration commands, one per line. Router(config)# interface fastethernet 5/5 Router(config-if)# End with CNTL/Z. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software - Cisco 7604 | Software Configuration Guide - Page 128
earlier than Release 12.2(18)SXD, the no interface range command does not support VLAN interfaces. • With Release 12.2(18)SXD and later releases, the no interface range command supports VLAN interfaces. Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 9-4 OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 129
mode while the commands are being executed, some commands may not be executed on all interfaces in the range. Wait until the command prompt reappears before exiting interface-range configuration mode. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 130
(config-if)# Configuring Optional Interface Features These sections describe optional interface features: • Configuring Ethernet Interface Speed and Duplex Mode, page 9-7 • Configuring Jumbo Frame Support, page 9-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 131
to auto and allow the Cisco 7600 series router to negotiate the speed and duplex mode between ports. If you decide to configure the port speed and duplex modes manually, consider the following information: • If you set the Ethernet port speed to auto, the router automatically sets the duplex mode to - Cisco 7604 | Software Configuration Guide - Page 132
negotiation does not negotiate port speed. On Gigabit Ethernet ports, link negotiation exchanges flow-control parameters, remote fault information, and duplex information. Link negotiation is enabled by default. Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 9-8 OL - Cisco 7604 | Software Configuration Guide - Page 133
/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:33, output never, output hang never OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 9-9 - Cisco 7604 | Software Configuration Guide - Page 134
swapped out Router# Configuring Jumbo Frame Support These sections describe jumbo frame support: • Understanding Jumbo Frame Support, page 9-10 • Configuring MTU Sizes, page 9-12 Caution The following switching modules support a maximum ingress frame size of 8,092 bytes: • WS-X6516-GE-TX when - Cisco 7604 | Software Configuration Guide - Page 135
larger than 64 bytes. Configuring a nondefault MTU size on a Gigabit Ethernet port permits ingress packets of any size larger than 64 bytes and limits egress traffic to the global LAN port MTU size. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 9-11 - Cisco 7604 | Software Configuration Guide - Page 136
| tengigabitethernet} slot/port] Displays the running configuration. 1. type = ethernet, fastethernet, gigabitethernet, tengigabitethernet, or ge-wan When configuring the MTU size, note the following information: 9-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 137
# show interfaces [type1 slot/port] flowcontrol Reverts to the default flow control settings. Displays the flow-control configuration for all ports. 1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 138
the port debounce timer causes link down detections to be delayed, resulting in loss of traffic during the debouncing period. This situation might affect the convergence and reconvergence of some Layer 2 and Layer 3 protocols. 9-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 139
fastethernet 5/12 Router(config-if)# link debounce Router(config-if)# end This example shows how to display the port debounce timer settings: Router# show interfaces debounce | include enable Fa5/12 enable 3100 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 140
do not change unless you replace the supervisor engine. If you do replace the supervisor engine, the Layer 2 MAC addresses of all ports change to those specified in the address allocator on the new supervisor engine. 9-16 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 141
counters shown with the show interfaces command, perform this task: Command Router# clear counters {{vlan vlan_ID} | {type1 slot/port} | {port-channel channel_ID}} Purpose Clears interface counters. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 9-17 - Cisco 7604 | Software Configuration Guide - Page 142
, gigabitethernet, or tengigabitethernet This example shows how to shut down Fast Ethernet port 5/5: Router(config)# interface fastethernet 5/5 Router(config-if)# shutdown Router(config-if)# 9-18 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 143
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 144
Checking the Cable Status Using the TDR Chapter 9 Configuring Interfaces 9-20 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 145
command-line interface (CLI) to configure Ethernet, Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet LAN ports for Layer 2 switching on the Cisco 7600 series routers. The configuration tasks in this chapter apply to LAN ports on LAN switching modules and to the LAN ports on the supervisor - Cisco 7604 | Software Configuration Guide - Page 146
flooding any entries. The router uses an aging mechanism, defined by a configurable aging timer, so if an address remains inactive for a specified number of seconds, it is removed from the address table. 10-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 147
following switching modules do not support ISL encapsulation: • WS-X6502-10GE • WS-X6548-GE-TX, WS-X6548V-GE-TX, WS-X6548-GE-45AF • WS-X6148-GE-TX, WS-X6148V-GE-TX, WS-X6148-GE-45AF • 802.1Q-802.1Q is an industry-standard trunking encapsulation. You can configure a trunk on a single Ethernet port or - Cisco 7604 | Software Configuration Guide - Page 148
you do not intend to trunk across those links. To enable trunking to a device that does not support DTP, use the nonegotiate keyword to cause the LAN port to become a trunk but not generate DTP frames. 10-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 149
restrictions: • The following switching modules do not support ISL encapsulation: - WS-X6502-10GE - WS-X6548-GE-TX, WS-X6548V-GE-TX, WS-X6548-GE-45AF - WS-X6148-GE-TX, WS-X6148V-GE-TX, WS-X6148-GE-45AF OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 10 - Cisco 7604 | Software Configuration Guide - Page 150
, page 10-7 • Configuring a Layer 2 Switching Port as a Trunk, page 10-8 • Configuring a LAN Interface as a Layer 2 Access Port, page 10-14 • Configuring a Custom IEEE 802.1Q EtherType Field Value, page 10-15 10-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 151
, use the default interface command. To avoid potential issues while changing the role of a port using the switchport command, shut down the interface before applying the switchport command. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 10-7 - Cisco 7604 | Software Configuration Guide - Page 152
or 802.1Q. • The following switching modules do not support ISL encapsulation: - WS-X6502-10GE - WS-X6548-GE-TX, WS-X6548V-GE-TX, WS-X6548-GE-45AF - WS-X6148-GE-TX, WS-X6148V-GE-TX, WS-X6148-GE-45AF 10-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 153
information: • Before entering the switchport mode trunk command, you must configure the encapsulation (see the "Configuring the Layer 2 Switching Port as an ISL or 802.1Q Trunk" section on page 10-8). OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 10-9 - Cisco 7604 | Software Configuration Guide - Page 154
task: Command Router(config-if)# switchport trunk native vlan vlan_ID Router(config-if)# no switchport trunk native vlan Purpose (Optional) Configures the 802.1Q native VLAN. Reverts to the default value (VLAN 1). 10-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 155
in this section. Configuring the List of Prune-Eligible VLANs Note Complete the steps in the "Configuring a LAN Port for Layer 2 Switching" section on page 10-7 before performing the tasks in this section. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 156
of the interface. Displays the switch port configuration of the interface. Displays the trunk configuration of the interface. 1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet 10-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 157
2 Switching Configuration and Verification Examples This example shows how to configure the Fast Ethernet port 5/8 as an 802.1Q trunk. This example assumes that the neighbor port is configured to support 802.1Q trunking: Router# configure terminal Enter configuration commands, one per line. End - Cisco 7604 | Software Configuration Guide - Page 158
Displays the switch port configuration of the interface. 1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet This example shows how to configure the Fast Ethernet port 5/6 as an access port in VLAN 200: Router# configure terminal Enter configuration commands, one per line. End - Cisco 7604 | Software Configuration Guide - Page 159
a trunk port that is configured with a custom EtherType field value does not recognize the standard 0x8100 EtherType field value on 802.1Q-tagged frames and cannot put the frames into the VLAN to which they belong. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 160
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 10-16 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 161
as Flex Links, only one of the interfaces is forwarding traffic and the other one is in standby mode. If port 1 is the active link, it begins forwarding traffic between port 1 and router B; the link OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 11-1 - Cisco 7604 | Software Configuration Guide - Page 162
(EtherChannel logical interfaces) as Flex Links, and you can configure a port channel and a physical interface as Flex Links, with either the port channel or the physical interface as the active link. 11-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 163
Interface State FastEthernet1/1 FastEthernet1/2 Active Up/Backup Standby FastEthernet1/3 FastEthernet2/4 Active Up/Backup Standby Port-channel1 GigabitEthernet7/1 Active Up/Backup Standby OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 11-3 - Cisco 7604 | Software Configuration Guide - Page 164
additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 11-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 165
work: • EtherChannel Feature Overview, page 12-2 • Understanding How EtherChannels Are Configured, page 12-2 • Understanding Port Channel Interfaces, page 12-5 • Understanding Load Balancing, page 12-5 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 12-1 - Cisco 7604 | Software Configuration Guide - Page 166
configured to use LACP. Ports configured to use LACP cannot form EtherChannels with ports configured to use PAgP. Neither interoperates with ports configured manually. Table 12-1 lists the user-configurable EtherChannel modes. 12-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 167
an EtherChannel with another LAN port in auto mode. • A LAN port in auto mode cannot form an EtherChannel with another LAN port that is also in auto mode, because neither port will initiate negotiation. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 12 - Cisco 7604 | Software Configuration Guide - Page 168
actively included in the channel are put in hot standby state and are used only if one of the channeled ports fails. You can configure an additional 8 standby ports (total of 16 ports associated with the EtherChannel). 12-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 169
all LAN ports in Cisco 7600 series routers, including the ports on the supervisor engine and a redundant supervisor engine. • Release 12.2(17b)SXA and later releases provide support for more than 1 Gbps of traffic per EtherChannel on the WS-X6548-GE-TX and WS-X6548V-GE-TX switching modules. • With - Cisco 7604 | Software Configuration Guide - Page 170
command is inactive when the EtherChannel is not a trunk. • All Ethernet LAN ports on all modules, including those on a redundant supervisor engine, support EtherChannels (maximum of eight LAN ports) with no requirement that the LAN ports be physically contiguous or on the same module. • Configure - Cisco 7604 | Software Configuration Guide - Page 171
group_number Purpose Creates the port channel interface. Deletes the port channel interface. Assigns an IP address and subnet mask to the EtherChannel. Exits configuration mode. Verifies the configuration. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 172
no IP address assigned to the LAN port. (Optional) On the selected LAN port, restricts the channel-group command to the EtherChannel protocol configured with the channel-protocol command. Removes the restriction. 12-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 173
. Higher numbers have lower priority. The default is 32768. Router(config-if)# no lacp port-priority Reverts to the default. Step 6 Router(config-if)# end Exits configuration mode. Step 7 Router# show running-config interface type1 slot/port Router# show interfaces type1 slot/port etherchannel - Cisco 7604 | Software Configuration Guide - Page 174
default. Exits configuration mode. Verifies the configuration. This example shows how to configure the LACP system priority: Router# configure terminal Router(config)# lacp system-priority 23456 Router(config)# end 12-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 175
Router(config)# port-channel load-balance src-dst-ip Router(config)# end Router(config)# This example shows how to verify the configuration: Router# show etherchannel load-balance Source XOR Destination IP address Router# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 176
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 12-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 177
in your network. With VTP, you can make configuration changes centrally on one or more network devices and have those changes automatically communicated to all the other network devices in the network. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 13-1 - Cisco 7604 | Software Configuration Guide - Page 178
to be in one and only one VTP domain. You make global VLAN configuration changes for the domain using either the command-line interface (CLI) or Simple Network Management Protocol (SNMP). By default, the Cisco 7600 series router is in VTP server mode and is in the no-management domain state until - Cisco 7604 | Software Configuration Guide - Page 179
domain name • VTP configuration revision number • VLAN configuration, including maximum transmission unit Support-A VTP server or client propagates configuration changes supported in the supervisor engine software Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 13-3 - Cisco 7604 | Software Configuration Guide - Page 180
enabled. The broadcast traffic from Switch 1 is not forwarded to Switches 3, 5, and 6 because traffic for the Red VLAN has been pruned on the links indicated (port 5 on Switch 2 and port 4 on Switch 4). 13-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 181
the vtp file file_name command on a router that has a redundant supervisor engine. • Before installing a redundant supervisor engine, enter the no vtp file command to return to the default configuration. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 13 - Cisco 7604 | Software Configuration Guide - Page 182
numbers 1006 to 4094). You must configure extended-range VLANs manually on each network device. • If there is insufficient DRAM available for use by VTP, the VTP mode changes to transparent. • Network devices in VTP transparent mode do not send VTP Join messages. On Cisco 7600 series routers with - Cisco 7604 | Software Configuration Guide - Page 183
management domain with any release: Router# vtp pruning Pruning switched ON This example shows how to verify the configuration: Router# show vtp status | include Pruning VTP Pruning Mode: Enabled Router# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 13 - Cisco 7604 | Software Configuration Guide - Page 184
VTP version 2 with any release: Router# vtp version 2 V2 mode enabled. Router# This example shows how to verify the configuration: Router# show vtp status | include V2 VTP V2 Mode: Enabled Router# 13-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 185
found) Router# This example shows how to configure the router as a VTP client: Router# configuration terminal Router(config)# vtp mode client Setting device to VTP CLIENT mode. Router(config)# exit Router# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 186
: 5 Request advertisements received : 0 Summary advertisements transmitted : 997 Subset advertisements transmitted : 13 Request advertisements transmitted : 3 Number of config revision errors : 0 13-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 187
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 188
Configuring VTP Chapter 13 Configuring VTP 13-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 189
How VLANs Work The following sections describe how VLANs work: • VLAN Overview, page 14-2 • VLAN Ranges, page 14-2 • Configurable VLAN Parameters, page 14-3 • Understanding Token Ring VLANs, page 14-3 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 14-1 - Cisco 7604 | Software Configuration Guide - Page 190
VLANs must be routed. LAN port VLAN membership is assigned manually on an port-by-port basis. VLAN Ranges Note You must enable the extended system ID to use 4096 VLANs (see the "Understanding the Bridge ID" section on page 20-2). Cisco 7600 series routers support 4096 VLANs in accordance with the - Cisco 7604 | Software Configuration Guide - Page 191
a switched Token Ring network (see Figure 14-1). The TrBRF can be extended across a network devices interconnected via trunk links. The connection between the TrCRF and the TrBRF is referred to as a logical port. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 192
traffic between the undistributed TrCRFs. Note To pass data between rings located on separate network devices, you can associate the rings to the same TrBRF and configure the TrBRF for an SRB. 14-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 193
traffic between the undistributed TrCRFs through the backup TrCRF. When the ISL connection is reestablished, all but one port in the backup TrCRF is disabled. Figure 14-4 illustrates the backup TrCRF. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 14-5 - Cisco 7604 | Software Configuration Guide - Page 194
VLAN ID VLAN name 802.10 SAID MTU size Ring number Parent VLAN Translational bridge 1 Default 1002 "fddi-default" 101002 1500 0 0 0 Range 1-1005 - 1-4294967294 1500-18190 1-4095 0-1005 0-1005 14-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 195
- 1-4294967294 1-4095 1500-18190 0-1005 0-1005 active, suspend srb, srt 0-13 0-13 disable; enable Range 1-1005 - 1-4294967294 1500-18190 0-15 auto, ibm, ieee active, suspend Range 1-1005 - 1-4294967294 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 14-7 - Cisco 7604 | Software Configuration Guide - Page 196
engine redundancy does not support nondefault VLAN data file names or locations. Do not enter the vtp file file_name command on a router that has a redundant supervisor engine. • Before installing a redundant supervisor engine, enter the no vtp file command to return to the default configuration - Cisco 7604 | Software Configuration Guide - Page 197
not match, the router uses the configuration in the vlan.dat file. • You can configure extended-range VLANs only in global configuration mode. You cannot configure extended-range VLANs in VLAN database mode. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 198
configuration, enter the show vlan command. You use the interface configuration command mode to define the port membership mode and add and remove ports from a VLAN. The results of these commands VLAN configuration. 14-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12. - Cisco 7604 | Software Configuration Guide - Page 199
the configuration: Router# show vlan name VLAN0003 VLAN Name Status Ports 3 VLAN0003 active VLAN Type SAID MTU Parent RingNo BridgeNo Stp Trans1 Trans2 3 enet 100003 1500 - - - - 0 0 Router# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 200
VLAN from 4094 and down. This example shows how to configure descending as the internal VLAN allocation policy: Router# configure terminal Router(config)# vlan internal allocation policy descending 14-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 201
SUP720-3B WS-SUP720 WS-SUP32-10GE Port Ranges Number of Number of per Ports Port Groups Port Group 2 1 1-2 Translations per VLAN Translation Port Group Trunk-Type Support 32 802.1Q 3 2 1, 2-3 16 ISL 802.1Q OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 202
128 ISL 802.1Q 32 802.1Q 32 ISL 802.1Q 32 ISL 802.1Q 32 ISL 802.1Q Note To configure a port as a trunk, see the "Configuring a Layer 2 Switching Port as a Trunk" section on page 10-8. 14-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 203
type1 slot/port Router(config-if)# switchport vlan mapping enable Router(config-if)# no switchport vlan mapping enable Purpose Selects the LAN port to configure. Enables VLAN translation. Disables VLAN translation. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 204
Command Purpose Router(config-if)# end Router# show interface type1 slot/port vlan mapping Exits configuration mode. Verifies the VLAN mapping. 1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet This example shows how to enable VLAN translation on a port: Router# configure - Cisco 7604 | Software Configuration Guide - Page 205
tftp command. Tip For additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software - Cisco 7604 | Software Configuration Guide - Page 206
Configuring VLANs Chapter 14 Configuring VLANs 14-18 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 207
15-3 • Private VLAN Port Isolation, page 15-4 • IP Addressing Scheme with Private VLANs, page 15-4 • Private VLANs Across Multiple Routers, page 15-5 • Private VLAN Interaction with Other Features, page 15-5 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 208
The private VLAN feature addresses two problems that service providers encounter when using VLANs: • The router supports up to 4096 VLANs. If a service provider assigns one VLAN per customer, the number of customers that service provider can support is limited. • To enable IP routing, each VLAN - Cisco 7604 | Software Configuration Guide - Page 209
can assign an individual private VLAN and associated IP subnet to each individual or common group of end stations. The end stations need to communicate only with a default gateway to communicate outside the private VLAN. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 210
If the number of devices in the VLAN increases, the number of assigned addresses might not be large enough to accommodate them. These problems are assigns them the next available address from a large pool of subnet addresses. 15-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 211
• Private VLANs and Unicast, Broadcast, and Multicast Traffic, page 15-6 • Private VLANs and SVIs, page 15-6 See also the "Private VLAN Configuration Guidelines and Restrictions" section on page 15-6. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 15-5 - Cisco 7604 | Software Configuration Guide - Page 212
private VLANs are described in the following sections: • Secondary and Primary VLAN Configuration, page 15-7 • Private VLAN Port Configuration, page 15-9 • Limitations with Other Features, page 15-9 15-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 213
are sticky ARP entries. For security reasons, private VLAN port sticky ARP entries do not age out. For information about configuring sticky ARP, see the "Configuring Sticky ARP" section on page 36-34. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 15-7 - Cisco 7604 | Software Configuration Guide - Page 214
isolated, and community VLANs or use SPAN on only one VLAN to separately monitor egress or ingress traffic. - For more information about SPAN, see Chapter 52, "Configuring Local SPAN, RSPAN, and ERSPAN." 15-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 215
remapped to or from dot1Q ports as configured, as if received from the ISL VLANs. • With releases earlier than Release 12.2(18)SXE, you cannot configure port security on ports that are in a private VLAN. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 15 - Cisco 7604 | Software Configuration Guide - Page 216
port - A SPAN destination port - A promiscuous private VLAN port - In releases where CSCsb44185 is resolved, a port that has been configured with the switchport mode dynamic auto or switchport mode dynamic desirable command. 15-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 217
-port restriction applies to the WS-X6548-GE-TX and WS-X6148-GE-TX 10/100/1000 Mb Ethernet switching modules. Within groups of 24 ports (1-24, 25-48), do not configure ports as isolated ports or community VLAN ports when one port within the group of 24 ports is any of these: - A trunk port - A SPAN - Cisco 7604 | Software Configuration Guide - Page 218
Purpose Enters VLAN configuration submode for the primary VLAN. Associates the secondary VLANs with the primary VLAN. Clears all secondary VLAN associations. Exits VLAN configuration mode. Verifies the configuration. 15-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 219
of a primary VLAN to allow Layer 3 switching of private VLAN ingress traffic. Clears the mapping between the secondary VLANs and the primary VLAN. Exits configuration mode. Verifies the configuration. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 15-13 - Cisco 7604 | Software Configuration Guide - Page 220
keywords. • Required only if you have not entered the switchport command already for the interface. Configures the Layer 2 port as a private VLAN host port. Clears private VLAN port configuration. 15-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 221
the LAN interface as a Layer 2 interface before you can enter additional switchport commands with keywords. • Required only if you have not entered the switchport command already for the interface. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 15-15 - Cisco 7604 | Software Configuration Guide - Page 222
port and the primary VLAN and any secondary VLANs. Router(config-if)# end Exits configuration mode. Router# show interfaces [type1 slot/port] switchport Verifies the configuration 2-1001 Capture Mode Disabled 15-16 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 223
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 224
Monitoring Private VLANs Chapter 15 Configuring Private VLANs 15-18 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 225
Phone Connections, page 16-2 • Cisco IP Phone Voice Traffic, page 16-2 • Cisco IP Phone Data Traffic, page 16-3 • Cisco IP Phone Power Configurations, page 16-3 • Other Cisco IP Phone Features, page 16-4 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 16 - Cisco 7604 | Software Configuration Guide - Page 226
and WS-X6548-RJ-21 switching modules cannot supply power to Cisco IP phones. Configure QoS policies that use the Layer 3 IP precedence value on other switching modules. You can configure a Layer 2 access port with an attached Cisco IP phone to use one VLAN for voice traffic and another VLAN for data - Cisco 7604 | Software Configuration Guide - Page 227
IP phone loses local power and the mode is set to auto, the switching module discovers the Cisco IP phone and informs the supervisor engine, which then supplies inline power to the Cisco IP phone. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 16-3 - Cisco 7604 | Software Configuration Guide - Page 228
IP phone, the switching module reports to the supervisor engine that an unpowered Cisco IP phone is present and on which module and port. If the port is configured in auto mode, the supervisor engine determines if there is enough system power available to power up the Cisco IP phone. If there is - Cisco 7604 | Software Configuration Guide - Page 229
Cisco IP phone support: • You must enable the Cisco Discovery Protocol (CDP) on the Cisco 7600 series router port connected to the Cisco IP phone to send configuration information to the Cisco IP phone. • You can configure a voice VLAN only on a Layer 2 LAN port. • You can configure the ports on WS - Cisco 7604 | Software Configuration Guide - Page 230
QoS. • Refer to the "Configuring a LAN Interface as a Layer 2 Access Port" section on page 10-14 for information about how to configure the port as a Layer 2 access port and configure the access VLAN. 16-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 231
Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Configuring Data Traffic Support To configure the way in which the Cisco IP phone transmits data traffic, perform this task: Step 1 Step 2 Command Router(config)# interface fastethernet slot/port Router(config-if)# mls qos trust - Cisco 7604 | Software Configuration Guide - Page 232
on Fast Ethernet port 5/1: Router# show queueing interface fastethernet 5/1 | include Extend Extend trust state: trusted Configuring Inline Power Support To configure inline power support, perform this task: Step 1 Step 2 Command Router(config)# interface fastethernet slot/port Router(config-if - Cisco 7604 | Software Configuration Guide - Page 233
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 234
Configuring Cisco IP Phone Support Chapter 16 Configuring Cisco IP Phone Support 16-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 235
to point-to-point tunnel configurations. Any tunnel port in a tunnel VLAN is a tunnel entry and exit point. An 802.1Q tunnel can have as many tunnel ports as are needed to connect customer routers. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 17-1 - Cisco 7604 | Software Configuration Guide - Page 236
port Tunnel port VLAN 40 Tunnel port VLAN 40 Customer A VLANs 1 to 100 80820.21.Q1Qtrturnuknkpoprotrt 80820.21.Q1Qtrturnuknkpoprotrt 74016 Customer B VLANs 1 to 200 Trunk Asymmetric link Customer B VLANs 1 to 200 17-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 237
network, follow these guidelines and restrictions: • Use asymmetrical links to put traffic into a tunnel or to remove traffic from a tunnel. • Configure tunnel ports only to form an asymmetrical link. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 17-3 - Cisco 7604 | Software Configuration Guide - Page 238
Layer 2 protocols work between devices connected by an asymmetrical link: - CDP - UniDirectional Link Detection (UDLD) - Port Aggregation Protocol (PAgP) - Link Aggregation Control Protocol (LACP) 17-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 239
(config-if)# spanning-tree portfast trunk • If the service provider does not want the customer to see its routers, CDP should be disabled on the 802.1Q tunnel port as follows: Router(config-if)# no cdp enable OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 240
is a global command that configures the router to tag native VLAN traffic, and admit only 802.1Q tagged frames on 802.1Q trunks, dropping any untagged traffic, including untagged traffic in the native VLAN. 17-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 241
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 242
Configuring 802.1Q Tunneling Chapter 17 Configuring IEEE 802.1Q Tunneling 17-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 243
-GE-TX, and WS-X6148V-GE-TX switching modules do not support Layer 2 protocol tunneling. This chapter consists of these sections: • Understanding How Layer 2 Protocol Tunneling Works, page 18-1 • Configuring Support for Layer 2 Protocol Tunneling, page 18-2 Tip For additional information (including - Cisco 7604 | Software Configuration Guide - Page 244
support on Layer 2 protocol tunneling ports: - See the "Configuring Jumbo Frame Support" section on page 9-10. - Take note of the modules listed in the "Configuring Jumbo Frame Support" section that do not support jumbo frames. 18-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 245
)# l2protocol-tunnel shutdown-threshold stp 10 Router(config-if)# l2protocol-tunnel shutdown-threshold vtp 10 Router(config-if)# end Router# show l2protocol-tunnel summary Port Protocol Threshold OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 18-3 - Cisco 7604 | Software Configuration Guide - Page 246
additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 18-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 247
/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html Understanding MST These sections describe MST: • MST Overview, page 19-2 • MST Regions, page 19-2 • IST, CIST, and CST, page 19-3 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 19 - Cisco 7604 | Software Configuration Guide - Page 248
on page 19-5. The MST configuration controls to which MST region each router belongs. The configuration includes the name of the region, the revision number, and the MST VLAN-to-instance assignment map. 19-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 249
one or multiple members with the same MST configuration; each member must be capable of processing RSTP bridge protocol data units (BPDUs). There is no limit to the number of MST regions in a network, but each region can support up to 65 spanning tree instances. Instances can be identified by any - Cisco 7604 | Software Configuration Guide - Page 250
root. The CIST regional root for region 2 (B) and the CIST regional root for region 3 (C) are the roots for their respective subtrees within the CIST. 19-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 251
that an MST region looks like a single router to the CIST. The CIST external root path cost is the root path cost calculated between these virtual routers and routers that do not belong to any region. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 19-5 - Cisco 7604 | Software Configuration Guide - Page 252
kinds of messages that a port can receive: internal (coming from the same region) and external. When a message is external, it is received only by the CIST. If the CIST role is root or alternate, or if 19-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 253
it receives no BPDUs (M-records). In this situation, although the boundary role no longer exists, when you enter the show commands, they identify a port as boundary in the type column of the output. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 19-7 - Cisco 7604 | Software Configuration Guide - Page 254
B does not react to the superior BPDUs it sends and that router B is the designated, not root bridge. As a result, router A blocks (or keeps blocking) its port, thus preventing the bridging loop. 19-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 255
the RSTP works: • Port Roles and the Active Topology, page 19-10 • Rapid Convergence, page 19-11 • Synchronization of Port Roles, page 19-12 • Bridge Protocol Data Unit Format and Processing, page 19-13 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 19 - Cisco 7604 | Software Configuration Guide - Page 256
Is Port Included in the Active Topology? No No Yes Yes No To be consistent with Cisco STP implementations, this guide defines the port state as blocking instead of discarding. Designated ports start in the listening state. 19-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 257
a half-duplex port is considered to have a shared connection. You can override the default setting that is controlled by the duplex setting by using the spanning-tree link-type interface configuration command. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 258
its root port. When the routers connected by a point-to-point link are in agreement about their port roles, the RSTP immediately transitions the port states to forwarding. The sequence of events is shown in Figure 19-5. 19-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 259
that the protocol version is set to 2. A new 1-byte Version 1 Length field is set to zero, which means that change (TC) Proposal Port role: Unknown Alternate port or backup port Root port Designated port Learning Forwarding OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 260
(such as higher switch ID or higher path cost) that is inferior to what is currently stored for the port. If a designated port receives an inferior BPDU, it immediately replies with its own information. 19-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 261
) • Configuring Port Priority, page 19-21 (optional) • Configuring Path Cost, page 19-22 (optional) • Configuring the Switch Priority, page 19-23 (optional) • Configuring the Hello Time, page 19-24 (optional) OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 262
manually configure the MST configuration (region name, revision number, and VLAN-to-instance mapping) on each router within the MST region through the command-line interface (CLI) or SNMP. • For load balancing across redundant paths in the network to work, all VLAN-to-instance mapping assignments - Cisco 7604 | Software Configuration Guide - Page 263
no limit to the number of MST regions in a network, but each region can only support up to 65 spanning tree instances. You can assign a VLAN to only one spanning tree instance at a time. To specify the MST region configuration and enable MST, perform this task: Step 1 Step 2 Step 3 Command Router - Cisco 7604 | Software Configuration Guide - Page 264
configuration command. This example shows how to enter MST configuration mode, map VLANs 10 to 20 to MST instance 1, name the region region1, set the configuration revision to 1, display the pending configuration, apply the changes, and return to global configuration mode: Router(config)# spanning - Cisco 7604 | Software Configuration Guide - Page 265
do not manually configure the hello time, forward-delay time, and maximum-age time with the spanning-tree mst hello-time, spanning-tree mst forward-time, and spanning-tree mst max-age global configuration commands. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 266
bridges. Use the same network diameter and hello-time values that you used when you configured the primary root bridge with the spanning-tree mst instance_id root primary global configuration command. 19-20 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 267
2 Command Router# configure terminal Router(config)# interface {{type1 slot/port} | {port-channel number}} Purpose Enters global configuration mode. (Optional) Specifies an interface to configure, and enters interface configuration mode. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software - Cisco 7604 | Software Configuration Guide - Page 268
1 Step 2 Command Router# configure terminal Router(config)# interface {{type1 slot/port} | {port-channel number}} Purpose Enters global configuration mode. (Optional) Specifies an interface to configure, and enters interface configuration mode. 19-22 Cisco 7600 Series Router Cisco IOS Software - Cisco 7604 | Software Configuration Guide - Page 269
situations, we recommend that you use the spanning-tree mst instance_id root primary and the spanning-tree mst instance_id root secondary global configuration commands to modify the switch priority. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 19-23 - Cisco 7604 | Software Configuration Guide - Page 270
IEEE MST To configure the switch priority, perform this task: Step 1 Step 2 Command Router# configure terminal Router(config)# spanning-tree mst instance_id priority priority Step 3 Step 4 Step 5 Router(config)# end Router# show spanning-tree mst instance_id Router# copy running-config - Cisco 7604 | Software Configuration Guide - Page 271
config startup-config (Optional) Saves your entries in the configuration file. To return the router to its default setting, use the no spanning-tree transmit hold-count global configuration command. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 19-25 - Cisco 7604 | Software Configuration Guide - Page 272
port becomes a designated port, the RSTP negotiates a rapid transition with the other port by using the proposal-agreement handshake to ensure a loop-free topology as described in the "Rapid Convergence" section on page 19-11. 19-26 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 273
all the show commands, even if the port is in STP compatibility mode. To override the default link-type setting, perform this task: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command Purpose Router# configure terminal Router(config)# interface {{type1 slot/port} | {port-channel number}} Enters - Cisco 7604 | Software Configuration Guide - Page 274
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 19-28 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 275
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 276
to a single LAN segment or a switched LAN of multiple segments. Cisco 7600 series routers use STP (the IEEE 802.1D bridge protocol) on all VLANs. By default, a single instance of STP runs on each configured VLAN (provided you do not manually disable STP). You can enable and disable STP on a per-VLAN - Cisco 7604 | Software Configuration Guide - Page 277
1 STP MAC Address Allocation Cisco 7600 series router chassis have either 64 or 1024 MAC addresses available to support software features such as STP. To view the MAC address range on your chassis, enter the show catalyst6000 chassis-mac-address command. For chassis with 64 MAC addresses, STP uses - Cisco 7604 | Software Configuration Guide - Page 278
about the transmitting bridge and its ports, including bridge and MAC addresses, bridge priority, port priority, and path cost. STP port leading to the root bridge, and to determine the designated port for each Layer 2 segment. 20-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 279
high-speed fiber-optic link. By changing the STP port priority on the fiber-optic port to a higher priority (lower numerical value) than the root port, the fiber-optic port becomes the new root port. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 20-5 - Cisco 7604 | Software Configuration Guide - Page 280
• From listening to learning or to disabled • From learning to forwarding or to disabled • From forwarding to disabled Figure 20-2 illustrates how a Layer 2 LAN port moves through the five states. 20-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 281
database. 4. The Layer 2 LAN port waits for the forward delay timer to expire and then moves the Layer 2 LAN port to the forwarding state, where both learning and frame forwarding are enabled. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 20-7 - Cisco 7604 | Software Configuration Guide - Page 282
port, so there is no address database update.) • Receives BPDUs and directs them to the system module. • Does not transmit BPDUs received from the system module. • Receives and responds to network management messages. 20-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 283
update.) • Receives BPDUs and directs them to the system module. • Receives, processes, and transmits BPDUs received from the system module. • Receives and responds to network management messages. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 20-9 - Cisco 7604 | Software Configuration Guide - Page 284
database. • Receives BPDUs and directs them to the system module. • Receives, processes, and transmits BPDUs received from the system module. • Receives and responds to network management messages. 20-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 285
into its address database. • Receives BPDUs and directs them to the system module. • Processes BPDUs received from the system module. • Receives and responds to network management messages. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 20-11 - Cisco 7604 | Software Configuration Guide - Page 286
network devices separated by a cloud of non-Cisco 802.1Q network devices. The non-Cisco 802.1Q cloud separating the Cisco network devices is treated as a single trunk link between the network devices. 20-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 287
elected for the spanning tree topology. • Designated-A forwarding port elected for every switched LAN segment. • Alternate-An alternate path to the root bridge to that provided by the current root port. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 20 - Cisco 7604 | Software Configuration Guide - Page 288
IEEE 802.1s MST Works These sections describe Multiple Spanning Tree (MST): • IEEE 802.1s MST Overview, page 20-15 • MST-to-PVST Interoperability, page 20-16 • Common Spanning Tree, page 20-18 20-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 289
instance assignments. You must configure a set of bridges with the same MST configuration information, which allows them to participate in a specific set of spanning tree as the root of the CIST. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 20-15 - Cisco 7604 | Software Configuration Guide - Page 290
same instance as the primary. MST-to-PVST Interoperability A virtual bridged LAN may contain interconnected regions of single spanning tree (SST) and MST bridges. Figure 20-8 shows this relationship. 20-16 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 291
with PVST+ switches: • Configure the root for all VLANs inside the MST region as shown in this example: Router# show spanning-tree mst interface gigabitethernet 1/1 GigabitEthernet1/1 of MST00 is root forwarding Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 292
the current MST configuration. Note You must set the revision number when required as part of the MST configuration. The revision number is not incremented automatically each time you commit the MST configuration. 20-18 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 293
set for the port, the MSTP port-role selection process assigns a port role to the boundary and assigns the same state as the state of the IST port. The IST port at the boundary can take up any port role except a backup port role. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration - Cisco 7604 | Software Configuration Guide - Page 294
message age and maximum age timer settings in the RST portion of the BPDU remain the same throughout the region, and the same values are propagated by the region's designated ports at the boundary. 20-20 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 295
be completed during a maintenance window because the complete MST database gets reinitialized for any incremental change (such as adding new VLANs to instances or moving VLANs across instances). OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 20-21 - Cisco 7604 | Software Configuration Guide - Page 296
Table 20-5 on page 20-21). Reverts all STP parameters to default values for the specified VLAN. Disables STP on the specified VLAN; see the following Cautions for information regarding this command. 20-22 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 297
STP and Prestandard IEEE 802.1s MST Configuring STP Command Step 2 Router(config)# end Step 3 Router# show spanning-tree vlan vlan_ID Purpose Exits configuration mode. Verifies that STP is enabled. Caution Do not disable spanning tree on a VLAN unless all switches and bridges in the VLAN have - Cisco 7604 | Software Configuration Guide - Page 298
ID: Router# configure terminal Router(config)# spanning-tree extend system-id Router(config)# end Router# This example shows how to verify the configuration: Router# show spanning-tree summary | include Extended Extended system ID is enabled. Configuring the Root Bridge Cisco 7600 series routers - Cisco 7604 | Software Configuration Guide - Page 299
STP and Prestandard IEEE 802.1s MST Configuring STP When you enter the spanning-tree vlan vlan_ID root command, the router checks the bridge priority of the current root bridges for each VLAN. When the extended system ID is disabled, the router sets the bridge priority for the specified VLANs - Cisco 7604 | Software Configuration Guide - Page 300
bridge priority of 32768). If the extended system ID is enabled, STP sets the bridge priority to 28672. If the extended system ID is disabled, STP sets the bridge priority to 16384. You can run this command on more than one Cisco 7600 series router to configure multiple backup root bridges. Use the - Cisco 7604 | Software Configuration Guide - Page 301
task: Step 1 Step 2 Step 3 Step 4 Step 5 Command Purpose Router(config)# interface {{type1 slot/port} | {port-channel port_channel_number}} Selects an interface to configure. Router(config-if)# spanning-tree port-priority port_priority Configures the port priority for the LAN interface. The - Cisco 7604 | Software Configuration Guide - Page 302
(the default is media specific). STP uses the port cost value when the LAN interface is configured as an access port and uses VLAN port cost values when the LAN interface is configured as a trunk port. 20-28 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 303
Ethernet port 4/4: Router# configure terminal Enter configuration commands, one per line. Router(config)# interface fastEthernet 4/4 Router(config-if)# spanning-tree cost 1000 Router(config-if)# ^Z Router# End with CNTL/Z. This example shows how to verify the configuration: Router# show spanning - Cisco 7604 | Software Configuration Guide - Page 304
system ID is disabled, perform this task: Step 1 Command Router(config)# spanning-tree vlan vlan_ID priority bridge_priority Step 2 Step 3 Router(config)# no spanning-tree vlan vlan_ID priority Router(config)# end Router# show spanning-tree vlan vlan_ID bridge [detail] Purpose Configures - Cisco 7604 | Software Configuration Guide - Page 305
: Router# configure terminal Router(config)# spanning-tree vlan 200 hello-time 7 Router(config)# end Router# This example shows how to verify the configuration: Router# show spanning-tree vlan 200 bridge Hello Max Fwd OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 306
seconds. The vlan_ID value can be 1 through 4094, except reserved VLANs (see Table 14-1 on page 14-2). Reverts to the default maximum aging time. Exits configuration mode. Verifies the configuration. 20-32 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 307
on a specific interface, enter the clear spanning-tree detected-protocols interface interface-id privileged EXEC command. Configuring Prestandard IEEE 802.1s MST Release 12.2SX supports MST. These sections describe how to configure MST: OL-4266-08 Cisco 7600 Series Router Cisco IOS Software - Cisco 7604 | Software Configuration Guide - Page 308
commands, one per line. End with CNTL/Z. Router(config)# spanning-tree mode mst Router(config)# spanning-tree mst configuration Router(config-mst)# show current Current MST configuration Name [] Revision 0 Instance Vlans mapped 20-34 Cisco 7600 Series Router Cisco IOS Software - Cisco 7604 | Software Configuration Guide - Page 309
] Purpose Displays the active configuration. Displays information about the MST instances currently running. Displays information about a specific MST instance. Displays information for a given port. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 20 - Cisco 7604 | Software Configuration Guide - Page 310
vlan 1-10 Router(config-mst)# name cisco Router(config-mst)# revision 1 Router(config-mst)# ^Z Router# show spanning-tree mst configuration Name [cisco] Revision 1 Instance Vlans mapped 0 11-4094 1 1-10 20-36 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 311
) bpdu filter:disable Boundary :internal bpdu guard :disable Bpdus (MRecords) sent 2, received 364 (default) (default) (default) Instance Role Sts Cost Prio.Nbr Vlans mapped 1 Back BLK 1000 160.196 1-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 312
is disabled BackboneFast is disabled Pathcost method used is long Name Blocking Listening Learning Forwarding STP Active MST00 1 0 0 2 3 MST01 1 0 0 2 3 2 msts 2 0 0 4 6 Router# 20-38 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 313
1) Root this switch for MST01 Interface Role Sts Cost Prio.Nbr Status Fa4/4 Back BLK 1000 160.196 P2p Fa4/5 Desg FWD 200000 128.197 P2p Fa4/48 Boun FWD 200000 128.240 P2p Bound(STP) Router# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 314
detected-protocols privileged EXEC command. Use the clear spanning-tree detected-protocols interface interface-id privileged EXEC command to restart the protocol migration process on a specific interface. 20-40 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 315
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 316
Configuring Prestandard IEEE 802.1s MST Chapter 20 Configuring STP and Prestandard IEEE 802.1s MST 20-42 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 317
BackboneFast, page 21-13 • Enabling EtherChannel Guard, page 21-14 • Enabling Root Guard, page 21-14 • Enabling Loop Guard, page 21-15 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 21-1 - Cisco 7604 | Software Configuration Guide - Page 318
If an operational PortFast port receives a BPDU, it immediately loses its operational PortFast status. In that case, PortFast BPDU filtering is disabled on this port and STP resumes sending BPDUs on this port. 21-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 319
A, the root bridge, is connected directly to Switch B over link L1 and to Switch C over link L2. The Layer 2 LAN interface on Switch C that is connected directly to Switch B is in the blocking state. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 21-3 - Cisco 7604 | Software Configuration Guide - Page 320
are no blocked ports, the network device assumes that it has lost connectivity to the root bridge, causes the maximum aging time on the root to expire, and becomes the root bridge according to normal STP rules. 21-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 321
30 seconds, twice the Forward Delay time if the default Forward Delay time of 15 seconds is set. Figure 21-4 shows how BackboneFast reconfigures the topology to account for the failure of link L1. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 21-5 - Cisco 7604 | Software Configuration Guide - Page 322
other device are in the same EtherChannel. In response to misconfiguration detected on the other device, EtherChannel guard puts interfaces on the Cisco 7600 series router into the errdisabled state. 21-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 323
on ports 3/1 and 3/2 on Switches A, B, and C. Enabling loop guard on a root router has no effect but provides protection when a root router becomes a nonroot router. When using loop guard, follow these guidelines: OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 324
if)# spanning-tree portfast Router(config-if)# spanning-tree portfast default Purpose Selects a port to configure. Enables PortFast on a Layer 2 access port connected to a single workstation or server. Enables PortFast. 21-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 325
the effect on a specific port. Enables the PortFast trunk on a port Verifies the configuration. This example shows how to enable the default PortFast configuration: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# spanning-tree portfast default - Cisco 7604 | Software Configuration Guide - Page 326
globally on the router. Verifies the configuration. BPDU filtering is set to default on each port. This example shows how to enable PortFast BPDU filtering on the port and verify the configuration in PVST+ mode: 21-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 327
0 Number of transitions to forwarding state:1 The port is in the portfast mode by portfast trunk configuration Link type is point-to-point by default Bpdu filter is enabled BPDU:sent 0, received 0 Router# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 328
command in global configuration mode. Note When you enable UplinkFast, it affects all VLANs on the Cisco 7600 series router. You cannot configure UplinkFast on an individual VLAN. To enable UplinkFast, perform this task: 21-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 329
vlan_ID Purpose Enables BackboneFast. Disables BackboneFast. Exits configuration mode. Verifies that BackboneFast is enabled. This example shows how to enable BackboneFast: Router# configure terminal OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 21 - Cisco 7604 | Software Configuration Guide - Page 330
state might automatically recover. To manually return a port to service, enter a shutdown and then a no shutdown command for the interface. Enabling Root Guard To enable root guard, perform this task: 21-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 331
2 Step 3 Step 4 Command Purpose Router(config)# interface {type1 slot/port} | {port-channel port_channel_number} Selects a port to configure. Router(config-if)# spanning-tree guard root Enables root guard. Router(config-if)# no spanning-tree guard root Disables root guard. Router(config-if - Cisco 7604 | Software Configuration Guide - Page 332
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 21-16 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 333
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 334
[connected | static ] command. • To support VLAN interfaces, create and configure VLANs and assign VLAN membership to Layer 2 LAN ports. For more information, see Chapter 14, "Configuring VLANs" and Chapter 13, "Configuring VTP." • Cisco 7600 series routers do not support: - Integrated routing and - Cisco 7604 | Software Configuration Guide - Page 335
{{type1 slot/port.subinterface} | {port-channel port_channel_number.subinterface}} Purpose Enters privileged EXEC mode. Enters global configuration mode. Selects an interface and enters subinterface configuration mode. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 336
ports where PBR is configured is routed in software if the switching module resets. (CSCee92191) - Any permit route-map sequence with no set statement will cause matching traffic to be processed by the MSFC. - In Cisco IOS Release 12.2(33)SXF16 and later releases, for efficient use of hardware - Cisco 7604 | Software Configuration Guide - Page 337
Release 12.2, "Classification," "Configuring Policy-Based Routing," at this URL: http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpbr_ps1835_TSD_Products_C onfiguration_Guide_Chapter.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 338
address is 172.20.52.106/29 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set 22-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 339
translation is disabled WCCP Redirect outbound is disabled WCCP Redirect exclude is disabled BGP Policy Mapping is disabled IP multicast multilayer switching is disabled IP mls switching is enabled Router# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 340
Router port" ip address 172.20.52.106 255.255.255.248 no ip directed-broadcast ! Configuring IPX Routing and Network Numbers Note The MSFC supports IPX with fast switching. For complete information and procedures, refer to these publications: • Cisco IOS AppleTalk and Novell IPX Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 341
gigabitethernet, or tengigabitethernet, or ge-wan This example shows how to enable AppleTalk routing and assign an AppleTalk cable-range and zone name to interface VLAN 100: Router# configure terminal OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 22-9 - Cisco 7604 | Software Configuration Guide - Page 342
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 22-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 343
UDLR This chapter describes how to configure unidirectional Ethernet (UDE) and unidirectional link routing (UDLR) on the Cisco 7600 series router. Release 12.2(18)SXE and later releases support UDE and UDLR. Note For complete syntax and usage information for the commands used in this chapter, refer - Cisco 7604 | Software Configuration Guide - Page 344
high-capacity unidirectional link. Supported Hardware On Cisco 7600 series routers, UDE and UDLR are supported on the interfaces of these switching modules: • WS-X6704-10GE 4-port 10-Gigabit Ethernet • WS-X6816-GBIC 16-port Gigabit Ethernet • WS-X6516A-GBIC 16-port Gigabit Ethernet • WS-X6516-GBIC - Cisco 7604 | Software Configuration Guide - Page 345
. (CSCee56596) Configuring UDE These sections describe how to configure UDE: • UDE Configuration Guidelines, page 23-4 • Configuring Hardware-Based UDE, page 23-4 • Configuring Software-Based UDE, page 23-5 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 346
links do not support ARP. Configuring Hardware-Based UDE There are no software configuration procedures required to support hardware-based UDE. Install a unidirectional transceiver to implement hardware-based UDE. 23-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 347
config-if)# end Warning! Enable port unidirectional mode will automatically disable port udld. You must manually ensure that the unidirectional link does not create a spanning tree loop in the network. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 23-5 - Cisco 7604 | Software Configuration Guide - Page 348
Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface tengigabitethernet 1/1 Router(config-if)# no unidirectional Router(config-if)# end This example shows the result of entering the show interface command for a port that does not support - Cisco 7604 | Software Configuration Guide - Page 349
. - 10 Gigabit Ethernet port 1/2 is a receive-only UDE port. - The UDLR back-channel tunnel is configured as send-only and is associated with 10 Gigabit Ethernet port 1/2. - ARP and NHRP are enabled. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 23 - Cisco 7604 | Software Configuration Guide - Page 350
additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 23-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 351
describe PFC3BXL and PFC3B mode MPLS label switching: • Understanding MPLS, page 24-2 • Understanding PFC3BXL and PFC3B Mode MPLS Label Switching, page 24-2 • Supported Hardware Features, page 24-5 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 24-1 - Cisco 7604 | Software Configuration Guide - Page 352
MPLS Label Switching PFC3BXL or PFC3B mode supports Layer 3 Multiprotocol Label Switching (MPLS) virtual private networks (VPNs), and Layer 2 Ethernet over MPLS (EoMPLS), with quality of service (QoS) and security. 24-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 353
imposition label(s) needed to switch the MPLS packet. Note If MPLS load sharing is configured, the adjacency may point to a load-balanced path. See "Basic MPLS Load Balancing" section on page 24-8. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 24-3 - Cisco 7604 | Software Configuration Guide - Page 354
switch router (LSR). If the router is the penultimate hop LSR router (the upstream LSR next to the egress LER), the adjacency instructs the VPN Routing and Forwarding (VRF) number is more than 511 • For IP Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 355
on IP packets at label edge routers (LERs) and switching labels at label switch routers (LSRs). See this publication: http://www.cisco.com/en/US/docs/ios/12_0st/12_0st21/feature/guide/fs_rtr.html. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 24-5 - Cisco 7604 | Software Configuration Guide - Page 356
set up a VPN service provider network so that the autonomous system boundary routers (ASBRs) exchange IPv4 routes with MPLS labels of the PE routers. See this publication: http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftiasl13.html 24-6 Cisco 7600 Series Router Cisco IOS Software - Cisco 7604 | Software Configuration Guide - Page 357
mpls label range • mpls ip • mpls label protocol • mpls mtu For information about these commands, see these publications: http://www.cisco.com/en/US/docs/ios/12_2/switch/command/reference/fswtch_r.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 24-7 - Cisco 7604 | Software Configuration Guide - Page 358
of a basic MPLS configuration: ***** Basic MPLS ***** IP ingress interface: Router# mpls label protocol ldp interface GigabitEthernet6/2 ip address 75.0.77.1 255.255.255.0 media-type rj45 speed 1000 end 24-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 359
Router# Router# show mpls forwarding-table 88.0.0.0 Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched : 0 op: PUSH_LABEL2 packets: 112344419, bytes: 7190042816 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 24-9 - Cisco 7604 | Software Configuration Guide - Page 360
. The PFC3BXL or PFC3B contains a table that maps VLANs to VPNs. In the Cisco 7600 series router architecture, all physical ingress interfaces in the system are associated with a specific VPN. The 24-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 361
.com/en/US/docs/ios/12_2/switch/command/reference/fswtch_r.html Configuring MPLS VPN For information on configuring MPLS VPN, refer to the MPLS Virtual Private Networks feature module at this URL: OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 24-11 - Cisco 7604 | Software Configuration Guide - Page 362
to CE1 ip vrf forwarding blues ip address 10.19.9.1 255.255.255.252 encapsulation ppp pos scramble-atm pos flag c2 22 24-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 363
well as OSM-, FlexWAN, or FlexWAN2-based EoMPLS. For more information, see this publication: http://www.cisco.com/en/US/docs/routers/7600/install_config/12.2SX_OSM_config/mpls.html#Ethern et_over_MPLS OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 24-13 - Cisco 7604 | Software Configuration Guide - Page 364
packet received. • EoMPLS supports VLAN packets that conform to the IEEE 802.1Q standard. The 802.1Q specification establishes a standard method for inserting VLAN membership information into Ethernet frames. 24-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 365
circuits was mpls l2 transport route. This command has been replaced with the xconnect command. You can use the xconnect command to configure EoMPLS circuits. • The AToM control word is not supported. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 24-15 - Cisco 7604 | Software Configuration Guide - Page 366
PFC3B mode EoMPLS does not allow local switching of packets between interfaces unless you use loopback ports. • A system can have both an OSM or FlexWAN configuration and PFC3BXL or PFC3B mode configuration enabled at the same time. Cisco supports this configuration but does not recommend it. Unless - Cisco 7604 | Software Configuration Guide - Page 367
To display a single line for each VLAN, naming the VLAN, status, and ports, enter the show vlan brief command. Router# show vlan brief VLAN Name Status Ports 1 default active 2 VLAN0002 active OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 24 - Cisco 7604 | Software Configuration Guide - Page 368
0 GE3/3 34.0.0.2 25 17 11.11.11.11/32 0 GE3/3 34.0.0.2 26 Pop tag 12.12.12.12/32 0 GE3/3 34.0.0.2 Router# The output shows the following data: - Local tag-Label assigned by this router. 24-18 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 369
and restrictions: • The AToM control word is not supported. • Ethernet packets with hardware-level cyclic redundancy check (CRC) errors, framing errors, and runt packets are discarded on input. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 24-19 - Cisco 7604 | Software Configuration Guide - Page 370
event link-status speed nonegotiate end router# show run int g7/11.2000 Building configuration... Current configuration : 112 bytes ! interface GigabitEthernet7/11.2000 encapsulation dot1Q 2000 24-20 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 371
mpls ldp discovery command. When an PE router receives an LDP Hello message from another PE router, it considers that router and the specified label space to be "discovered." Router# show mpls ldp discovery OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 372
tag switched- Number of bytes switched out with this incoming label. - Outgoing interface-Interface through which packets with this label are sent. - Next Hop-IP address of neighbor that assigned the outgoing label. 24-22 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 373
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 374
Any Transport over MPLS Chapter 24 Configuring PFC3BXL and PFC3B Mode Multiprotocol Label Switching 24-24 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 375
25-2 • Multicast Tunnel Interfaces, page 25-5 • PE Router Routing Table Support for MVPN, page 25-6 • Multicast Distributed Switching Support, page 25-6 • Hardware-Assisted IPv4 Multicast, page 25-6 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 25-1 - Cisco 7604 | Software Configuration Guide - Page 376
to be sent to every PE router. This allows for on-demand forwarding of high-bandwidth traffic between PE routers, so as to avoid flooding every PE router with every high-bandwidth stream that might be created. 25-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 377
that no data is flowing along the default MDT. Each PE router maintains a PIM relationship with the other PE routers over the default MDT, as well as a PIM relationship with its directly attached PE routers. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 378
domain. The PE router associated with the multicast session source (PE1) receives the request. Figure 25-2 shows how the PE router forwards the request to the CE router associated with the multicast source (CE1a). 25-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 379
request and asks CE1a to begin sending data PE2 Customer 1 New York Site P1 configured. The BGP peering address is assigned as the MTI interface source address, and the PIM protocol is automatically enabled on each MTI. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 380
CPU utilization. In a customer VRF, PFC3BXL or PFC3B mode hardware acceleration supports multicast traffic in PIM dense, PIM sparse, PIM bidirectional, and PIM Source Specific Multicast (SSM) modes. 25-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 381
. • Although MVPN uses the infrastructure of MPLS VPN networks, you cannot apply MPLS tags or labels to multicast traffic over the VPNs. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 25-7 - Cisco 7604 | Software Configuration Guide - Page 382
first MVRF is configured. This change in replication mode automatically purges all forwarding entries in the hardware, temporarily forcing the router into software switching until the table entries can be rebuilt. 25-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 383
, page 25-10 • Configuring the Route-Target Extended Community, page 25-11 • Configuring the Default MDT, page 25-11 • Configuring Data MDTs (Optional), page 25-12 • Enabling Data MDT Logging, page 25-12 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 25 - Cisco 7604 | Software Configuration Guide - Page 384
bit number (192.168.122.15:1) This example show how to configure 55:1111 as the route distinguisher and verify the configuration: Router(config-vrf)# rd 55:1111 Router(config-vrf)# do show ip vrf blue Name Default RD blue 55:1111 Interfaces 25-10 Cisco 7600 Series Router Cisco IOS Software - Cisco 7604 | Software Configuration Guide - Page 385
the default MDT, perform this task: Command or Action Router(config-vrf)# mdt default group_address Router(config-vrf)# no mdt default Purpose Configures the default MDT. Deletes the default MDT. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 25-11 - Cisco 7604 | Software Configuration Guide - Page 386
. Frequent reuse of a data MDT might indicate a need to increase the number of allowable data MDTs by increasing the size of the wildcard bitmask that is used in the mdt data command. Disables data MDT logging. 25-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 387
command: Router# show ip pim mdt MDT Group * 227.1.0.1 * 227.2.0.1 * 228.1.0.1 * 228.2.0.1 Interface Tunnel1 Tunnel2 Tunnel3 Tunnel4 Source Loopback0 Loopback0 Loopback0 Loopback0 VRF BIDIR01 BIDIR02 SPARSE01 SPARSE02 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 388
the show mls ip multicast mdt command. The following example shows typical output for this command: Router# show mls ip multicast mdt State: H - Hardware Installed, I - Install Pending, D - Delete Pending, Z - Zombie VRF BIDIR01HWRP BIDIR01SWRP SPARSE01HWRP SPARSE01SWRP red red red red red MMLS - Cisco 7604 | Software Configuration Guide - Page 389
multicast traffic. In addition, BGP extended communities must be enabled (using the neighbor send-community both or neighbor send-community extended command) to support the use of MDTs in the network. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 25-15 - Cisco 7604 | Software Configuration Guide - Page 390
source of the register messages. Disables IPv4 multicast VRF routing. This example show how to configure a PIM VRF register message source address: Router(config)# ip pim vrf blue register-source loopback 3 25-16 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 391
the interface whose primary address is used as the source IP address for the TCP connection. • remote-as ASN-(Optional) Autonomous system number of the MSDP peer. This is for display-only purposes. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 25-17 - Cisco 7604 | Software Configuration Guide - Page 392
The valid range is from 1 to the value of the limit parameter. This example show how to configure the maximum number of multicast routes: Router(config)# ip multicast vrf blue route-limit 200000 20000 25-18 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 393
rp-address 192.200.2.1 ... ip pim vrf vpn249 rp-address 192.200.49.6 ip pim vrf vpn250 rp-address 192.200.50.6 ... OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 25-19 - Cisco 7604 | Software Configuration Guide - Page 394
1 Step 2 Command or Action Router# configure terminal Router(config)# interface type {slot/port | number} Purpose Enters global configuration mode. Enters interface configuration mode for the specified interface. 25-20 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 395
the IP address, so reconfigure the IP address. Disables IPv4 VRF forwarding. This example shows how to configure the interface for VRF blue forwarding: Router(config-if)# ip vrf forwarding blue OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 25-21 - Cisco 7604 | Software Configuration Guide - Page 396
log datetime msec service password-encryption service compress-config ! hostname MVPN Router ! boot system flash slot0: logging snmp-authfail ! ip subnet-zero ! ! no ip domain-lookup ip host tftp 223.255.254.238 ! 25-22 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 397
.255.255.255 ! interface Loopback11 ip vrf forwarding mvpn-cus1 ip address 210.111.255.14 255.255.255.255 ip pim sparse-dense-mode Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 25-23 - Cisco 7604 | Software Configuration Guide - Page 398
-target import 2:2 mdt default 226.2.2.1 mdt data 226.2.2.128 0.0.0.7 ! ip vrf v3 rd 3:3 route-target export 3:3 route-target import 3:3 mdt default 226.3.3.1 mdt data 226.3.3.128 0.0.0.7 ! ip vrf v4 25-24 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 399
ip address ! interface Loopback111 ip vrf forwarding v1 ip address 1.1.1.1 255.255.255.252 ip pim sparse-dense-mode ip ospf network point-to-point ! Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 25-25 - Cisco 7604 | Software Configuration Guide - Page 400
.255 area 155 network 157.155.1.0 0.0.0.255 area 0 ! router ospf 33 vrf v3 router-id 155.255.255.33 log-adjacency-changes network 155.255.255.33 0.0.0.0 area 155 ! router ospf 1 log-adjacency-changes 25-26 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 401
MCAST.ANYCAST.CE permit 2.2.2.2 ip access-list standard MCAST.ANYCAST.PE permit 1.1.1.1 ip access-list standard MCAST.BOUNDARY.VRF.v1 deny 226.192.1.1 permit any Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 25-27 - Cisco 7604 | Software Configuration Guide - Page 402
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 25-28 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 403
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 404
the egress port, where the rewrite occurs when the packet is transmitted from the Cisco 7600 series router. Hardware Layer 3 switching generates flow statistics for Layer 3-switched traffic. Hardware Layer 3 flow statistics can be used for NetFlow Data Export (NDE). (See Chapter 51, "Configuring NDE - Cisco 7604 | Software Configuration Guide - Page 405
A initiates an HTTP file transfer to Host C, Hardware Layer 3 switching uses the information in the local forwarding information base (FIB) and adjacency table to forward packets from Host A to Host C. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 26-3 - Cisco 7604 | Software Configuration Guide - Page 406
and restrictions when configuring hardware Layer 3 switching: • Hardware Layer 3 switching supports the following ingress and egress encapsulations: - Ethernet V2.0 (ARPA) - 802.3 with 802.2 with 1 byte control (SAP1) 26-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 407
/docs/ios/12_2/switch/configuration/guide/xcfcef.html • The Cisco IOS Switching Services Command Reference publication at this URL: http://www.cisco.com/en/US/docs/ios/12_2/switch/command/reference/fswtch_r.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 408
additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 26-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 409
IPv6 multicast support on Cisco 7600 series routers: • Features that Support IPv6 Multicast, page 27-2 • IPv6 Multicast Guidelines and Restrictions, page 27-2 • New or Changed IPv6 Multicast Commands, page 27-3 • Configuring IPv6 Multicast Layer 3 Switching, page 27-3 • Using show Commands to Verify - Cisco 7604 | Software Configuration Guide - Page 410
snooping is not supported. • IPv6 Multicast rate limiters-See Chapter 36, "Configuring Denial of Service Protection." • IPv6 Multicast: Bootstrap Router (BSR)-See the BSR information in the Cisco IOS IPv6 Configuration Library and Cisco IOS IPv6 Command Reference. • IPv6 Access Services-See DHCPv6 - Cisco 7604 | Software Configuration Guide - Page 411
to the Cisco IOS Master Command List, Release 12.2SX for information about these IPv6 multicast commands, which are new or changed in Release 12.2(18)SXE: • ipv6 mfib hardware-switching • mls rate-limit multicast ipv6 (see Chapter 36, "Configuring Denial of Service Protection") • show ipv6 mfib - Cisco 7604 | Software Configuration Guide - Page 412
to display the MFIB clients running on the PFC3 and any DFC3s: Router# show ipv6 mrib client | include slot slot 1 mfib ipv6 rp agent:15 (connection id 3) slot 6 mfib ipv6 rp agent:15 (connection id 4) 27-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 413
software ipv6-multicast capability | include Current Current System HW Replication Mode : Ingress Note Enter the no ipv6 mfib hardware-switching replication-mode ingress command to enable replication mode auto detection. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 414
Multicast FIB SC summary on Slot[1]: Shortcut Type Shortcut count (*, G/128) 10 (*, G/m) 47 IPv6 Multicast Netflow SC summary on Slot[6]: Shortcut Type Shortcut count (S, G) 100 (*, G) 0 27-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 415
SC summary on Slot[6]: Shortcut Type Shortcut count (*, G/128) 10 (*, G/m) 47 Note • The (*, G/128) value is a hardware bridge entry count. • The (*, G/m) value is a hardware bridge/drop entry count. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 416
additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 27-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 417
Multicast Layer 3 Switching Works These sections describe how IPv4 multicast Layer 3 switching works: • IPv4 Multicast Layer 3 Switching Overview, page 28-2 • Multicast Layer 3 Switching Cache, page 28-2 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 418
table on the PFC. In systems with Distributed Forwarding Cards (DFCs), IP multicast flows are Layer 3 switched locally using Multicast Distributed Hardware Switching (MDHS). MDHS uses local hardware CEF and replication tables on each DFC to perform Layer 3 switching and rate limiting of reverse path - Cisco 7604 | Software Configuration Guide - Page 419
command, all multicast Layer 3 switching cache entries on the PFC are purged. • When you disable multicast Layer 3 switching on an individual interface basis using the no mls ipmulticast command Data FCS OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 420
are partially switched if at least one (S,G) entry has the same RPF as a (*,g) entry but any of these is true: - The RPT flag (R bit) is not set. - The SPT flag (T bit) is not set. - The Prune-flag (P bit) is not set. 28-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 421
. Traffic that fails the RPF check is called non-RPF traffic. The Cisco 7600 series router processes non-RPF traffic in hardware on the PFC by filtering (dropping) or rate limiting the non-RPF traffic. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 28-5 - Cisco 7604 | Software Configuration Guide - Page 422
source and group, sending packets only to bridged ports and not to the MSFC. To support the PIM assert mechanism, the PFC periodically forwards a percentage of the non-RPF flow packets to the MSFC. 28-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 423
PIM, see the "Configuring IPv4 Bidirectional PIM" section on page 28-23. Default IPv4 Multicast Layer 3 Switching Configuration Table 28-1 shows the default IP multicast Layer 3 switching configuration. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 28 - Cisco 7604 | Software Configuration Guide - Page 424
the SPT-bit, RPT-bit, or Pruned flag set. • A (*,G) entry is not hardware switched if at least one (S,G) entry has an RPF different from the (*,G) entry's RPF and the (S,G) is not hardware switched. 28-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 425
Routing Table, page 28-21 • Displaying IPv4 Multicast Layer 3 Switching Statistics, page 28-22 • Displaying IPv4 Bidirectional PIM Information, page 28-25 • Using IPv4 Debug Commands, page 28-27 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 28-9 - Cisco 7604 | Software Configuration Guide - Page 426
(config)# ip multicast-routing Router(config)# Enabling IPv4 PIM on Layer 3 Interfaces You must enable PIM on the Layer 3 interfaces before IP multicast Layer 3 switching functions on those interfaces. 28-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 427
on your system, perform this task: Command Step 1 Router(config)# mls ip multicast Step 2 Router# show mls ip multicast Purpose Globally enables hardware switching of multicast routes. Displays MLS IP multicast configuration. This example shows how to globally enable hardware switching of - Cisco 7604 | Software Configuration Guide - Page 428
task: Command Purpose Step 1 Step 2 Router(config)# interface {{vlan vlan_ID} | {type1 slot/port}} Router(config-if)# mls ip multicast Selects an interface to configure. Enables IP multicast Layer 3 switching on a Layer 3 interface. Step 3 Router(config-if)# no mls ip multicast Disables IP - Cisco 7604 | Software Configuration Guide - Page 429
Number of complete hardware-switched flows:2 Directly connected subnet entry install is enabled Current mode of replication is Ingress Auto-detection of replication mode is enabled Consistency checker is enabled Router (config)# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration - Cisco 7604 | Software Configuration Guide - Page 430
Router# show mls cef ip multicast detail Purpose Enables local egress replication. Note This command requires a system reset for the configuration to take effect. Reloads the system. Displays the configured replication mode. 28-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 431
/mask, 224/4) is installed per PIM-enabled interface. To view FIB entries, enter the show mls ip multicast connected command. To enable installation of directly connected subnets, perform this task: OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 28 - Cisco 7604 | Software Configuration Guide - Page 432
Chapter 28 Configuring IPv4 Multicast Layer 3 Switching Command Router(config)# mls ip multicast connected Router(config)# no mls ip multicast connected Purpose Enables installation of directly connected subnets. Disables installation of directly connected subnets. This example shows how to - Cisco 7604 | Software Configuration Guide - Page 433
failure rate-limiting information: Router# show mls ip multicast summary 10004 MMLS entries using 1280464 bytes of memory Number of partial hardware-switched flows:4 Number of complete hardware-switched flows:10000 Router# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 434
, only packets switched by software. The show ip pim interface count command displays the IP multicast Layer 3 switching enable state on IP PIM interfaces and the number of packets received and sent on the interface. 28-18 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 435
Helper address is not set Directed broadcast forwarding is disabled Multicast reserved groups joined: 224.0.0.1 224.0.0.2 224.0.0.13 224.0.0.10 Outgoing access list is not set Inbound access list is not set OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 436
is disabled IP multicast multilayer switching is enabled IP mls switching is enabled Router# This example shows how to display the IP multicast Layer 3 switching configuration of Gigabit Ethernet interface 1/2: Router# show interfaces gigabitEthernet 1/2 GigabitEthernet1/2 is up, line protocol - Cisco 7604 | Software Configuration Guide - Page 437
interface list:Null Router# Note The RPF-MFD flag indicates that the flow is completely switched by the hardware. The H flag indicates the flow is switched by the hardware on the outgoing interface. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 438
, Packets switched: 0 Hardware switched outgoing interfaces: MFD installed: Vlan10 (10.1.0.10, 224.2.2.10) Incoming interface: Vlan10, Packets switched: 2744 Hardware switched outgoing interfaces: MFD installed: Vlan10 28-22 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 439
PIM globally on the router. Disables IPv4 bidirectional PIM globally on the router. This example shows how to enable IPv4 bidirectional PIM on the router: Router(config)# ip pim bidir-enable Router(config)# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 440
default is 10 seconds. Restores the default. This example shows how to set the IPv4 bidirectional PIM RP RPF scan interval: Router(config)# mls ip multicast bidir gm-scan-interval 30 Router(config)# 28-24 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 441
list: GigabitEthernet2/1, Bidir-Upstream/Sparse-Dense, 00:00:00/00:00:00,H Vlan30, Forward/Sparse-Dense, 00:00:00/00:02:59, H OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 28-25 - Cisco 7604 | Software Configuration Guide - Page 442
mapping df-cache State:H - Hardware Switched, I - Install Pending, D - Delete Pending, Z - Zombie RP Address 60.0.0.60 60.0.0.60 60.0.0.60 60.0.0.60 State H H H H DF Vl131 Vl151 Vl415 Gi4/16 State H H H H 28-26 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 443
group address, or the multicast traffic source. For an example of the show mls ip multicast statistics command, see the "Displaying IPv4 Multicast Layer 3 Switching Statistics" section on page 28-22. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 28-27 - Cisco 7604 | Software Configuration Guide - Page 444
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 28-28 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 445
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 446
a source-only network. Note If a multicast group has only sources and no receivers in a VLAN, MLDv2 snooping constrains the multicast traffic to only the multicast router ports. 29-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 447
mode for each group reported by the host • The list of sources for each group reported by the hosts • The router filter mode of each group • For each group, the list of hosts requesting the source OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 29-3 - Cisco 7604 | Software Configuration Guide - Page 448
for a multicast group address statically, the static setting supersedes any MLDv2 snooping learning. Multicast group membership lists can consist of both static and MLDv2 snooping-learned settings. 29-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 449
29-1, that includes the port numbers of Host 1, the multicast router, and the router. Table 29 router, the message is not flooded to other ports. Any known multicast traffic is forwarded to the group and not to the router. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 450
they can send an MLDv2 filter mode change record. When MLDv2 snooping receives a filter mode change record from a host that configures the EXCLUDE mode for a group, MLDv2 the specified multicast group. 29-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 451
traffic, you must configure at least one router as the MLDv2 snooping querier. You can configure a router to generate MLDv2 queries on a VLAN regardless of whether or not IP multicast routing is enabled. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 452
14, "Configuring VLANs"). • Configure an IPv6 address on the VLAN interface (see Chapter 22, "Configuring Layer 3 Interfaces"). When enabled, the MLDv2 snooping querier uses the IPv6 address as the query source address. 29-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 453
64 eui-64 Router(config-if)# ipv6 mld snooping querier Router(config-if)# end Router# show ipv6 mld interface vlan 200 | include querier MLD snooping fast-leave is enabled and querier is enabled Router# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 454
task: Command Step 1 Router(config)# interface vlan vlan_ID Step 2 Router(config-if)# ipv6 mld snooping Router(config-if)# no ipv6 mld snooping Purpose Selects a VLAN interface. Enables MLDv2 snooping. Disables MLDv2 snooping. 29-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 455
2 Command Router(config)# interface vlan vlan_ID Router(config-if)# ipv6 mld snooping mrouter interface type1 slot/port Purpose Selects the VLAN interface. Configures a static connection to a multicast router. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 456
-if)# ipv6 mld snooping last-member-query-interval 1000 Router(config-if)# exit Router# show ipv6 mld interface vlan 200 | include last MLD snooping last member query response interval is 1000 ms 29-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 457
. Enables SSM safe reporting. Clears the configuration. This example shows how to SSM safe reporting: Router(config)# interface vlan 10 Router(config-if)# ipv6 mld snooping ssm-safe-reporting OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 29-13 - Cisco 7604 | Software Configuration Guide - Page 458
interface vlan 25 Router(config-if)# ipv6 mld snooping report-suppression Router(config-if)# end Router# Router# show ipv6 mld interface vlan 25 | include report-suppression MLD snooping report-suppression is enabled 29-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 459
/1,Fa3/48,Router,Switch Router# This example shows how to display a total count of MAC address entries for a VLAN: Router# show mac-address-table multicast 1 count Multicast MAC Entries for vlan 1: 4 Router# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 460
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 29-16 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 461
(including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ 30-2 • Joining a Multicast Group, page 30-2 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 30-1 - Cisco 7604 | Software Configuration Guide - Page 462
for a multicast group address statically, the static setting supersedes any IGMP snooping learning. Multicast group membership lists can consist of both static and IGMP snooping-learned settings. 30-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 463
set up a forwarding-table entry, as shown in Table 30-1, that includes the port numbers of Host 1, the multicast router, and the router ports. Any known multicast traffic is forwarded to the group and not to the CPU. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, - Cisco 7604 | Software Configuration Guide - Page 464
determine if any other devices connected to that interface are interested in traffic for the specific multicast group. If IGMP snooping does not receive an IGMP Join message in response to the general 30-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 465
. Understanding IGMP Version 3 Support These sections describe IGMP version 3 support: • IGMP Version 3 Support Overview, page 30-6 • IGMPv3 Fast-Leave Processing, page 30-6 • Proxy Reporting, page 30-6 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 30 - Cisco 7604 | Software Configuration Guide - Page 466
time of suppression is the report response time indicated in the general query message. For IGMPv3, suppression occurs for the entire general query interval. 30-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 467
Safe Reporting Default Values Disabled Enabled None configured Enabled Learned automatically through PIM or IGMP packets Disabled Enabled Disabled; deprecated in Release 12.2(18)SXE and later releases OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 30 - Cisco 7604 | Software Configuration Guide - Page 468
a multicast router. • QoS does not support IGMP packets when IGMP snooping is enabled. Note When you are in configuration mode you can enter EXEC mode commands by entering the do keyword before the EXEC mode command. 30-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 469
IGMP Snooping Query Interval, page 30-11 • Enabling IGMP Fast-Leave Processing, page 30-12 • Configuring Source Specific Multicast (SSM) Mapping, page 30-12 • Enabling SSM Safe Reporting, page 30-13 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 30-9 - Cisco 7604 | Software Configuration Guide - Page 470
IGMP snooping fast-leave is disabled and querier is disabled IGMP snooping explicit-tracking is enabled on this interface IGMP snooping last member query interval on this interface is 1000 ms Router# 30-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 471
to determine if hosts are still interested in a specific multicast group. Note When both IGMP fast-leave processing and the IGMP query interval are configured, fast-leave processing takes precedence. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 30-11 - Cisco 7604 | Software Configuration Guide - Page 472
on vlan 200 Router(config-if)# end Router# show ip igmp interface vlan 200 | include fast-leave IGMP snooping fast-leave is enabled on this interface Router(config-if)# Configuring Source Specific Multicast (SSM) Mapping Note • Release 12.2(18)SXD3 and later releases support SSM mapping. • Do - Cisco 7604 | Software Configuration Guide - Page 473
)# end Router# show ip igmp snooping explicit-tracking vlan 25 Source/Group Interface Reporter Filter_mode 10.1.1.1/226.2.2.2 Vl25:1/2 16.27.2.3 INCLUDE 10.2.2.2/226.2.2.2 Vl25:1/2 16.27.2.3 INCLUDE OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 474
/1,Gi2/1,Fa3/48,Router,Switch Router# This example shows how to display a total count of MAC address entries for a VLAN: Router# show mac-address-table multicast 1 count Multicast MAC Entries for vlan 1: 4 Router# 30-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 475
was entered To display IGMP snooping statistics, perform this task: Command Router# show ip igmp snooping statistics interface vlan_ID Purpose Displays IGMP snooping information on a VLAN interface. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 30-15 - Cisco 7604 | Software Configuration Guide - Page 476
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 30-16 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 477
multicast router ports need to receive the multicast traffic within a specific VLAN by listening to the PIM hello messages, PIM join and prune messages, and bidirectional PIM designated forwarder-election messages. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 478
99473 Figure 31-2 shows the flow of a PIM join message with PIM snooping enabled. In the figure, the switches restrict the PIM join message and forward it only to the router that needs to receive it (Router B). 31-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 479
Router A Router B RP Source Data 99472 Figure 31-4 shows the flow of data traffic with PIM snooping enabled. In the figure, the switches forward the data traffic only to the router that needs to receive it (Router A). OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 480
IGMP snooping can be enabled at the same time in a VLAN. Either RGMP or PIM snooping can be enabled in a VLAN but not both. 31-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 481
task: Command Step 1 Router(config)# interface vlan vlan_ID Step 2 Router(config-if)# ip pim snooping Router(config-if)# no ip pim snooping Purpose Selects a VLAN interface. Enables PIM snooping. Disables PIM snooping. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 482
flooding. Exits configuration mode. Verifies the configuration. This example shows how to disable PIM snooping designated-router flooding: Router(config)# no ip pim snooping dr-flood Router(config)# end 31-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 483
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 484
Configuring PIM Snooping Chapter 31 Configuring PIM Snooping 31-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 485
send multicast data to the router unless an RGMP join message has also been sent to the Cisco 7600 series router from that router. When an RGMP join message is sent, the router is able to receive multicast data. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 486
on the router, no multicast data traffic is sent to the router by the Cisco 7600 series router unless an RGMP join is specifically sent for a group. When RGMP is disabled on the router, all multicast data traffic is sent to the router by the Cisco 7600 series router. Multicast data traffic for - Cisco 7604 | Software Configuration Guide - Page 487
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 488
Enabling RGMP on Layer 3 Interfaces Chapter 32 Configuring RGMP 32-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 489
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 490
for all prefixes in the routing table, and up to four parallel paths for prefixes reached through any of four user-configurable RPF interface groups (each interface group can contain four interfaces). 33-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 491
Packets permitted by the ACL are forwarded in hardware without a Unicast RPF check (CSCdz35099). • Because the packets in a denial-of-service attack typically match the deny ACE and are the input port. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 33-3 - Cisco 7604 | Software Configuration Guide - Page 492
example shows how to enable Unicast RPF strict check mode on Gigabit Ethernet port 4/2: Router(config)# interface gigabitethernet 4/2 Router(config-if)# ip verify unicast source reachable-via rx Router(config-if)# end Router# 33-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 493
have three or more reverse-path interfaces (these packets always pass the Unicast RPF check). This example shows how to configure multiple path RPF check: Router(config)# mls ip cef rpf multipath punt OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 33-5 - Cisco 7604 | Software Configuration Guide - Page 494
additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 33-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 495
34 C H A P T E R Understanding Cisco IOS ACL Support This chapter describes Cisco IOS ACL support on the Cisco 7600 series routers: • Cisco IOS ACL Configuration Guidelines and Restrictions, page 34-1 • Hardware and Software ACL Support, page 34-2 • Configuring IPv6 Address Compression, page 34-3 • - Cisco 7604 | Software Configuration Guide - Page 496
Hardware and Software ACL Support Chapter 34 Understanding Cisco IOS ACL Support With the ip unreachables command enabled (which is the default), the supervisor engine drops most of the denied packets in hardware and sends only a small number of packets to the MSFC to be dropped (10 packets per - Cisco 7604 | Software Configuration Guide - Page 497
that are displayed do not include all of the hardware switching platform counters. Configuring IPv6 Address Compression Access control lists (ACLs) are implemented in hardware in the Policy Feature Card (PFC), which uses the source or destination IP address and port number in the packet to index - Cisco 7604 | Software Configuration Guide - Page 498
the hardware compresses 4 port information cannot be included in Router(config)# This example shows how to turn off address compression for IPv6 addresses: Router(config)# no mls ipv6 acl compress address unicast Router(config)# 34-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 499
in hardware • To provide OAL support for denied packets, enter the mls rate-limit unicast ip icmp unreachable acl-drop 0 command. • OAL and the mls verify ip length minimum command are incompatible. Do not configure both. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 500
(5 minutes). • rate-limit number_of_packets: - Sets the number of packets logged per second in software. - Range: 10-1,000,000 (entered without commas). - Default: 0 (rate limiting is off and all packets are logged). 34-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 501
describe guidelines and restrictions when configuring ACLs that include Layer 4 port operations: • Determining Layer 4 Operation Usage, page 34-8 • Determining Logical Operation Unit Usage, page 34-8 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 34-7 - Cisco 7604 | Software Configuration Guide - Page 502
permit ... lt 9 deny ... gt 11 deny Note There is no limit to the use of "eq" operators as the "eq" operator does couple applies once to a source port and once to a destination port. For example, in this ACL Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 503
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 504
Guidelines and Restrictions for Using Layer 4 Operators in ACLs Chapter 34 Understanding Cisco IOS ACL Support 34-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 505
, refer to the Cisco IOS Master Command List, Release 12.2SX at this URL: http://www.cisco.com/en/US/docs/ios/mcl/122sxmcl/12_2sx_mcl_book.html • With a Supervisor Engine 720 and releases earlier than Release 12.2(17d)SXB, VACL capture is supported only for use with the WS-SVC-IDSM2-K9 Intrusion - Cisco 7604 | Software Configuration Guide - Page 506
720. Bridged Packets Figure 35-1 shows a VACL applied on bridged packets. Figure 35-1 Applying VACLs on Bridged Packets VACL Host A (VLAN 10) MSFC Supervisor Engine Bridged Host B (VLAN 20) 120528 35-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 507
4. VACL for output VLAN Figure 35-2 Applying VACLs on Routed Packets Routed Input IOS ACL Bridged VACL Host A (VLAN 10) MSFC Supervisor Engine Output IOS ACL VACL Bridged Host B (VLAN 20) 120554 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 35-3 - Cisco 7604 | Software Configuration Guide - Page 508
Access Map, page 35-5 • Configuring a Match Clause in a VLAN Access Map Sequence, page 35-6 • Configuring an Action Clause in a VLAN Access Map Sequence, page 35-7 • Applying a VLAN Access Map, page 35-8 35-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 509
a VLAN access map, perform this task: Command Router(config)# vlan access-map map_name [0-65535] Purpose Defines the VLAN access map. Optionally, you can specify the VLAN access map sequence number. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 35-5 - Cisco 7604 | Software Configuration Guide - Page 510
and Firewalls," at this URL: http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/fsecur_c.html See the "VLAN Access Map Configuration and Verification Examples" section on page 35-9. 35-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 511
destination ports transmit VACL-redirected traffic. • Use the no keyword to remove an action clause or specified redirect interfaces. See the "VLAN Access Map Configuration and Verification Examples" section on page 35-9. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 512
| interface type1 number2] mappings between VACLs and VLANs. 1. type = pos, atm, or serial 2. number = slot/port or slot/port_adapter/port; can include a subinterface or channel group descriptor 35-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 513
to trunk unconditionally (see the "Configuring the Layer 2 Switching Port as an ISL or 802.1Q Trunk" section on page 10-8 and the "Configuring the Layer 2 Trunk Not to Use DTP" section on page 10-9). OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 35-9 - Cisco 7604 | Software Configuration Guide - Page 514
, configure the capture port with the switchport trunk encapsulation command (see the "Configuring a Layer 2 Switching Port as Router# show vlan filter VLAN Map mordred: Configured on VLANs: Active on VLANs: Router# 2,4-6 2,4-6 35-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 515
. This example shows how to configure global VACL logging in hardware: Router(config)# vlan access-log maxflow 800 Router(config)# vlan access-log ratelimit 2200 Router(config)# vlan access-log threshold 4000 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 516
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 35-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 517
28 • CoPP Default Configuration, page 36-28 • CoPP Configuration Guidelines and Restrictions, page 36-28 • Configuring CoPP, page 36-29 • Monitoring CoPP, page 36-31 • Defining Traffic Classification, page 36-32 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 518
126151136 2 02:30:17 L3 - Dynamic - Cisco 7604 | Software Configuration Guide - Page 519
to a VLAN on the Cisco 7600 series routers. QoS ACLs Unlike security ACLs, QoS ACLs can be used to limit the rate of traffic without denying access to all the traffic in a flow. This example shows how to use a QoS ACL to prevent a ping attack on a router. A QoS ACL is configured and applied on all - Cisco 7604 | Software Configuration Guide - Page 520
, Neighbor Down: Dead timer expired Router# show ip eigrp neighbors IP-EIGRP neighbors for process 200 Router# Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. 36-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 521
, are discarded. Cisco Express Forwarding (CEF) tables are used to verify that the source addresses and the interfaces on which they were received are consistent with the FIB tables on the supervisor engine. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 522
hardware-assisted on the PFC2 and PFC3 (all types). Configuring many sources and destinations for active intercept mode may overrun the CPU, so it is recommended that only critical servers be protected with active intercept mode. 36-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 523
-exchange and dropping the connection; valid values are from 1 to 2147483 seconds. Changes the time the software will manage a connection after no activity; valid values are from 1 to 2147483 seconds. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 36-7 - Cisco 7604 | Software Configuration Guide - Page 524
be the same, as they both share the same rate-limiter register. If the ACL bridge ingress/egress rate limiting is disabled, the Layer 3 redirect rate limit results are converted to the bridge result. 36-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 525
with such ARP requests. This example shows how to rate limit the rate at which this traffic is sent to the MSFC to 20000 pps and a burst of 60: Router(config)# mls rate-limit unicast cef glean 20000 60 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 36-9 - Cisco 7604 | Software Configuration Guide - Page 526
-11 • QoS Rate Limiting, page 36-12 • uRPF Check, page 36-12 • Traffic Storm Control, page 36-13 • Network Under SYN Attack, page 36-13 • ARP Policing, page 36-14 • Recommended Rate-Limiter Configuration, page 36-14 36-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 527
Configuring Denial of Service Protection Understanding How DoS Protection Works • Hardware-Based Rate Limiters on hardware, so there is no performance penalty for applying VACLs to a VLAN on the Cisco 7600 series routers. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 528
The uRPF check in hardware is supported for routes with up to two return paths (interfaces) and up to six return paths with interface groups configured (two from the FIB table and four from the interface groups). 36-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 529
broadcast level 20 The Cisco 7600 series router supports broadcast storm control on all LAN ports and multicast and unicast storm control on Gigabit Ethernet ports. When two or three suppression modes are configured simultaneously, they share the same level settings. If broadcast suppression is - Cisco 7604 | Software Configuration Guide - Page 530
use a rate limiter on VACL logging unless you configure VACL logging. • Disable redirects because a platform that supports hardware forwarding, such as the Cisco 7600 series router, reduces the need for redirects. 36-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 531
Chapter 36 Configuring Denial of Service Protection Understanding How DoS Protection Works • Disable unreachables because a platform that supports hardware unreachables, such as the Cisco 7600 series router, reduces the need for unreachables. • Do not enable the MTU rate limiter if all interfaces - Cisco 7604 | Software Configuration Guide - Page 532
The TTL failure rate limiter is not supported for IPv6 multicast. This example shows how to rate limit the TTL failures to 70000 pps with a burst of 150: Router(config)# mls rate-limit all ttl-failure 70000 150 36-16 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 533
such ARP requests. This example shows how to rate limit the rate at which this traffic is sent to the MSFC to 20000 pps and a burst of 60: Router(config)# mls rate-limit unicast cef glean 20000 60 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 36-17 - Cisco 7604 | Software Configuration Guide - Page 534
MSFC to be overwhelmed. This example shows how to rate limit packets failing the MTU failures from being sent to the MSFC to 10000 pps with a burst of 10: Router(config)# mls rate-limit all mtu 10000 10 36-18 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 535
from the data path in the hardware up to the data path in the software. The rate limiters protect the control path in the software from congestion and drop the traffic that exceeds the configured rate. Within OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 536
. Table 36-2 IPv6 Rate Limiters Rate Limiter Connected Default-drop Route-control Traffic Classes to be Rate Limited Directly connected source traffic * (*, G/m) SSM * (*, G/m) SSM non-rpf * (*, FF02::X/128) 36-20 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 537
rate limiter: Router(config)# mls rate-limit multicast ipv6 route-cntl share auto DoS Protection Default Configuration Table 36-3 shows the DoS protection default configuration for the PFC3 hardware-based rate limiters. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 538
flow to be dropped. - Security ACLs need to be configured on all external interfaces that require protection. Use the interface range command to configure a security ACL on multiple interfaces. 36-22 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 539
that can be used as CPU rate limiters. • Do not use the CEF receive limiter if CoPP is being used. The CEF receive limiter will override the CoPP traffic. • Rate limiters override the CoPP traffic. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 36-23 - Cisco 7604 | Software Configuration Guide - Page 540
location: Router# show monitor session 1 Session 1 --------- Source Ports: RX Only: None TX Only: None Both: None Source VLANs: RX Only: None TX Only: None Both: 44 Destination Ports: Gi9/1 Filter VLANs: None 36-24 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 541
with TOS changed Total ip packets with COS changed Total non ip packets COS changed Total packets dropped by ACL Total packets dropped by Policing : 937860 : 23287640 : 0 : 0 : 96727 : 2 : 2 : 0 : 33 : 0 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 542
- owner (head) of the group, g - guest of the group Rate Limiter Type MCAST NON RPF MCAST DFLT ADJ Status ---------Off On Packets/s --------- 100000 Burst ----- 100 Sharing ------- Not sharing 36-26 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 543
- Packets/s --------- - 100000 - 100 100 100 100 2000 - Burst ----- - 100 - 10 10 10 10 1 - Layer2 Rate Limiters: RL# 9: Reserved RL#10: Reserved RL#11: Free RL#12: Free Router# - - - - - - OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 36-27 - Cisco 7604 | Software Configuration Guide - Page 544
the Cisco 7600 series router by protecting the MSFC from unnecessary or DoS traffic and giving priority to important control plane and management traffic. The PFC3 and DFC3 provide hardware support for CoPP. CoPP works with the PFC3 rate limiters. Note The Supervisor Engine 2 does not support CoPP - Cisco 7604 | Software Configuration Guide - Page 545
show mls ip qos commands to troubleshoot evaluate CPU traffic. • CoPP is performed on a per-forwarding-engine basis and software CoPP is performed on an aggregate basis. • CoPP is not supported in hardware for multicast packets. The combination of ACLs, multicast CPU rate limiters and CoPP software - Cisco 7604 | Software Configuration Guide - Page 546
default is not supported. When defining the service policy, the police policy-map action is the only supported action. When applying the service policy to the control plane, the input direction is only supported. 36-30 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 547
, including rate information and the number of bytes (and packets) that conformed or exceeded the configured policies both in hardware and in software. The output of the show policy-map control-plane command is as follows: Router# show policy-map control-plane Control Plane Interface Service policy - Cisco 7604 | Software Configuration Guide - Page 548
always be denied and not placed into a default category. If you explicitly deny traffic, then you can enter show commands to collect approximate statistics on the denied traffic and estimate its rate. 36-32 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 549
based on relative importance. The actual number of classes needed might differ and should shows how to permit return traffic from TACACS host: Router(config)# access-list 121 permit tcp host 1.1.1.1 host 10.9.9.9 established OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 550
begins to forward traffic to that MAC address. With sticky ARP enabled, the router learns the ARP entries and does not accept modifications received through ARP broadcasts. If you attempt to override 36-34 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 551
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 552
Configuring Sticky ARP Chapter 36 Configuring Denial of Service Protection 36-36 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 553
, page 37-2 • DHCP Snooping Binding Database, page 37-2 • Packet Validation, page 37-3 • DHCP Snooping Option-82 Data Insertion, page 37-3 • Overview of the DHCP Snooping Database Agent, page 37-5 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 37-1 - Cisco 7604 | Software Configuration Guide - Page 554
and rate-limits traffic from untrusted sources. In an enterprise network, devices under your administrative control are trusted sources. These devices include the switches, routers and servers in your network. Any device beyond the firewall or outside your network is an untrusted source. Host ports - Cisco 7604 | Software Configuration Guide - Page 555
do not reside on the same IP network or subnet, a DHCP relay agent is configured with a helper address to enable broadcast forwarding and to transfer DHCP messages between the clients and the server. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 37-3 - Cisco 7604 | Software Configuration Guide - Page 556
or the circuit ID, or both to assign IP addresses and implement policies, such as restricting the number of IP addresses that can be assigned to a single remote ID or circuit of the circuit ID type 37-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 557
the entries whenever the file is read. The entry on the first line helps distinguish entries associated with the latest write from entries that are associated with a previous write. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 37-5 - Cisco 7604 | Software Configuration Guide - Page 558
information option DHCP option-82 on untrusted port feature DHCP snooping limit rate DHCP snooping trust DHCP snooping vlan Default Value/State Disabled Enabled Disabled None Untrusted Disabled 37-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 559
snooping trust interface configuration command. • If a Layer 2 LAN port is connected to a DHCP client, configure the port as untrusted by entering the no ip dhcp snooping trust interface configuration command. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 560
IP address in the helper address field of the client side VLAN. 2. Configure DHCP option-82 on untrusted port. Refer to the "Enabling the DHCP Option-82 on Untrusted Port Feature" section on page 37-10 37-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 561
DHCP snooping globally: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# ip dhcp snooping Router(config)# do show ip dhcp snooping | include Switch Switch DHCP snooping is enabled Router(config)# Note When DHCP snooping is disabled and DAI is - Cisco 7604 | Software Configuration Guide - Page 562
(Optional) Enables untrusted ports to accept incoming DHCP packets with option-82 information. The default setting is disabled. Disables the DHCP option-82 on untrusted port feature. Verifies the configuration. 37-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 563
snooping MAC address verification: Router(config)# ip dhcp snooping verify mac-address Router(config)# do show ip dhcp snooping | include hwaddr Verification of hwaddr field is enabled Router(config)# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 37 - Cisco 7604 | Software Configuration Guide - Page 564
to verify the configuration: Router(config)# do show ip dhcp snooping Switch DHCP snooping is enabled DHCP snooping is configured on following VLANs: 10-12,15 DHCP snooping is operational on following VLANs: none 37-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 565
5/12 Router(config-if)# no ip dhcp snooping trust Router(config-if)# do show ip dhcp snooping | begin pps Interface Trusted Rate limit (pps) ------- FastEthernet5/12 no unlimited Router# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 566
number} Selects the interface to configure. Note Select only LAN ports configured with the switchport command or Layer 2 port-channel interfaces. Router(config-if)# ip dhcp snooping limit rate rate Configures DHCP packet rate limiting. Router(config-if)# no ip dhcp snooping limit rate Disables - Cisco 7604 | Software Configuration Guide - Page 567
Last Failed Time : 17:14:25 UTC Sat Jul 7 2001 Last Failed Reason : Unable to access URL. Total Attempts : 21 Startup Failures : 0 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 37-15 - Cisco 7604 | Software Configuration Guide - Page 568
all the reads since the router bootup. These two sets of counters are cleared by the clear command. The total counter set may indicate the number of bindings that have been ignored since the last clear. 37-16 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 569
0 Media Failures : 0 Router# Router# show ip dhcp snoop bind MacAddress IpAddress Startup Failures : Failed Transfers : Failed Reads : Failed Writes : Lease(sec) Type 0 0 0 0 VLAN Interface OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 37 - Cisco 7604 | Software Configuration Guide - Page 570
command. Checks the DHCP snooping database. This example shows how to manually add a binding to the DHCP snooping database: Router# show the fields in the show ip dhcp snooping binding command output. 37-18 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 571
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 572
Configuring DHCP Snooping Chapter 37 Configuring DHCP Snooping 37-20 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 573
describes how to configure dynamic Address Resolution Protocol (ARP) inspection (DAI) on the Cisco 7600 series router. The PFC3 supports DAI with Release 12.2(18)SXE and later releases. The PFC2 does not support DAI. Note For complete syntax and usage information for the commands used in this - Cisco 7604 | Software Configuration Guide - Page 574
switches, and routers connected to your Layer 2 network by poisoning the ARP caches of systems connected to the subnet and by intercepting traffic intended for other hosts on the subnet. Figure 38-1 shows -2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 575
IP-to-MAC address of Host 1. Therefore, if the interface between Router A and Router B is untrusted, the ARP packets from Host 1 are dropped by Router B. Connectivity between Host 1 and Host 2 is lost. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 38-3 - Cisco 7604 | Software Configuration Guide - Page 576
Trusted interfaces are not rate limited. You can change this setting by using the ip arp inspection limit interface configuration command. When the rate of incoming ARP packets exceeds the configured limit, the router places the port in the error-disabled state. The port remains in that state until - Cisco 7604 | Software Configuration Guide - Page 577
packets are logged. The number of entries in the log is 32. The number of system messages is limited to 5 per second. The logging-rate interval is 1 second. All denied or dropped ARP packets are logged. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 38 - Cisco 7604 | Software Configuration Guide - Page 578
also can use the ip arp inspection limit none interface configuration command to make the rate unlimited. A high rate-limit on one VLAN can cause a denial-of-service attack to other VLANs when the software places the port in the error-disabled state. Configuring DAI These sections describe how to - Cisco 7604 | Software Configuration Guide - Page 579
)# do show ip arp inspection vlan 10-12,15 | begin Vlan Vlan Configuration Operation ACL Match Static ACL ---- ---------- 10 Enabled Inactive 11 Enabled Inactive 12 Enabled Inactive 15 Enabled Inactive OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 580
State Rate (pps) Burst Interval Fa5/12 Trusted None N/A Applying ARP ACLs for DAI Filtering Note See the Cisco IOS Master Command List, Release 12.2SX, for information about the arp access-list command. 38-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 581
enabled, the router performs ARP packet validation checks, which makes the router vulnerable to an ARP-packet denial-of-service attack. ARP packet rate limiting can prevent an ARP-packet denial-of-service attack. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 582
ip arp inspection limit rate 20 burst interval 2 Router(config-if)# do show ip arp inspection interfaces | include Int|--|5/14 Interface Trust State Rate (pps) Burst Interval Fa5/14 Untrusted 20 2 38-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 583
validate command enables src and dst mac validations, and a second ip arp inspection validate command enables IP validation only, the src and dst mac validations are disabled as a result of the second command. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 584
validate src-mac dst-mac ip Router(config)# do show ip arp inspection | include abled$ Source Mac Validation : Enabled Destination Mac Validation : Enabled IP Address Validation : Enabled 38-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 585
configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# ip arp inspection log-buffer entries 64 Router(config)# do show ip arp inspection log | include Size Total Log Buffer Size : 64 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 586
| none | permit}} Router(config)# do show running-config | include ip arp inspection vlan vlan_range Purpose Enters global configuration mode. Configures log filtering for each VLAN. Verifies the configuration. 38-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 587
VLAN 100 not to log packets that match ACLs: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# ip arp inspection vlan 100 logging acl-match none Router(config)# do show running-config | include ip arp inspection vlan 100 ip arp inspection vlan - Cisco 7604 | Software Configuration Guide - Page 588
have dynamically assigned IP addresses. For configuration information, see Chapter 37, "Configuring DHCP Snooping." • This configuration does not work if the DHCP server is moved from Router A to a different location. 38-16 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 589
Verify the bindings: RouterA# show ip dhcp snooping binding MacAddress IpAddress Lease(sec) 00:02:00:02:00:02 1.1.1.2 4993 RouterA# Type dhcp-snooping VLAN ---1 Interface FastEthernet6/4 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 38 - Cisco 7604 | Software Configuration Guide - Page 590
0000.0000.0000/0.0.0.0/02:42:35 UTC Tue Jul 10 2001]) RouterA# show ip arp inspection statistics vlan 1 RouterA# The statistics will display as follows 1 0 RouterA# IP Validation Failures 0 38-18 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 591
Rate (pps) ---------15 15 15 15 None 15 15 15 15 RouterB# Verify the list of DHCP snooping bindings: RouterB# show ip dhcp snooping binding MacAddress IpAddress Lease(sec) Type VLAN Interface OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 592
May 23 2003]) RouterB# The statistics display as follows: RouterB# show ip arp inspection statistics vlan 1 Vlan ---1 Forwarded --------1 Dropped 1 0 RouterB# IP Validation Failures 0 38-20 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 593
fastethernet 6/3 RouterA(config-if)# no ip arp inspection trust RouterA(config-if)# end Switch# show ip arp inspection interfaces fastethernet 6/3 Interface Trust State Rate (pps) ---------- OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 38-21 - Cisco 7604 | Software Configuration Guide - Page 594
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 38-22 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 595
for which traffic storm control is enabled reaches the traffic storm control level that is configured on the port, traffic storm control drops the traffic until the traffic storm control interval ends. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 39-1 - Cisco 7604 | Software Configuration Guide - Page 596
on the Cisco 7600 series routers is implemented in hardware. The traffic storm control circuitry monitors packets passing from a LAN interface to the switching bus. the traffic storm control interval. 39-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 597
is enabled on the listed modules, do not configure traffic storm control on STP-protected ports that need to receive BPDUs. Except on the listed modules, traffic storm control does not suppress BPDUs. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 39-3 - Cisco 7604 | Software Configuration Guide - Page 598
. • On these modules, these levels suppress all traffic: - WS-X6704-10GE: 0.33 percent or less - WS-X6724-SFP 10Mbps ports: 0.33 percent or less - WS-X6748-SFP 100Mbps ports: 0.03 percent or less 39-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 599
Chapter 39 Configuring Traffic Storm Control Displaying Traffic Storm Control Settings - WS-X6748-GE-TX 100Mbps ports: 0.03 percent or less - WS-X6716-10G-3C / 3CXL Oversubscription Mode: 0.29 percent or less Because of hardware limitations and the method by which packets of different sizes are - Cisco 7604 | Software Configuration Guide - Page 600
additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 39-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 601
protocols. This command could also disrupt ARP functionality and other protocols, such as Network Time Protocol (NTP), that make use of local subnetwork multicast control groups in the 224.0.0.0/24 range. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 602
additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 40-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 603
7600 series routers (PFC QoS) uses some Cisco IOS modular QoS CLI (MQC). Because PFC QoS is implemented in hardware, it supports only a subset of the MQC syntax. • The PFC3 does not support Network-Based Application Recognition (NBAR). • With a Supervisor Engine 2, PFC2, and MSFC2, you can configure - Cisco 7604 | Software Configuration Guide - Page 604
. PFC QoS classification, policing, marking, and congestion avoidance is implemented in hardware on the PFC, DFCs, and in LAN switching module port Application Specific Integrated Circuits (ASICs). 41-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 605
Committed Access Rate (CAR)) for traffic that is Layer 3 switched or Layer 2 switched in hardware. Because queuing is implemented in the port ASICs, Cisco 7600 series routers do not support MQC-configured queuing. Figure 41-1 shows an overview of QoS processing in a Cisco 7600 series router. Figure - Cisco 7604 | Software Configuration Guide - Page 606
be applied to LAN-port ingress traffic. - Ingress PFC QoS can be applied to LAN-port ingress traffic. - Ingress LAN-port traffic can be Layer-2 or Layer-3 switched by the PFC3 or routed in software by the MSFC. 41-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 607
be applied to OSM-port ingress traffic. - Ingress PFC2 QoS can be applied to OSM-port ingress traffic. - OSM-port ingress traffic can be Layer-3 switched by the PFC2 or routed in software by the MSFC2. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41 - Cisco 7604 | Software Configuration Guide - Page 608
the role of the following components in PFC QoS decisions and processes: • Ingress LAN Port PFC QoS Features, page 41-7 • PFC and DFC QoS Features, page 41-9 • PFC QoS Egress Port Features, page 41-13 41-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 609
These sections provide an overview of the ingress port QoS features: • Flowchart of Ingress LAN Port PFC QoS Features, page 41-8 • Port Trust, page 41-9 • Ingress Congestion Avoidance, page 41-9 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-7 - Cisco 7604 | Software Configuration Guide - Page 610
CoS mutation is supported only on 802.1Q tunnel ports. • Release 12.2(18)SXF5 and later releases support the ignore port trust feature. • DSCP-based queue mapping is supported only on WS-X6708-10GE ports. 154684 41-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 611
relate to QoS: • Supported Policy Feature Cards, page 41-10 • Supported Distributed Forwarding Cards, page 41-10 • PFC and DFC QoS Feature List and Flowchart, page 41-10 • Internal DSCP Values, page 41-12 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 612
41 Configuring PFC QoS Supported Policy Feature Cards The policy feature card (PFC) is a daughter card that resides on the supervisor engine. The PFC provides QoS in addition to other functionality. The following PFCs are supported on the Cisco 7600 series routers: • PFC2 on the Supervisor Engine - Cisco 7604 | Software Configuration Guide - Page 613
Egress Internal Map DSCP DSCP (only on PFC3) Map Egress CoS (LAN ports only) 154644 Note The DSCP transparency feature makes writing the egress DSCP value into the Layer 3 ToS byte optional. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-11 - Cisco 7604 | Software Configuration Guide - Page 614
Internal DSCP Value Policy marking and policing on the PFC can change the initial internal DSCP value to a final internal DSCP value, which is then used for all subsequently applied QoS features. 41-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 615
DSCP Mutation with a PFC3, page 41-15 • Egress ToS Byte, page 41-15 • Egress PFC QoS Interfaces, page 41-15 • Egress ACL Support for Remarked DSCP, page 41-15 • Marking on Egress OSM Ports, page 41-16 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-13 - Cisco 7604 | Software Configuration Guide - Page 616
, you can configure WS-X6708-10GE ports to use the final internal DSCP value for egress LAN port classification and congestion avoidance (see the "Configuring DSCP-Based Queue Mapping" section on page 41-100). 41-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 617
as Layer 3 interfaces or VLAN interfaces). You configure egress ACL support for remarked DSCP on ingress Layer 3 interfaces (either LAN ports configured as Layer 3 interfaces or VLAN interfaces). OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-15 - Cisco 7604 | Software Configuration Guide - Page 618
Egress OSM Port Marking From PFC or MSFC IP traffic Yes from PFC? No OSM switching module marking PFC3 only DSCP Yes rewrite enabled? Write ToS byte into packet No 113090 OSM QoS Features Transmit OSM traffic 41-16 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 619
releases, you can configure WS-X6708-10GE ports to use received DSCP values for ingress LAN port classification and congestion avoidance (see the "Configuring DSCP-Based Queue was trusted at the port. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-17 - Cisco 7604 | Software Configuration Guide - Page 620
be used by the PFC to set IP precedence or DSCP values and the CoS value. You can configure the trust state of each ingress OSM port as follows: • Untrusted (default) • Trust IP precedence • Trust DSCP 41-18 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 621
from untrusted ports. Traffic from untrusted ports always has the port CoS value. • Aggregate and microflow policers-PFC QoS can use policers to either mark or drop both conforming and nonconforming traffic. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 622
does not affect transmission delay. In contrast, traffic shaping works by buffering out-of-profile traffic, which moderates the traffic bursts. (PFC QoS does not support shaping.) 41-20 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 623
egress policing decisions at the ingress interface, on the PFC or ingress DFC. Policers affected by this restriction deliver an aggregate rate that is the sum of all the independent policing rates. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-21 - Cisco 7604 | Software Configuration Guide - Page 624
-down DSCP value. Note To avoid inconsistent results, ensure that all traffic policed by the same aggregate policer has the same trust state. 41-22 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 625
the switch. PFC QoS allocates the port ASIC memory as buffers for each queue on each port. The Cisco 7600 series router LAN modules support the following types of queues: • Standard queues • Strict-priority queues OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 626
-10GE ports (see the "Configuring DSCP-Based Queue Mapping" section on page 41-100). The combination of multiple queues and the scheduling algorithms associated with each queue allows the switch to provide congestion avoidance. 41-24 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 627
structure of a LAN port, enter the show queueing interface {ethernet | fastethernet | gigabitethernet | tengigabitethernet} slot/port | include type command. The command displays one of the following architectures: • 1q2t indicates one standard queue with one configurable tail-drop threshold and - Cisco 7604 | Software Configuration Guide - Page 628
tail-drop -One non configurable (100 percent) tail-drop threshold Egress Queue Types To see the queue structure of an egress LAN port, enter the show queueing interface {ethernet | fastethernet | gigabitethernet | tengigabitethernet} slot/port | include type command. The command displays one of the - Cisco 7604 | Software Configuration Guide - Page 629
Drop Thresholds Egress Queue Scheduler 1p3q1t DWRR Total Buffer Ingress Egress Size Buffer Size Buffer Size 1,116 KB 28 KB 1,088 KB OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-27 - Cisco 7604 | Software Configuration Guide - Page 630
and Drop Thresholds Egress Queue Scheduler 1p2q2t WRR Total Buffer Ingress Egress Size Buffer Size Buffer Size 512 KB 73 KB 439 KB 41-28 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 631
Size Buffer Size Buffer Size 200 MB 108 MB 90 MB 16 MB 2 MB 14 MB 64.2 MB 256 KB 64 MB OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-29 - Cisco 7604 | Software Configuration Guide - Page 632
= CoS 6 DSCP 56-63 = CoS 7 Marked-down DSCP from DSCP map Marked-down DSCP value equals original DSCP value (no markdown) Policers None 41-30 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 633
Disabled Disabled Default Values With PFC QoS Enabled These sections list the default values that apply when PFC QoS is enabled: • Receive-Queue Limits, page 41-31 • Transmit-Queue Limit priority 15% OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-31 - Cisco 7604 | Software Configuration Guide - Page 634
PFC QoS Default Configuration Chapter 41 Configuring PFC QoS Feature 1p2q1t 1p3q8t 1p7q4t 1p7q8t Bandwidth Allocation Ratios Default Value Low Queues, page 41-34 • 1p1q0t Receive Queues, page 41-35 41-32 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 635
receive queue Threshold 1 Threshold 2 Default Value CoS 0, 1, 2, 3, and 4 Tail-drop 80% WRED-drop Not supported CoS 5, 6, and 7 Tail-drop 100% (not configurable) WRED-drop Not supported OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-33 - Cisco 7604 | Software Configuration Guide - Page 636
CoS 2 and 3 Tail-drop 60% WRED-drop Not supported CoS 4 Tail-drop 80% WRED-drop Not supported CoS 6 and 7 Tail-drop 100% WRED-drop Not supported CoS 5 Tail-drop 100% (nonconfigurable) 41-34 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 637
% low, 90% high CoS 6 Tail-drop Disabled; 90% WRED-drop Enabled; 60% low, 90% high CoS 7 Tail-drop Disabled; 100% WRED-drop Enabled;70% low, 100% high CoS 5 Tail-drop 100% (nonconfigurable) OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-35 - Cisco 7604 | Software Configuration Guide - Page 638
6 and 7 Tail-drop 80% WRED-drop Not supported CoS None Tail-drop 80% WRED-drop Not supported CoS 5 Tail-drop 100% WRED-drop Not supported CoS None Tail-drop 100% WRED-drop Not supported 41-36 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 639
Thresholds 5-8 CoS None Tail-drop 100% WRED-drop Not supported Threshold 1 CoS 5 Tail-drop 100% WRED-drop Not supported Thresholds 2-8 CoS None Tail-drop 100% WRED-drop Not supported OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-37 - Cisco 7604 | Software Configuration Guide - Page 640
; 100% low, 100% high CoS None DSCP 10 Tail-drop Enabled; 100% WRED-drop Disabled; 100% low, 100% high CoS None DSCP None Tail-drop Enabled; 100% WRED-drop Disabled; 100% low, 100% high 41-38 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 641
; 100% low, 100% high CoS None DSCP 26 Tail-drop Enabled; 100% WRED-drop Disabled; 100% low, 100% high CoS None DSCP None Tail-drop Enabled; 100% WRED-drop Disabled; 100% low, 100% high OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-39 - Cisco 7604 | Software Configuration Guide - Page 642
; 100% low, 100% high CoS None DSCP None Tail-drop Enabled; 100% WRED-drop Disabled; 100% low, 100% high CoS None DSCP None Tail-drop Enabled; 100% WRED-drop Disabled; 100% low, 100% high 41-40 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 643
; 100% low, 100% high CoS None DSCP None Tail-drop Enabled; 100% WRED-drop Disabled; 100% low, 100% high CoS None DSCP None Tail-drop Enabled; 100% WRED-drop Disabled; 100% low, 100% high OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-41 - Cisco 7604 | Software Configuration Guide - Page 644
0 and 1 Tail-drop Disabled; 70% WRED-drop Enabled; 40% low, 70% high Threshold 2 CoS 2 and 3 Tail-drop Disabled; 80% WRED-drop Enabled; drop Not supported CoS 2 and 3 Tail-drop 100% WRED-drop Not supported 41-42 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 645
-drop 70% low, 100% high CoS 4 and 6 Tail-drop Not supported WRED-drop 40% low, 70% high CoS 7 Tail-drop Not supported WRED-drop 70% low, 100% high CoS 5 Tail-drop 100% (nonconfigurable) OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-43 - Cisco 7604 | Software Configuration Guide - Page 646
6 and 7 Tail-drop Disabled; 100% WRED-drop Enabled; 70% low, 100% high Thresholds 2-8 CoS None Tail-drop Disabled; 100% WRED-drop Enabled; 70% low, 100% high CoS 5 Tail-drop 100% (nonconfigurable) 41-44 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 647
; 70% low, 100% high CoS None DSCP 10 Tail-drop Disabled; 100% WRED-drop Enabled; 70% low, 100% high CoS None DSCP None Tail-drop Disabled; 100% WRED-drop Enabled; 70% low, 100% high OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-45 - Cisco 7604 | Software Configuration Guide - Page 648
; 100% low, 100% high CoS None DSCP 26 Tail-drop Enabled; 100% WRED-drop Disabled; 100% low, 100% high CoS None DSCP None Tail-drop Enabled; 100% WRED-drop Disabled; 100% low, 100% high 41-46 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 649
; 100% low, 100% high CoS None DSCP None Tail-drop Enabled; 100% WRED-drop Disabled; 100% low, 100% high CoS None DSCP None Tail-drop Enabled; 100% WRED-drop Disabled; 100% low, 100% high OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-47 - Cisco 7604 | Software Configuration Guide - Page 650
; 40% low, 70% high Threshold 2 CoS 1 Tail-drop Disabled; 100% WRED-drop Enabled; 70% low, 100% high Thresholds 3-8 CoS None Tail-drop Disabled; 100% WRED-drop Enabled; 70% low, 100% high 41-48 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 651
CoS 2, 3, and 4 Tail-drop Disabled; 100% WRED-drop Enabled; 70% low, 100% high CoS 6 and 7 Tail-drop Disabled; 100% WRED-drop Enabled; 70% low, 100% high CoS 5 Tail-drop 100% (nonconfigurable) OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41 - Cisco 7604 | Software Configuration Guide - Page 652
Class Command Restrictions, page 41-54 • Supported Granularity for CIR and PIR Rate Values, page 41-55 • Supported Granularity for CIR and PIR Token Bucket Sizes, page 41-55 • IP Precedence and DSCP Values, page 41-56 41-50 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 653
. • You cannot configure PFC QoS features on tunnel interfaces. • PFC QoS does not rewrite the payload ToS byte in tunnel traffic. • PFC QoS filters only by ACLs, dscp values, or IP precedence values. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 654
or DSCP marking of packets. If you are using QoS and your switching modules are capable of egress replication, enter the mls ip multicast replication-mode ingress command to force ingress replication. 41-52 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 655
aggregate policer count in the QoS Policer Resources section of the output of the show platform hardware capacity qos command. PFC2 Guidelines • The PFC2 supports the match protocol class map command, which configures NBAR and sends all traffic on the Layer 3 interface, both ingress and egress, to - Cisco 7604 | Software Configuration Guide - Page 656
source-address Policy Map Class Command Restrictions PFC QoS does not support these policy map class commands: • bandwidth • priority • queue-limit • random-detect • set qos-group • service-policy 41-54 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 657
PFC with rate values that are multiples of the granularity values. Supported Granularity for CIR and PIR Token Bucket Sizes PFC QoS has the following hardware granularity for CIR MB) 1048576 (1 MB) OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-55 - Cisco 7604 | Software Configuration Guide - Page 658
1 61 1 1 0 62 1 1 1 63 Configuring PFC QoS These sections describe how to configure PFC QoS on the Cisco 7600 series routers: • Enabling PFC QoS Globally, page 41-57 • Enabling Ignore Port Trust, page 41-58 41-56 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 659
mls qos Router(config)# end Router# This example shows how to verify the configuration: Router# show mls qos QoS is enabled globally Microflow QoS is enabled globally QoS global counters: Total packets: 544393 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 660
and verify the configuration: Router# configure terminal Router(config)# mls qos marking ignore port-trust Router(config)# end Router# show mls qos | include ignores Policy marking ignores port_trust Router# 41-58 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 661
and verify the configuration: Router# configure terminal Router(config)# no mls qos rewrite ip dscp Router(config)# end Router# show mls qos | include rewrite QoS ip packet dscp rewrite disabled globally Router# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 662
(config-if)# end Router# show mls qos Disables microflow policing of bridged traffic. Exits configuration mode. Verifies the configuration. 1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet 41-60 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 663
Ethernet port 5/42: Router# configure terminal Enter configuration commands, one per line. Router(config)# interface fastethernet 5/42 Router(config-if)# mls qos vlan-based Router(config-if)# end End with CNTL/Z. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 664
Ethernet port 5/36: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface fastethernet 5/36 Router(config-if)# platform ip features sequential Router(config-if)# end 41-62 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 665
The normal_burst_bytes parameter sets the CIR token bucket size. • The maximum_burst_bytes parameter sets the PIR token bucket size. • When configuring the size of a token bucket, note the following information: OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 666
512 megabytes, entered as 512000000. - To sustain a specific rate, set the token bucket size to be at least the rate value divided by 4000 because tokens are removed from the burst markdown map. 41-64 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 667
a Policy Map, page 41-74 • Verifying Policy Map Configuration, page 41-81 • Attaching a Policy Map to an Interface, page 41-81 Note PFC QoS policies process both unicast and multicast traffic. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-65 - Cisco 7604 | Software Configuration Guide - Page 668
information about ACLs on the Cisco 7600 series routers. • class-map (optional)-Enter the class-map command to define one or more traffic classes by specifying the criteria by which traffic is classified. 41-66 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 669
on the interface. Router(config-if)# no mac packet-classify Disables protocol-independent MAC ACL filtering on the interface. 1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 670
in MAC ACLs is disabled by default. To enable VLAN-based QoS filtering in MAC ACLs, perform this task: Command Router(config)# mac packet-classify use vlan Purpose Enables VLAN-based QoS filtering in MAC ACLs. 41-68 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 671
disable VLAN-based QoS filtering in MAC ACLs (disabled by default). To configure a MAC ACL, perform this task: Command Step 1 Router(config)# mac access-list extended list_name Router any protocol. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-69 - Cisco 7604 | Software Configuration Guide - Page 672
include an explicit permit any any entry at the end of the list. • All new entries to an existing list are placed at the end of the list. You cannot add entries to the middle of a list. • This list shows -70 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 673
exists at the end of an ACL unless you include an explicit permit ip any mac any entry Command Router(config)# class-map class_name Router(config)# no class-map class_name Purpose Creates a class map. Deletes a class map. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 674
precedence or DSCP for egress QoS uses the received IP precedence or DSCP. Egress QoS filtering is not based on any IP precedence or DSCP changes made by ingress QoS. 41-72 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 675
IPv4 traffic) Configures the class map to filter based on up to eight DSCP values. Note Does not support source-based or destination-based microflow policing. Clears configured DSCP values from the class map. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 676
a Policy Map To create a policy map, perform this task: Command Router(config)# policy-map policy_name Router(config)# no policy-map policy_name Purpose Creates a policy map. Deletes the policy map. 41-74 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 677
the egress Layer 2 CoS value. - In Release 12.2(18)SXE and later releases, the set ip dscp and set ip precedence commands are saved in the configuration file as set dscp and set precedence commands. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-75 - Cisco 7604 | Software Configuration Guide - Page 678
traffic with the configured DSCP or IP precedence value. Clears the marking configuration. Note Releases earlier than Release 12.2(18)SXE support the set ip dscp and set ip precedence policy map class commands. 41-76 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 679
aggregate_name Router(config-pmap-c)# no police aggregate aggregate_name Purpose Configures the policy map class to use a previously defined named aggregate policer. Clears use of the named aggregate policer. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 680
about rate and burst size granularity. • You can enter the flow keyword to define a microflow policer (you cannot apply microflow policing to ARP traffic). When configuring a microflow policer, note the following information: 41-78 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 681
being policed. - For TCP traffic, configure the token bucket size as a multiple of the TCP window size, with a minimum value at least twice as large as the maximum size of the traffic being policed. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-79 - Cisco 7604 | Software Configuration Guide - Page 682
trust command. - To set PFC QoS labels in untrusted traffic, you can enter the set-dscp-transmit keyword to mark matched untrusted traffic with a new DSCP value or enter the set-prec the markdown map. 41-80 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 683
policy_map_name Router(config-if)# no service-policy [input | output] policy_map_name Purpose Selects the interface to configure. Attaches a policy map to the interface. Removes the policy map from the interface. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 684
port 5/36: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface fastethernet 5/36 Router(config-if)# service-policy input pmap1 Router(config-if)# end 41-82 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 685
8 DSCP values that map to a mutated DSCP value. • You can enter multiple commands to map additional DSCP values to a mutated DSCP value. • You can enter a separate command for each mutated DSCP value. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-83 - Cisco 7604 | Software Configuration Guide - Page 686
Fast Ethernet port 5/36: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface fastethernet 5/36 Router(config-if)# mls qos dscp-mutation mutmap1 Router(config-if)# end 41-84 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 687
12.2(17b)SXA and later releases support ingress CoS mutation on WS-X6704-10GE, WS-X6748-SFP, WS-X6724-SFP, and WS-X6748-GE-TX switching modules. • Ports that are not configured as IEEE 802.1Q tunnel ports do not support ingress CoS mutation. • Ports that are not configured to trust received CoS do - Cisco 7604 | Software Configuration Guide - Page 688
2 3 Router(config)# end Router# This example shows how to verify the map configuration: Router(config)# show mls qos maps cos-mutation COS mutation map testmap cos-in : 0 1 2 3 4 5 6 7 cos-out : 4 5 6 7 0 1 2 3 Router# 41-86 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 689
map named testmap to Gigabit Ethernet port 1/1: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface gigabitethernet 1/1 Router(config-if)# mls qos cos-mutation testmap Router(config-if)# end Router# show mls qos maps cos-mutation COS - Cisco 7604 | Software Configuration Guide - Page 690
to internal DSCP map: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# mls qos map ip-prec-dscp 0 1 2 3 4 5 6 7 Router(config)# end Router# 41-88 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 691
to a marked-down DSCP value. • You can enter a separate command for each marked-down DSCP value. Note Configure marked-down DSCP values that map to CoS values consistent with the markdown penalty. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-89 - Cisco 7604 | Software Configuration Guide - Page 692
no mls qos map dscp-cos Router(config)# end Router# show mls qos maps Purpose Configures the internal DSCP to egress CoS map. Reverts to the default map. Exits configuration mode. Verifies the configuration. 41-90 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 693
are untrusted. You can configure the port trust state on all Ethernet LAN ports and OSM ports. Note On non-Gigabit Ethernet 1q4t/2q2t ports, you must repeat the trust configuration in a class map. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-91 - Cisco 7604 | Software Configuration Guide - Page 694
-if)# mls qos trust cos Router(config-if)# end Router# This example shows how to verify the configuration: Router# show queueing interface gigabitethernet 1/1 | include trust Trust state: trust COS Router# 41-92 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 695
Ethernet port 5/24 and verify the configuration: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface fastethernet 5/24 Router(config-if)# mls qos cos 5 Router(config-if)# end Router# show queueing interface fastethernet 5/24 | include - Cisco 7604 | Software Configuration Guide - Page 696
an increasing chance of being dropped as the queue fills. Configuring a Tail-Drop Receive Queue These port types have only tail-drop thresholds in their receive-queues: • 1q2t • 1p1q4t • 2q8t • 1q8t 41-94 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 697
port 1/1: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface gigabitethernet 1/1 Router(config-if)# rcv-queue threshold 1 60 75 85 100 Router(config-if)# end Router# This example shows how to verify the configuration: Router# show - Cisco 7604 | Software Configuration Guide - Page 698
mode. Verifies the configuration. Configuring a WRED-Drop and Tail-Drop Transmit Queue These port types have both WRED-drop and tail-drop thresholds in their transmit queues: • 1p3q1t (transmit) • 1p3q8t (transmit) 41-96 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 699
port 1/1: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface gigabitethernet 1/1 Router(config-if)# wrr-queue random-detect max-threshold 1 70 70 Router(config-if)# end Router# This example shows how to verify the configuration: Router - Cisco 7604 | Software Configuration Guide - Page 700
and Fast Ethernet 1q4t ports do not support receive-queue tail-drop thresholds. This example shows how to configure receive queue 1/threshold 1 and transmit queue 1/threshold 1 for Gigabit Ethernet port 2/1: Router# configure terminal Enter configuration commands, one per line. End with CNTL - Cisco 7604 | Software Configuration Guide - Page 701
) • The standard queue thresholds can be configured as either tail-drop or WRED-drop thresholds on these port types: - 1p1q8t (receive) - 1p3q1t (transmit) - 1p3q8t (transmit) - 1p7q1t (transmit) OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-99 - Cisco 7604 | Software Configuration Guide - Page 702
the configuration: Router# show queueing interface tengigabitethernet 6/1 | include Queueing Mode Queueing Mode In Tx direction: mode-dscp Queueing Mode In Rx direction: mode-dscp Configuring Ingress DSCP-Based Queue Mapping Ingress DSCP-to-queue mapping is supported only on ports configured to - Cisco 7604 | Software Configuration Guide - Page 703
mode. Router# show queueing interface tengigabitethernet slot/port | include Trust state Verifies the configuration. This example shows how to configure 10-Gigabit Ethernet port 6/1 port 6/1 to trust received DSCP values: Router# configure terminal Enter configuration commands, one per line. End - Cisco 7604 | Software Configuration Guide - Page 704
QoS This example shows how to map the DSCP values 0 and 1 to threshold 1 in the standard receive queue for 10-Gigabit Ethernet port 6/1 port 6/1: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface tengigabitethernet 6/1 Router(config-if - Cisco 7604 | Software Configuration Guide - Page 705
port 6/1: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface tengigabitethernet 6/1 Router(config-if)# wrr-queue dscp-map 1 1 0 1 Router(config-if)# end Router# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 706
can enter multiple priority-queue dscp-map commands to map more than 8 DSCP values to the strict-priority queue. Reverts to the default mapping. Exits configuration mode. Verifies the configuration. 41-104 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 707
to the queue. This example shows how to map DSCP value 7 to the strict-priority queue on 10 Gigabit Ethernet port 6/1: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface tengigabitethernet 6/1 Router(config-if)# priority-queue dscp - Cisco 7604 | Software Configuration Guide - Page 708
shows how to verify the configuration: Router# show queueing interface fastethernet 5/36 | begin queue thresh cos-map queue thresh cos-map 1 1 0 1 1 2 2 3 2 1 4 5 2 2 6 7 Router# 41-106 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 709
following information: • The queue number is always 1. • You can enter up to 8 CoS values to map to the queue. This example shows how to map CoS value 7 to the strict-priority queues on Gigabit Ethernet port 1/1: Router# configure terminal Enter configuration commands, one per line. End with CNTL - Cisco 7604 | Software Configuration Guide - Page 710
shows how to verify the configuration: Router# show queueing interface fastethernet 5/36 | begin queue thresh cos-map queue thresh cos-map 1 1 0 1 1 2 2 3 2 1 4 5 2 2 6 7 Router# 41-108 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 711
: • Queue 1-250 Mbps • Queue 2-250 Mbps • Queue 3-500 Mbps Note The actual bandwidth allocation depends on the granularity that the port hardware applies to the configured percentages or weights. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-109 - Cisco 7604 | Software Configuration Guide - Page 712
(config-if)# end Router# This example shows how to verify the configuration: Router# show queueing interface gigabitethernet 1/2 | include bandwidth WRR bandwidth ratios: 3[queue 1] 1[queue 2] Router# 41-110 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 713
-limit 75 15 Router(config-if)# end Router# This example shows how to verify the configuration: Router# show queueing interface fastethernet 2/2 | include queue-limit queue-limit ratios: 75[queue 1] 15[queue 2] Router# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 714
queue-limit strict_priority_queue_weight Configures the queue size ratio between transmit queues. Configures the strict priority queue size. Note Not supported on all switching modules. Step 4 Router(config-if)# end Step 5 Router# show queueing interface type1 slot/port Exits configuration mode - Cisco 7604 | Software Configuration Guide - Page 715
Scenarios This example shows how to set the transmit-queue size ratio for Gigabit Ethernet port 1/2: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface gigabitethernet 1/2 Router(config-if)# wrr-queue queue-limit 75 15 Router(config-if - Cisco 7604 | Software Configuration Guide - Page 716
have a PC daisy-chained to an IP phone on a 100 Mbps link. This section describes how to classify voice traffic from the phone and data traffic from the PC so that they have different priorities. 41-114 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 717
CLASSIFY-PC-SAP match access-group name CLASSIFY-PC-SAP class-map match-all CLASSIFY-OTHER match access-group name CLASSIFY-OTHER OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41-115 - Cisco 7604 | Software Configuration Guide - Page 718
| include Port QoS Port QoS is enabled To ensure that the class map configuration is correct, enter this command: Router# show class-map Class Map match-all CLASSIFY-OTHER (id 1) Match access-group name CLASSIFY-OTHER 41-116 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 719
the different traffic types. The configuration was done with the MQC QoS policy syntax, which allows you to apply different marking or trust actions to the different traffic classes arriving on a port. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 41 - Cisco 7604 | Software Configuration Guide - Page 720
here) Cisco 7600 series router Ethernet modules also have input queue structures, but these are used less often, and because there probably will not be congestion within the switch fabric, this example does not include them. 41-118 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 721
: Router# show queueing interface gigabitethernet 5/1 | begin cos-map queue thresh cos-map 1 1 0 1 2 1 1 3 1 4 1 5 1 6 1 7 1 8 2 1 2 2 2 3 4 2 3 2 4 2 5 2 6 2 7 2 8 3 1 6 7 3 2 3 3 3 4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 722
not want to assign a high-bandwidth application (for example, FTP) to the strict priority queue because the FTP traffic could consume all of the bandwidth available to the port, starving the other traffic classes. 41-120 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 723
Cisco 7600 series router Ethernet ports, the supported rate-limiting method is called policing. Policing is implemented in the PFC hardware with no performance impact. A policer operates by allowing the traffic to flow freely as long as the traffic rate remains below the configured transmission rate - Cisco 7604 | Software Configuration Guide - Page 724
input command: interface FastEthernet5/1 service-policy input IPPHONE-PC To monitor the policing operation, use these commands: show policy-map interface fastethernet 5/1 show class-map show mls qos ip fastethernet 5/1 41-122 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 725
QoS reserves ingress and egress LAN port capacity for Layer 2 frames with high -priority Layer 2 CoS values. • Differentiated Services Code Point (DSCP) is a Layer 3 Data 3 bits for IP precedence • Labels-See QoS labels. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 726
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 41-124 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 727
chapter describes how to configure PFC3BXL or PFC3B mode Multiprotocol Label Switching (MPLS) quality of service (QoS) on the Cisco 7600 series routers. Note • For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS Master Command List, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 728
of setting a Layer 3 DSCP value in a packet. Marking is also the process of choosing different values for the MPLS EXP field to mark packets so that they have the priority that they require during periods of congestion. 42-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 729
trust state • Port CoS value • Policy-map trust command For received Layer service. Traffic classification is the primary component of class-based QoS provisioning. The PFC3BXL or PFC3B make classification decisions OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 730
one edge of a network to the other edge of the network. See the "MPLS DiffServ Tunneling Modes" section on page 42-32 for information. 42-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 731
1 • PE1-Service provider ingress label edge router (LER) • P1-Label switch router (LSR) within the core of the network of the service provider • P2-LSR within the core of the network of the service provider OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 732
ports. For information on OSMs, see the OSM Configuration Note, 12.2SX. For information on a FlexWAN or Enhanced FlexWAN module, see the FlexWAN and Enhanced FlexWAN Installation and Configuration service Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 733
in the core MPLS network or to an LER at the output edge. Note Within the service provider network, there is no IP precedence field for the queueing algorithm to use because the for an IP packet. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 42-7 - Cisco 7604 | Software Configuration Guide - Page 734
and egress lookup. The ternary content addressable memory (TCAM) egress lookup takes place after sections refer to QoS features for LAN ports, OSM ports, and FlexWAN ports. For details about how the different Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 735
on the original received IP using match commands for IP precedence, IP DSCP, and IP ACLs. Egress policies do not classify traffic on the imposed EXP value nor on a marking done by an ingress policy. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 42-9 - Cisco 7604 | Software Configuration Guide - Page 736
PFC3B assigns the marks or sets the EXP value command does not match on the EXP value in the topmost label. If the egress port is a trunk,the LAN ports and the OSM GE-WAN ports copy the egress CoS into the egress 802.1Q field. 42-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 737
on the PE-to-CE ingress, the PFC3BXL or PFC3B supports MPLS classification only. Ingress IP policies are not supported. PE-to-CE traffic from the MPLS core is classified or policed on egress as IP. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 42-11 - Cisco 7604 | Software Configuration Guide - Page 738
in the same output policy. If the egress port is a trunk, the LAN ports and OSM GE-WAN ports copy the egress CoS into the egress 802 supported because MPLS adjacency does not know which egress interface the final packet will use. 42-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 739
supports the following: • Per-EXP policing based on a service policy • Copying the input topmost EXP value into the newly imposed EXP value • Optional EXP mutation (changing mpls experimental command. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 42-13 - Cisco 7604 | Software Configuration Guide - Page 740
assigns the command • The set mpls experimental imposition, police, and police with set imposition commands PFC3BXL or PFC3B mode MPLS QoS at the egress of P1 or P2 supports matching with the mpls experimental topmost command. 42-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 741
. Enabled when PFC QoS is globally enabled 0 Enabled Disabled Port-based EXP 0 = DSCP 0 EXP 1 = DSCP 8 EXP 2 = DSCP 16 EXP 3 = DSCP 24 EXP 4 = DSCP 32 EXP 5 = DSCP 40 EXP 6 = DSCP 48 EXP 7 = DSCP 56 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 42-15 - Cisco 7604 | Software Configuration Guide - Page 742
there is a service policy with a set for EXP field Commands PFC3BXL or PFC3B MPLS QoS on the Cisco 7600 series routers supports the following MPLS QoS commands: • match mpls experimental topmost • set mpls experimental imposition 42-16 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 743
disabled, the EXP value is based on the underlying EXP value. - Popping one label when QoS is queuing only, the EXP value is based on the underlying EXP value. • EXP value is irrelevant to MPLS-to-IP disposition. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 744
on the router. Disables PFC QoS globally on the router. Exits configuration mode. Verifies the configuration. This example shows how to enable QoS globally: Router(config)# mls qos Router(config)# end Router# 42-18 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 745
is received through ports that cannot be configured to trust CoS. This example shows how to enable queueing-only mode: Router# configure terminal Router(config)# mls qos queueing-only Router(config)# end Router# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 746
topmost value Router(config-cmap)# exit Purpose Specifies the class map to which packets will be matched. Specifies the packet characteristics that will be matched to the class. Exits class-map configuration mode. 42-20 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 747
-By AgPoliced-By Id Id Fa3/27 5 In exp3 0 2 dscp 0 0 0 All 5 - Default 0 0* No 0 3466140423 0 Router# show policy-map interface fastethernet 3/27 FastEthernet3/27 Service-policy input: exp3 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 42-21 - Cisco 7604 | Software Configuration Guide - Page 748
the MPLS Packet Trust State on Ingress Ports You can use the no mls qos mpls trust exp command to apply port or policy trust to MPLS packets in the same way that you apply them to Layer 2 packets. 42-22 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 749
in QoS policy-map class configuration mode. To disable the setting, use the no form of this command. Note The set mpls experimental imposition command replaces the set mpls experimental command. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 42-23 - Cisco 7604 | Software Configuration Guide - Page 750
ip2tag Class iptcp set mpls experimental imposition 3 Router# show class-map iptcp Class Map match-all iptcp (id 62) Match access-group 101 Router# show access-l 101 Extended IP access list 101 10 permit tcp any any 42-24 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 751
result as when you mark the internal DSCP. • To set the pushed label entry value to a value different from the default value during label imposition, use the set mpls experimental imposition command. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 42-25 - Cisco 7604 | Software Configuration Guide - Page 752
-c)# police 1000000 1000000 c set-mpls-exp-imposit 3 e d Router(config-pmap-c)# exit Router(config-pmap)# exit Router(config)# interface fastethernet 3/27 Router(config-if)# ser in ip2tag Router(config-if)# 42-26 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 753
Mod - switch module) Int Mod Dir Class-map DSCP Agg Trust Fl AgForward-By AgPoliced-By Id Id Fa3/27 5 In iptcp 24 2 No 0 0 0 Vl300 5 In x 44 1 No 0 0 0 All 5 - Default 0 0* No 0 3468161522 0 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 754
(* - shared aggregates, Mod - switch module) Int Mod Dir Class-map DSCP Agg Trust Fl AgForward-By AgPoliced-By Id Id Fa3/27 5 In exp3 0 2 dscp 0 0 0 All 5 - Default 0 0* No 0 3466140423 0 42-28 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 755
: Router# show policy interface fastethernet 3/27 FastEthernet3/27 Service-policy input: ip2tag class-map: iptcp (match-all) Match: access-group 101 police : 1000000 bps 1000000 limit 1000000 extended limit Earl in slot 5 : 0 bytes 5 minute offered rate 0 bps aggregate-forwarded 0 bytes action: set - Cisco 7604 | Software Configuration Guide - Page 756
tengigabitethernet This example shows how to attach the egress EXP mutation map named mutemap2: Router(config)# interface fastethernet 3/26 Router(config-if)# mls qos exp-mutation mutemap2 Router(config-if)# end 42-30 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 757
default map. Exits configuration mode. Verifies the configuration. This example shows how to configure a named egress-DSCP to egress-EXP map: Router(config)# mls qos map dscp-exp 20 25 to 3 Router(config)# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 758
an egress IP policy (based on the customer's PHB marking and not on the provider's PHB marking) automatically implies the Short Pipe mode. 42-32 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 759
or recolors the PHB of a packet, that change must be propagated to all encapsulation markings. The propagation is performed by a router only when a PHB is added or exposed due to label imposition or OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 42-33 - Cisco 7604 | Software Configuration Guide - Page 760
arrive in the MPLS network at PE1, the service provider edge router. 2. A label is copied onto the packet. , the IP precedence or DSCP value is set to the last changed EXP value in the core. The following Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 761
ingress LAN or OSM port must be untrusted. FlexWAN ports do not have the trust concept, but, as with traditional Cisco IOS routers, the ingress ToS is not changed (unless a marking policy is configured). OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 42 - Cisco 7604 | Software Configuration Guide - Page 762
Router(config-if)# service-policy input set-MPLS-PHB Configuring Ingress PE Router-P Facing Interface This procedure classifies packets based on their MPLS EXP field and provides appropriate discard and scheduling treatments. 42-36 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 763
config-p-map-c)# bandwidth percent 40 Router(config-p-map)# class class-default Router(config-p-map-c)# random-detect Router(config)# interface pos 4/1 Router(config-if)# service-policy output output-qos OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 42 - Cisco 7604 | Software Configuration Guide - Page 764
config-p-map-c)# bandwidth percent 40 Router(config-p-map)# class class-default Router(config-p-map-c)# random-detect Router(config)# interface pos 2/1 Router(config-if)# service-policy output output-qos 42-38 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 765
-p-map-c)# bandwidth percent 40 Router(config-p-map)# class class-default Router(config-p-map-c)# random-detect Router(config)# interface GE-WAN 3/2.32 Router(config-if)# service-policy output output-qos OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 42 - Cisco 7604 | Software Configuration Guide - Page 766
the rate limit specified in the SLA. Selects an interface to configure. Configures received DSCP as the basis of the internal DSCP for all the port's ingress traffic. Attaches the policy map created in step 5 to the interface as an input service policy. 42-40 Cisco 7600 Series Router Cisco IOS - Cisco 7604 | Software Configuration Guide - Page 767
a QoS policy to an interface and specifies that policies should be applied on packets leaving the interface. Note The bandwidth command and random-detect command are not supported on LAN ports. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 42-41 - Cisco 7604 | Software Configuration Guide - Page 768
a QoS policy to an interface and specifies that policies should be applied on packets coming into the interface. Note The bandwidth command and random-detect command are not supported on LAN ports. 42-42 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 769
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 770
Configuring Uniform Mode Chapter 42 Configuring PFC3BXL or PFC3B Mode MPLS QoS 42-44 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 771
feature is disabled by default for all ports and all aggregate policers configured on the Cisco 7600 series router. Note The PFC QoS statistics data export feature is completely separate from NetFlow Data Export and does not interact with it. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software - Cisco 7604 | Software Configuration Guide - Page 772
Verifies the configuration. This example shows how to enable PFC QoS statistics data export globally and verify the configuration: Router# configure terminal Router(config)# mls qos statistics-export Router(config)# end 43-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 773
on a port, PFC QoS statistics data export contains the following fields, separated by the delimiter character: • Export type ("1" for a port) • Slot/port • Number of ingress packets • Number of ingress bytes OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 774
policer) • Aggregate policer name • Direction ("in") • PFC or DFC slot number • Number of in-profile bytes • Number of bytes that exceed the CIR • Number of bytes that exceed the PIR • Time stamp 43-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 775
type ("4" for a classmap and port) - Class map name - Direction ("in") - Slot/port - Number of in-profile bytes - Number of bytes that exceed the CIR - Number of bytes that exceed the PIR - Time stamp OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 43-5 - Cisco 7604 | Software Configuration Guide - Page 776
. This example shows how to set the PFC QoS statistics data export interval and verify the configuration: Router# configure terminal Router(config)# mls qos statistics-export interval 250 Router(config)# end 43-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 777
enabled on following class-maps class3 Router# Configuring PFC QoS Statistics Data Export Destination Host and UDP Port To configure the PFC QoS statistics data export destination host and UDP port number, perform this task: Step 1 Step 2 Step 3 Command Router(config)# mls qos statistics-export - Cisco 7604 | Software Configuration Guide - Page 778
Export is enabled on following ports FastEthernet5/24 QoS Statistics Data export is enabled on following shared aggregate policers aggr1M QoS Statistics Data Export is enabled on following class-maps class3 43-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 779
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 780
Configuring PFC QoS Statistics Data Export Chapter 43 Configuring PFC QoS Statistics Data Export 43-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 781
(including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html Cisco IOS Firewall Feature Set Support Overview The firewall feature set images support these Cisco - Cisco 7604 | Software Configuration Guide - Page 782
• User authentication and authorization Note Cisco 7600 series routers support the Intrusion Detection System Module (IDSM) (WS-X6381-IDS). Cisco 7600 series routers do not support the Cisco IOS firewall IDS feature, which is configured with the ip audit command. Cisco IOS Firewall Guidelines and - Cisco 7604 | Software Configuration Guide - Page 783
ACTIVE. If PFC resources are exhausted, the command displays the word "BRIDGE" followed by the number of currently active NetFlow requests that failed, which have been sent to the MSFC for processing. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 44-3 - Cisco 7604 | Software Configuration Guide - Page 784
Set Tip For additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 44-4 Cisco 7600 Series Router Cisco IOS Software Configuration - Cisco 7604 | Software Configuration Guide - Page 785
Network Admission Control This chapter describes how to configure Network Admission Control (NAC) on Cisco 7600 series routers. With a PFC3, Release 12.2(18)SXF2 and later releases support NAC. Note For complete syntax and usage information for the commands used in this chapter, refer to these - Cisco 7604 | Software Configuration Guide - Page 786
access policy. The remediation server is where the latest antivirus files are located. These antivirus files can be downloaded or upgraded from this location. 45-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 787
Access Control Server (ACS) Version 4.0 or later with RADIUS, authentication, authorization, and accounting (AAA), and EAP extensions. The authentication server is also referred to as the posture server. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 788
Switch Cisco Secure ACS IP phone PC IP Network Access Device Authentication Server (RADIUS) Clients running the Cisco Trust Agent software These sections describe NAC Layer 2 IP validation: • Posture Validation, page 45-5 45-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 789
• Cisco Secure ACS and AV Pairs, page 45-7 • Audit Servers, page 45-7 • ACLs, page 45-8 • NAC Timers, page 45-8 • NAC Layer 2 IP Validation and Redundant Supervisor Engines, page 45-11 Posture Validation NAC Layer 2 IP supports the posture validation of multiple hosts on the same switch port, as - Cisco 7604 | Software Configuration Guide - Page 790
RADIUS Attribute-Value objects. Note If a DHCP snooping binding entry for a client is deleted, the switch removes the client entry in the session table, and the client is no longer authenticated. 45-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 791
occurs because Cisco IOS on the switch the HTTP server can either listen to the HTTP port or to the HTTPS port but cannot listen to both at the same time. For more information about AV pairs that are supported by Cisco IOS software, see the ACS configuration and command reference documentation - Cisco 7604 | Software Configuration Guide - Page 792
the policy already configured on the host. If the default port ACL is not configured on the switch, the switch can still apply the downloadable ACL from the Cisco Secure ACS. The switch supports these timers: 45-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 793
switch detected the host • Host state that is set to ACTIVE when the host is detected If NAC Layer 2 IP validation is enabled on an interface, adding an entry to the IP device tracking table initiates posture validation. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 794
(Attribute[29]) in the Access-Accept message from the Cisco Secure ACS running AAA. If the switch gets the Session-Timeout value, this value overrides the revalidation timer value on the switch. 45-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 795
sends a message to the switch that the posture has changed, the switch revalidates the posture of the host. NAC Layer 2 IP Validation and Redundant Supervisor Engines On Cisco 7600 series routers with redundant supervisor engines, when RPR mode redundancy is configured, a switchover causes the loss - Cisco 7604 | Software Configuration Guide - Page 796
be spanned using the SPAN feature. • A denial-of-service attack might occur if the switch receives many ARP packets with different source IP addresses. To avoid this problem, you must configure the IP admission MLS rate-limiting feature using the mls rate-limit layer2 ip-admission command. • If - Cisco 7604 | Software Configuration Guide - Page 797
the rule name. To remove the IP NAC rule on the switch, use the no ip admission name rule-name eapoudp global configuration command. Enables the rate limiting of the IP admission traffic to the CPU. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 45-13 - Cisco 7604 | Software Configuration Guide - Page 798
no aaa authentication eou default global configuration command. Enables the IP device tracking table. To disable the IP device tracking table, use the no device tracking global configuration command. 45-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 799
-Sets the number of seconds that the switch waits before resending the ARP probe. The range is from 30 to 300 seconds. The default is 30 seconds. (Optional) Enables EAPoUDP system logging events. Returns to privileged EXEC mode. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration - Cisco 7604 | Software Configuration Guide - Page 800
attribute, use the no radius-server attribute 8 include-in-access-req global configuration command. To disable the logging of EAPoUDP system events, use the no eou logging global configuration command. To clear all NAC client device entries on the switch or on the specified interface, use the clear - Cisco 7604 | Software Configuration Guide - Page 801
mac_address | posturetoken name} Router# copy running-config startup-config Purpose Enters global configuration mode. Specifies EAPoUDP values. For more information about the allow, default, logging, max-retry, port, rate-limit, revalidate, and timeout keywords, see the command reference for this - Cisco 7604 | Software Configuration Guide - Page 802
to sessions, when the AAA server is unreachable. To remove the rule on the switch, use the no ip admission name rule-name eapoudp event timeout aaa policy identity global configuration command. 45-18 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 803
5. The default is 3. • interval interval-Sets the number of seconds that the switch waits for a response before resending the ARP probe. The range is from 30 to 300 seconds. The default is 30 seconds. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 45-19 - Cisco 7604 | Software Configuration Guide - Page 804
Optional) Saves your entries in the configuration file. The following example illustrates how to apply a AAA down policy: Router# config t Enter configuration commands, one per line. End with CNTL/Z. 45-20 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 805
include-in-access-req radius-server host 40.0.0.4 auth-port 1645 acct-port 1646 test username administrator idle-time 1 key cisco radius-server vsa send authentication Router# show ip admission configuration -08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 45-21 - Cisco 7604 | Software Configuration Guide - Page 806
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 45-22 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 807
allows only Extensible Authentication Protocol over LAN (EAPOL) traffic through the port to which the client is connected. After authentication is successful, normal traffic can pass through the port. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 46-1 - Cisco 7604 | Software Configuration Guide - Page 808
, and relaying a response to the client. The router includes the RADIUS client, which is responsible for encapsulating and decapsulating the EAP frames and interacting with the authentication server. 46-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 809
The specific exchange of EAP frames depends on the authentication method being used. Figure 46-2 shows a message exchange initiated by the client using the One-Time-Password (OTP) authentication method with a RADIUS server. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 810
state, allowing only EAPOL frames to be sent and received through the port. The authentication process begins when the link state of the port transitions from down to up or when an EAPOL-start 46-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 811
, and the wireless access point acts as a client to the router. Figure 46-3 Wireless LAN Example Wireless clients Access point Catalyst switch or Cisco Router Authentication server (RADIUS) 79550 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 46-5 - Cisco 7604 | Software Configuration Guide - Page 812
before any other Layer 2 or Layer 3 features are enabled. • The 802.1X protocol is supported on both Layer 2 static-access ports and Layer 3 routed ports, but it is not supported on these port types: 46-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 813
authentication fails at any point in this cycle, the authentication process stops, and no other authentication methods are attempted. To configure 802.1X port-based authentication, perform this task: OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 46-7 - Cisco 7604 | Software Configuration Guide - Page 814
Router(config)# interface fastethernet 5/1 Router(config-if)# dot1x port-control auto Router(config-if)# end This example shows how to verify the configuration: Router# show dot1x all Dot1x Info for interface FastEthernet5/1 46-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 815
the following information: • For hostname or ip_address, specify the host name or IP address of the remote RADIUS server. • Specify the key string on a separate command line. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 46-9 - Cisco 7604 | Software Configuration Guide - Page 816
connected to a specific port, see the "Manually Reauthenticating the Client Connected to a Port" section on page 46-11. To enable periodic reauthentication of the client and to configure the number of seconds between reauthentication attempts, perform this task: Step 1 Step 2 Command Router(config - Cisco 7604 | Software Configuration Guide - Page 817
Initializing authentication disables any existing authentication before authenticating the client connected to the port. To initialize the authentication for the client connected to a port, perform this task: OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 818
frame. Note You should change the default value of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers. 46-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 819
gigabitethernet, or tengigabitethernet This example shows how to set the router-to-client retransmission time for the EAP-request frame to 25 seconds: Router(config-if)# dot1x timeout supp-timeout 25 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 46-13 - Cisco 7604 | Software Configuration Guide - Page 820
circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers. To set the router-to-client frame retransmission number, perform this task: Command Step 1 Router(config)# interface type1 slot/port Step 2 Router(config-if)# dot1x max-req count - Cisco 7604 | Software Configuration Guide - Page 821
Step 1 Step 2 Command Router(config)# interface type1 slot/port Router(config-if)# dot1x default Purpose Selects an interface to configure. Resets the configurable 802.1X parameters to the default values. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 822
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 46-16 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 823
, page 47-3 • Configuring Port Security, page 47-4 • Displaying Port Security Settings, page 47-13 Tip For additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368 - Cisco 7604 | Software Configuration Guide - Page 824
Security" section on page 47-4. To ensure that an attached device has the full bandwidth of the port, set the maximum number of addresses to one and configure the MAC address of the attached device. 47-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 825
18)SXE, port security does not support PVLAN ports. • With Release 12.2(18)SXE and later releases, port security supports nonnegotiating trunks. - Port security only supports trunks configured with these commands: OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 826
Number of Secure MAC Addresses on a Port, page 47-9 • Enabling Port Security with Sticky MAC Addresses on a Port, page 47-10 • Configuring a Static Secure MAC Address on a Port, page 47-11 • Configuring Secure MAC Address Aging on a Port, page 47-12 47-4 Cisco 7600 Series Router Cisco IOS Software - Cisco 7604 | Software Configuration Guide - Page 827
(config-if)# switchport nonegotiate Router(config-if)# switchport port-security Router(config-if)# do show port-security interface fastethernet 5/36 | include Port Security Port Security : Enabled OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 47 - Cisco 7604 | Software Configuration Guide - Page 828
do show port-security interface type1 slot/port | include violation_mode2 Verifies the configuration. 1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet 2. violation_mode = protect, restrict, or shutdown 47-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 829
5/12 | include Restrict Violation Mode : Restrict Configuring the Port Security Rate Limiter Note • The PFC2 does not support the port security rate limiter. • The truncated switching mode does not support the port security rate limiter. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software - Cisco 7604 | Software Configuration Guide - Page 830
commands, one per line. End with CNTL/Z. Router(config)# mls rate-limit layer2 port-security 1000 Router(config)# end This example shows how to verify the configuration: Router# show mls rate-limit | include PORTSEC LAYER_2 PORTSEC On 1000 1 Not sharing 47-8 Cisco 7600 Series Router Cisco - Cisco 7604 | Software Configuration Guide - Page 831
)# interface fastethernet 3/12 Router(config-if)# switchport port-security maximum 64 Router(config-if)# do show port-security interface fastethernet 5/12 | include Maximum Maximum MAC Addresses : 64 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 47 - Cisco 7604 | Software Configuration Guide - Page 832
Fast Ethernet port 5/12: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface fastethernet 5/12 Router(config-if)# switchport port-security mac-address sticky 47-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 833
-address 1000.2000.3000 Router(config-if)# end Router# show port-security address Secure Mac Address Table Vlan ---- 1 Mac Address ----------1000.2000.3000 Type ---SecureConfigured Ports ----- Fa5/12 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 834
)# interface fastethernet 5/12 Router(config-if)# switchport port-security aging type inactivity Router(config-if)# do show port-security interface fastethernet 5/12 | include Type Aging Type : Inactivity 47-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 835
Ethernet Port 5/1: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface fastethernet 5/1 Router(config-if)# switchport port-security aging time 120 Router(config-if)# do show port-security interface fastethernet 5/12 | include Time - Cisco 7604 | Software Configuration Guide - Page 836
Addresses limit in System: 128 Tip For additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 47-14 Cisco 7600 Series Router Cisco - Cisco 7604 | Software Configuration Guide - Page 837
information about how to configure Cisco Discovery Protocol (CDP) on the Cisco 7600 series routers, which supplements the information in these publications: • The Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.2, "System Management," "Configuring Cisco Discovery Protocol (CDP - Cisco 7604 | Software Configuration Guide - Page 838
120 seconds Sending a holdtime value of 180 seconds Sending CDPv2 advertisements is enabled Router# For additional CDP show commands, see the "Monitoring and Maintaining CDP" section on page 48-3. 48-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 839
CDP on a Port To enable CDP on a port, perform this task: Step 1 Step 2 Command Router(config)# interface {{type1 slot/port} | {port-channel number}} Router(config-if)# cdp enable Purpose Selects the port to configure. Enables CDP on the port. Router(config-if)# no cdp enable Disables CDP on - Cisco 7604 | Software Configuration Guide - Page 840
additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 48-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 841
exists. When a unidirectional link is detected, UDLD shuts down the affected LAN port and alerts the user. Unidirectional links can cause a variety of problems, including spanning tree topology loops. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 49-1 - Cisco 7604 | Software Configuration Guide - Page 842
link that has a UDLD neighbor relationship established stops receiving UDLD packets, UDLD tries to reestablish the connection with the neighbor. After eight failed retries, the port is disabled. 49-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 843
page 49-5 • Displaying UDLD Neighbor Interfaces, page 49-5 • Resetting Disabled LAN Interfaces, page 49-5 Enabling UDLD Globally To enable UDLD globally on all fiber-optic LAN ports, perform this task: OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 49-3 - Cisco 7604 | Software Configuration Guide - Page 844
command setting. Step 3 Router# show udld type1 slot/number Note This command is only supported on fiber-optic LAN ports. Verifies the configuration. 1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet 49-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 845
neighbors. Resetting Disabled LAN Interfaces To reset all LAN ports that have been shut down by UDLD, perform this task: Command Router# udld reset Purpose Resets all LAN ports that have been shut down by UDLD. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 846
additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 49-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 847
These sections describe how NetFlow works: • NetFlow Overview, page 50-2 • NetFlow on the MSFC, page 50-2 • NetFlow on the PFC, page 50-3 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 50-1 - Cisco 7604 | Software Configuration Guide - Page 848
impact supervisor engine and MSFC processor usage, so NetFlow provides configuration options to control the volume of statistics. These options include the following: • NetFlow flow masks determine the granularity of the flows to be measured. Very specific flow masks generate a large number of - Cisco 7604 | Software Configuration Guide - Page 849
exist per source IP address, so the NetFlow table can become very large. See the "NetFlow Configuration Guidelines and Restrictions" section on page 50-5 for information about NetFlow table capacity. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 50-3 - Cisco 7604 | Software Configuration Guide - Page 850
feature is required. • Pay attention to response messages. If the Feature Manager turns off hardware assist for a feature, you need to ensure that feature processing does not overload the RP processor. 50-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 851
, there is an increased probability that there will be insufficient room to store statistics. Table 50-3 lists the recommended maximum utilization levels. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 50-5 - Cisco 7604 | Software Configuration Guide - Page 852
the PFC. Table 50-4 Summary of PFC NetFlow commands Command mls netflow mls flow ip mls aging Purpose Enables NetFlow on the PFC. Sets the minimum flow mask. Sets the configurable aging parameters. 50-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 853
ip Purpose Sets the minimum IP MLS flow mask for the protocol. Reverts to the default IP MLS flow mask (null). This example shows how to set the minimum IP MLS flow mask: Router(config)# mls flow ip destination OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 854
time, perform this task: Command Router(config)# mls aging {fast [threshold {1-128} | time {1-128}] | long 64-1920 | normal 32-4092} Purpose Configures the MLS aging time for a NetFlow table entry. 50-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 855
Switching Cache, 278544 bytes 2 active, 4094 inactive, 6 added 236 ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds Dst If Dst Prefix Msk AS Flows Pkts B/Pk Active OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 856
on the MSFC, page 50-11 • Configuring NetFlow Aggregation on the MSFC, page 50-11 • Enabling NetFlow for Ingress-Bridged IP Traffic, page 50-12 • Enabling NetFlow for Multicast IP Traffic, page 50-13 50-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 857
enabled by default. Configuring NetFlow Aggregation on the MSFC For information on configuring NetFlow aggregation on the MSFC, refer to the following documentation: Cisco IOS netFlow Configuration Guide. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 858
example shows how to enable NetFlow for ingress-bridged IP traffic in VLAN 200: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# ip flow ingress layer2-switched vlan 200 50-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 859
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 860
Configuring NetFlow Chapter 50 Configuring NetFlow 50-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 861
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 862
. Release 12.2(18)SXF and later releases support NetFlow version 9, described in this document: Cisco IOS NetFlow Configuration Guide. NetFlow version 9 record formats are described in this document: 51-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 863
are blank when you use the show command to display the hardware NetFlow table. NDE Versions Release 12.2(18)SXF and later releases support NetFlow version 9. NDE exports the ANCS interface. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 51-3 - Cisco 7604 | Software Configuration Guide - Page 864
Number of flows exported in this packet (1-30) Current time in milliseconds since router booted Current seconds since 0000 UTC 1970 Residual nanoseconds since 0000 UTC 1970 Sequence counter of total flows seen Unused (zero) bytes 51-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 865
policy-based routing is configured. 4. In PFC3BXL or PFC3B mode, for ICMP traffic, contains the ICMP code and type values. 5. Always zero for hardware-switched flows. 6. Populated in PFC3BXL or PFC3B mode. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 866
or PFC3B mode, for ICMP traffic, contains the ICMP code and type values. 5. Always zero for hardware-switched flows. 6. Populated with Release 12.2(17b)SXA and later releases in PFC3BXL or PFC3B mode. 51-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 867
by reducing the number of packets that are analyzed (sampled) by NetFlow. The reduction in the number of packets sampled by NetFlow on platforms that perform software based NetFlow accounting also reduces OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 868
value replaces the aging schemes such as fast, normal, long aging for expiring flows from the cache. The command syntax for configuring packet-based NetFlow flow sampling is: mls sampling packet-based rate [interval]. 51-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 869
1 in 1024 1 in 2048 1 in 4096 1 in 8192 Sampling Time in Milliseconds (Not Configurable) 64 32 16 8 4 4 4 4 Export Interval Milliseconds (Not Configurable) 4096 4096 4096 4096 4096 8192 16384 32768 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 51-9 - Cisco 7604 | Software Configuration Guide - Page 870
You must enable NDE on the MSFC to support NDE on the PFC. • When you configure NAT and NDE on an interface, the PFC sends all fragmented packets to the MSFC to be processed in software. (CSCdz51590) 51-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 871
.html This example shows how to enable NDE from the PFC: Router(config)# mls nde sender This example shows how to enable NDE from the PFC and configure NDE version 5: Router(config)# mls nde sender version 5 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 872
, and 8192. • The valid values for the packet-based export interval are from 8,000 through 16,000. • With a PFC3, to export any data, you must also configure sampled NetFlow on a Layer 3 interface. 51-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 873
MSFC, perform this task: Command Purpose Router(config)# ip flow-export source {{vlan vlan_ID} Configures the interface used as the source of the NDE | {type slot/port} | {port-channel number} | packets containing statistics from the MSFC. {loopback number}} Router(config)# no ip flow-export - Cisco 7604 | Software Configuration Guide - Page 874
in NVRAM and are preserved if NDE is disabled and reenabled or if the router is power cycled. If you are using the NetFlow FlowCollector application for data collection, verify that the UDP port number you configure is the same port number shown in the FlowCollector's /opt/csconfc/config/nfconfig - Cisco 7604 | Software Configuration Guide - Page 875
.12.245 (9999) Exporting flows from 10.6.58.7 (55425) Version: 7 Include Filter not configured Exclude Filter is: source: ip address 11.1.1.0, mask 255.255.255.0 Total Netflow Data Export Packets are: OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 51-15 - Cisco 7604 | Software Configuration Guide - Page 876
not cleared when NDE is disabled. To display the configuration of the NDE flow filters you configure, use the show mls nde command described in the "Displaying the NDE Configuration" section on page 51-18. 51-16 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 877
} Clears port filter configuration. This example shows how to configure a host flow filter to export only flows to destination host 172.20.52.37: Router(config)# mls nde flow include destination 172.20.52.37 255.255.255.225 Router(config)# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software - Cisco 7604 | Software Configuration Guide - Page 878
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 51-18 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 879
, and ERSPAN This chapter describes how to configure local Switched Port Analyzer (SPAN), remote SPAN (RSPAN), and Encapsulated RSPAN (ERSPAN) on the Cisco 7600 series routers. With a PFC3, Release 12.2(18)SXE and later releases support ERSPAN (see the "ERSPAN Guidelines and Restrictions" section - Cisco 7604 | Software Configuration Guide - Page 880
attached to Ethernet port 5. Figure 52-1 Example SPAN Configuration Port 5 traffic mirrored 1 2 3 4 5 6 7 8 9 10 11 12 on port 10 E6 E7 E5 E8 E4 E9 E11 E12 E3 E10 E2 E1 Network analyzer S6884 52-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 881
2 trunk C3 Switch C C1 C2 Layer 2 trunk D2 Probe Layer 2 trunk Destination switch (data center) Intermediate switch (distribution) A3 Switch A A1 A2 B4 B1 B2 B3 Switch B Source switch(es) (access) 27389 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 882
switch(es) (access) 120377 Monitored Traffic These sections describe the traffic that local SPAN, RSPAN, and ERSPAN can monitor: • Monitored Traffic Direction, page 52-5 • Monitored Traffic, page 52-5 • Duplicate Traffic, page 52-5 52-4 Cisco 7600 Series Router Cisco IOS Software Configuration - Cisco 7604 | Software Configuration Guide - Page 883
from a source trunk port. Source VLANs A source VLAN is a VLAN monitored for traffic analysis. VLAN-based SPAN (VSPAN) uses a VLAN as the SPAN source. All the ports in the source VLANs become source ports. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 884
VACL capture. Before enabling SPAN, carefully evaluate the SPAN source traffic rates, and consider the performance implications and possible oversubscription points, which include these: • SPAN destination 52-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 885
Guard, Root Guard, Loop Guard) - VLAN trunk protocol (VTP) - Dynamic trunking protocol (DTP) - IEEE 802.1Q tunneling Note SPAN destination ports can participate in IEEE 802.3Z Flow Control. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 52-7 - Cisco 7604 | Software Configuration Guide - Page 886
Source Session Session - 1 In Each ERSPAN Destination Session - 128 128 - - 64 64 128 128 - - 1 RSPAN VLAN 1 IP address 1 RSPAN VLAN 1 IP address 64 64 52-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 887
128 128 later releases RSPAN destination session source - - Destinations per session 64 1 RSPAN VLAN In Each RSPAN Destination Session - - 1 RSPAN VLAN 64 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 52-9 - Cisco 7604 | Software Configuration Guide - Page 888
used by the Layer 3 LAN port. • Local SPAN sessions, RSPAN source sessions, and ERSPAN source sessions do not copy locally sourced RSPAN VLAN traffic from source trunk ports that carry RSPAN VLANs. 52-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 889
device. • Networks impose no limit on the number of RSPAN VLANs that the networks carry. • Intermediate network devices might impose limits on the number of RSPAN VLANs that they can support. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 52-11 - Cisco 7604 | Software Configuration Guide - Page 890
asic-version slot 1 | include ASIC|HYPERION Module in slot 1 has 2 type(s) of ASICs ASIC Name Count Version HYPERION 1 (6.0) Hyperion version 2.0 and higher supports ERSPAN. • Supervisor engine 2 does not support ERSPAN. 52-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 891
and destination sessions with the ip address command. • The ERSPAN ID differentiates the ERSPAN traffic arriving at the same destination IP address from various different ERSPAN source sessions. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 52-13 - Cisco 7604 | Software Configuration Guide - Page 892
5/1-4, gigabitethernet 6/1 This example shows how to verify the configuration: Router(config)# do show monitor permit-list SPAN Permit-list :Admin Enabled Permit-list ports :Gi5/1-4,Gi6/1 52-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 893
, you must configure the destination port to trunk unconditionally before you configure it as a destination (see the "Configuring a Destination Port as an Unconditional Trunk" section on page 52-24). OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 52-15 - Cisco 7604 | Software Configuration Guide - Page 894
in a comma-separated list (do not enter space characters). Configures the VLAN as an RSPAN VLAN. Clears the RSPAN VLAN configuration. Updates the VLAN database and returns to privileged EXEC mode. 52-16 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 895
-last_session_number. Note In the no monitor session range command, do not enter spaces before or after the dash. If you enter multiple ranges, do not enter spaces before or after the commas. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 52-17 - Cisco 7604 | Software Configuration Guide - Page 896
, you must enter a space before and after the dash. • interface_range is interface type slot/first_port - last_port. • mixed_interface_list is, in any order, single_interface , interface_range , ... 52-18 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 897
mode for the session. Clears the monitor configuration. (Optional) Describes the ERSPAN source session. (Default) Inactivates the ERSPAN source session. Activates the ERSPAN source session. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 52-19 - Cisco 7604 | Software Configuration Guide - Page 898
after the description command. • ERSPAN_source_span_session_number can range from 1 to 66. • single_interface is interface type slot/port; type is ethernet, fastethernet, gigabitethernet, or tengigabitethernet. 52-20 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 899
ip address 10.1.1.1 Router(config-mon-erspan-src-dst)# origin ip address 20.1.1.1 Router(config-mon-erspan-src-dst)# erspan-id 101 For additional examples, see the "Configuration Examples" section on page 52-27. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 900
that you entered in the "Configuring ERSPAN Source Sessions" section on page 52-19, Step 8. Configures the ID number used by the destination and slot/port; type is ethernet, fastethernet, gigabitethernet, or tengigabitethernet. 52-22 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 901
config-erspan-dst)# source Router(config-erspan-dst-src)# ip address 10.1.1.1 Router(config-erspan-dst-src)# erspan-id 101 For additional examples, see the "Configuration Examples" section on page 52-27. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 52 - Cisco 7604 | Software Configuration Guide - Page 902
mode trunk Configures the port to trunk unconditionally. Step 6 Router(config-if)# switchport nonegotiate Configures the trunk not to use DTP. 1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet 52-24 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 903
GigabitEthernet1/1 description SPAN destination interface for VLAN 10 no ip address switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 10 switchport mode trunk switchport nonegotiate OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 904
session command. This example shows how to verify the configuration of session 2: Router# show monitor session 2 Session 2 -----------Type : Remote Source Session Source Ports: RX Only: Dest RSPAN VLAN: Router# Fa3/1 901 52-26 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 905
, 2/3 This example shows the configuration of ERSPAN source session 12: monitor session 12 type erspan-source description SOURCE_SESSION_FOR_VRF_GRAY source interface Gi8/48 rx destination erspan-id 120 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 52 - Cisco 7604 | Software Configuration Guide - Page 906
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 52-28 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 907
(including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ which eliminates the need to poll interfaces. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 53-1 - Cisco 7604 | Software Configuration Guide - Page 908
-server ifindex persist Purpose Globally disables SNMP ifIndex persistence. In the following example, SNMP ifIndex persistence is disabled for all interfaces: router(config)# no snmp-server ifindex persist 53-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 909
you are using. Clears any interface-specific SNMP ifIndex persistence configuration for the specified interface and returns to the global configuration setting. Exits interface configuration mode. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 53-3 - Cisco 7604 | Software Configuration Guide - Page 910
additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 53-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 911
System Power Status, page 54-4 • Power Cycling Modules, page 54-5 • Determining System Power Requirements, page 54-5 • Determining System Hardware Capacity, page 54-5 • Determining Sensor Temperature Threshold, page 54-8 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 912
power supplies, both power supplies must be of the same wattage. The Cisco 7600 series routers allow you to use both AC-input and DC-input power supplies in the same chassis. For detailed information on supported power supply configurations, refer to the Cisco 7600 Series Router Installation Guide - Cisco 7604 | Software Configuration Guide - Page 913
2 Command Router# configure terminal Router(config)# power enable module slot_number Router(config)# no power enable module slot_number Purpose Enters global configuration mode. Powers a module on. Powers a module off. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 914
2.69 112.98 2.69 on on Router# You can view the current power status of a specific power supply by entering the show power command as follows: Router# show power status power-supply 2 Power-Capacity PS-Fan Output Oper PS Type Watts A @42V Status Status State 1 WS-CAC-6000W 2672.04 63.62 - Cisco 7604 | Software Configuration Guide - Page 915
have configuration limitations depending on the size of chassis and type of modules installed. For information about power consumption, refer to the Release Notes for Cisco IOS Release 12.2SX on the Supervisor Engine 720, Supervisor Engine 32, and Supervisor Engine 2. Determining System Hardware - Cisco 7604 | Software Configuration Guide - Page 916
Power Management and Environmental Monitoring 1 SP Rx: Tx: 7 Rx: Tx: 8 Rx: Tx: Router# 34 101627 0 39 115417 0 5 10358 0 8 18543 0 5 12130 0 10 20317 0 This example shows how to display the current and peak switching utilization: Router# show platform hardware capacity - Cisco 7604 | Software Configuration Guide - Page 917
, 0 used Type Used Local 0 RSPAN source 0 ERSPAN source 0 Service module 0 Destination sessions: 64 maximum, 0 used Type Used RSPAN destination 0 ERSPAN destination (max 24) 0 Router# OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 54-7 - Cisco 7604 | Software Configuration Guide - Page 918
key system resources: Router# show platform hardware capacity systems System Resources PFC operating mode: PFC3BXL Supervisor redundancy mode: administratively rpr-plus, operationally rpr-plus Switching Resources: Module Part number Series CEF mode 5 WS-SUP720-BASE supervisor CEF 9 WS - Cisco 7604 | Software Configuration Guide - Page 919
major alarm EARL 1 inlet temperature: N/O threshold #1 for EARL 1 inlet temperature: (sensor value > 50) is system minor alarm threshold #2 for EARL 1 inlet temperature: (sensor value > 65) is system major alarm Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 54-9 - Cisco 7604 | Software Configuration Guide - Page 920
module 9 cooling requirement: 30 cfm Router# show environment status backplane: operating clock count: 2 operating VTT count: 3 fan-tray 1: fan-tray 1 type: WS-9SLOT-FAN fan-tray 1 fan-fail: OK VTT 1: 54-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 921
a critical problem that could lead to the system being shut down. Minor alarms are for informational purposes only, giving you notice of a problem that could turn critical if corrective action is not taken. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 922
on the failed supervisor engine. If there is no redundant supervisor, the SYSTEM LED is red also. 4. See the "Understanding How Power Management Works" section on page 54-1 for instructions. Tip For additional information (including configuration examples and troubleshooting information), see the - Cisco 7604 | Software Configuration Guide - Page 923
switching, run during bootup, line card online insertion and removal (OIR), and system reset. The nondisruptive online diagnostic tests run as part of background health monitoring or at the user's request (on-demand). OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 924
diagnostic level: Router(config)# diagnostic bootup level complete Router(config)# This example shows how to display the bootup online diagnostic level: Router(config)# do show diagnostic bootup level Router(config)# 55-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 925
or to stop the test after a specific number of failures occur by using the failure count setting. You can configure a test to run multiple times using the iteration setting. You should run packet-switching tests before memory tests. Note Do not use the diagnostic start all command until all of the - Cisco 7604 | Software Configuration Guide - Page 926
{daily hh:mm} | {weekly day_of_week hh:mm} Purpose Schedules on-demand diagnostic tests for a specific date and time, how many times to run (iterations), and what action to take when errors are found. 55-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 927
specified tests . The no form of this command will change the interval to the default interval, or zero. Enables or disables health-monitoring diagnostic tests. This example shows how to configure the specified test to run every two minutes: Router(config)# diagnostic monitor interval module 1 test - Cisco 7604 | Software Configuration Guide - Page 928
When you issure the command to reload the switch, the system will ask you if the configuration should be saved. • Do not save the configuration. • If you are running the tests on a supervisor engine, after the test is initiated and complete, you must reload or power down and then power up the entire - Cisco 7604 | Software Configuration Guide - Page 929
configured 25) TestL3VlanMet M**N****I** not configured 26) TestIngressSpan M**N****I** not configured 27) TestEgressSpan M**N****I** not configured 28) TestNetflowInlineRewrite --------> C*PD****I** not configured OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 930
18) TestL3VlanMet 19) TestIngressSpan 20) TestEgressSpan 21) TestIPv6FibShortcut 22) TestMPLSFibShortcut 23) TestNATFibShortcut 24) TestAclPermit 25) TestAclDeny 26) TestQoSTcam 55-8 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 931
Port 1 2 ---------- U U 28) TestFabricSnakeForward 29) TestFabricSnakeBackward 30) TestFibTcam - RESET U Router# This example shows how to display the detailed online diagnostic results: Router# show count ---> 0 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 932
1 test all command. Tip For additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 55-10 Cisco 7600 Series Router Cisco IOS Software - Cisco 7604 | Software Configuration Guide - Page 933
same hardware counters, compares the current statistics from the earlier statistics, and stores the difference. The statistics for each port are sorted by one of the statistic types that are listed in Table 56-1. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 934
use the Top N Utility: • Enabling Top N Utility Report Creation, page 56-3 • Displaying the Top N Utility Reports, page 56-3 • Clearing Top N Utility Reports, page 56-4 56-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 935
or duplex changes during the polling interval. • If a port's type changes from Layer 2 to Layer 3 during the polling interval. • If a port's type changes from Layer 3 to Layer 2 during the polling interval. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 936
report 4 deleted by the console This example shows how to remove a report number 4: Router# clear top counters interface report 4 04:52:12: %TOPN_COUNTERS-5-KILLED: TopN report 4 killed by the console 56-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 937
information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 938
Using the Top N Utility Chapter 56 Using the Top N Utility 56-6 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 939
(including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ the destination device to the destination host. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 57-1 - Cisco 7604 | Software Configuration Guide - Page 940
this router. • The traceroute mac command output shows the Layer port), the Layer 2 traceroute utility terminates at that hop and displays an error message. • The Layer 2 traceroute utility is not supported in Token Ring VLANs. 57-2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 941
Command Purpose Router# Router# traceroute mac ip {source_ip_address | source_hostname} {destination_ip_address | destination_hostname} [detail] Uses IP addresses to trace the path that packets take through the network. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 942
additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html 57-4 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 943
When you issure the command to reload the switch, the system will ask you if the configuration should be saved. • Do not save the configuration. • If you are running the tests on a supervisor engine, after the test is initiated and complete, you must reload or power down and then power up the entire - Cisco 7604 | Software Configuration Guide - Page 944
test runs every 30 seconds. Five consecutive failures causes a supervisor engine to switchover (or reset), if you are testing the supervisor engine, or in the module powering down when testing a module. Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX A-2 OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 945
Default Release Corrective action Hardware support Description Nondisruptive. Do not disable. On. 12.2(14)SX. Reset the malfunctioning supervisor engine or power down the module. Supervisor Engine 720, DFC-equipped modules, WS-X6148-FE-SFP, WS-X6148A-GE-TX, and WS-X6148A-RJ-45. TestMacNotification - Cisco 7604 | Software Configuration Guide - Page 946
insertion and removal (OIR). 12.1(13)E, 12.2(14)SX. Error disable a port if the loopback test fails on the port. Reset the module if all of the ports fail. All modules including supervisor engines. Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX A-4 OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 947
the configuration of loopback port (for example, Spanning Tree Protocol.). Schedule during downtime. Runs at bootup or after OIR. 12.1(13)E, 12.2(14)SX. Error disable a port if the loopback test fails on the port. Reset the supervisor engine if all of the ports fail. Standby supervisor engine only - Cisco 7604 | Software Configuration Guide - Page 948
bootup only. This test runs by default during bootup or after a reset or OIR. 12.1(13)E, 12.2(14)SX. None. See the system message guide for more information. All modules including supervisor engines. Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX A-6 OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 949
Hardware support Description Nondisruptive. If you experience problems with the Layer 2 forwarding engine None. See the system message guide for more information. Supervisor engines only. TestDontConditionalLearn The Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX A-7 - Cisco 7604 | Software Configuration Guide - Page 950
action Hardware support Description Disruptive. If you experience problems with the Layer 2 forwarding engine 12.2(14)SX. None. See the system message guide for more information. Supervisor engines only. Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX A-8 OL-4266 - Cisco 7604 | Software Configuration Guide - Page 951
the supervisor engine inband port through the switch fabric and looped back from one of the ports on the DFC-enabled module. The "don't learn" feature is verified during diagnostic packet lookup by the Layer 2 forwarding engine. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration - Cisco 7604 | Software Configuration Guide - Page 952
the test on the supervisor engine, the diagnostic packet is sent from the supervisor engine's inband port and performs a packet lookup using the supervisor engine Layer 2 forwarding engine. For DFC-enabled A-10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL - Cisco 7604 | Software Configuration Guide - Page 953
Trap feature of the Layer 2 forwarding engine is working properly. When running the test on the supervisor engine, the diagnostic packet is sent from the supervisor engine's inband port and performs OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX A-11 - Cisco 7604 | Software Configuration Guide - Page 954
-back port (for example, Spanning Tree Protocol). This test runs by default during bootup or after a reset or OIR. Off. 12.1(13)E, 12.2(14)SX. None. See the system message guide for more information. DFC-enabled modules. A-12 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 955
of the looped-back port (for example, Spanning Tree Protocol). Schedule during downtime. Off. 12.1(13)E, 12.2(14)SX. None. See the system message guide for more information. DFC-enabled modules. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX A-13 - Cisco 7604 | Software Configuration Guide - Page 956
sent to make sure that the diagnostic packet is switched by the FIB TCAM entry installed on the TCAM device. This is not an exhaustive TCAM device test; only one entry is installed on each TCAM device. A-14 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 957
properly. One diagnostic IPV6 FIB and adjacency entry is installed and a diagnostic IPv6 packet is sent to make sure the diagnostic packet is forwarded according to rewritten MAC and VLAN information. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX A-15 - Cisco 7604 | Software Configuration Guide - Page 958
make sure that the diagnostic packet is forwarded according to the rewritten IP address. Table A-27 TestNATFibShortcut Test Attributes Attribute Disruptive/Nondisruptive Description Nondisruptive. A-16 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 959
test. This test runs by default during bootup or after a reset or OIR. 12.1(13)E, 12.2(14)SX. None. See the system message guide for more information. Supervisor engines and DFC-enabled modules. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX A-17 - Cisco 7604 | Software Configuration Guide - Page 960
Hardware support Description Disruptive. Do not disable. On. 12.1(13)E, 12.2(14)SX. Automatic ASIC reset for recovery. Supervisor engines diagnostic packet is changed to reflect either input or output. A-18 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 961
is installed on each TCAM device. Note Compared to the IPv4FibShortcut and IPv6FibShortcut tests, the TestFibDevices test tests all FIB and adjacency devices using IPv4 or IPv6 packets, depending on your configuration. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 962
. One diagnostic IPv6 FIB and adjacency entry is installed and a diagnostic IPv6 packet is sent to make sure that the diagnostic packet is forwarded according to rewritten MAC and VLAN information. A-20 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 963
destination IP address. One diagnostic NAT FIB and adjacency entry is installed and a diagnostic packet is sent to make sure the diagnostic packet is forwarded according to the rewritten IP address. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX A-21 - Cisco 7604 | Software Configuration Guide - Page 964
corresponding diagnostic packet is sent from the supervisor engine and is looked up by the Layer 3 forwarding engine to make sure it hits the ACL TCAM entry and gets permitted and forwarded correctly. A-22 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 965
reflect either input or output. Table A-41 TestQoS Test Attributes Attribute Disruptive/Nondisruptive Description Disruptive for looped-back ports. The disruption is typically less than one second. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX A-23 - Cisco 7604 | Software Configuration Guide - Page 966
diagnostic packet is sent out from the supervisor engine's inband port, the test verifies that two packets are received back in the inband port on the two VLANs configured in the replication engine. A-24 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 967
on the configuration of the loopback port (for example, Spanning Tree Protocol). Run this test on-demand. This test runs by default during bootup or after a reset or OIR. 12.1(13)E, 12.2(14)SX. None. See the system message guide for more information. Supervisor engines and WS-65xx and WS-67xx - Cisco 7604 | Software Configuration Guide - Page 968
result in high CPU utilization. This test runs by default during bootup or after a reset or OIR. 12.1(13)E, 12.2(14)SX. Supervisor engines crash to ROMMON; SFMs reset. Supervisor Engine 720 and SFM. A-26 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 969
after five consecutive failures. Three consecutive reset cycles results in the module powering down. A fabric switchover may be triggered, depending on the type of failure. All fabric-enabled modules. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX A-27 - Cisco 7604 | Software Configuration Guide - Page 970
module. WS-X6704-10GE module. Exhaustive Memory Tests The exhaustive memory tests include the following tests: TestFibTcamSSRAM, page A-29 TestAsicMemory, page A-29 TestAclQosTcam, page A-30 TestNetflowTcam, page A-30 A-28 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 971
traffic in the background on the module that you are testing. The supervisor engine must be rebooted after running this test. Off. 12.2(17a)SX. Not applicable. All modules including supervisor engines. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX A-29 - Cisco 7604 | Software Configuration Guide - Page 972
be rebooted after running this test. Off. 12.2(18)SXD. Not applicable. All modules including supervisor engines. TestQoSTcam The TestQoSTcam test performs exhaustive memory tests for QoS TCAM devices. A-30 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 973
traffic in the background on the module that you are testing. The supervisor engine must be rebooted after running this test. Off. 12.2(18)SXD. Not applicable. All modules including supervisor engines. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX A-31 - Cisco 7604 | Software Configuration Guide - Page 974
action Hardware support Description Disruptive. Run this test on-demand. This test cannot be run from on-demand CLI. On. 12.2(18)SXE2. None. See the system message guide for more information. VPN service module. A-32 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 975
Disruptive. Disruption is several minutes. Use this test to qualify hardware before installing it in your network. Off. 12.2(18)SXF. Not applicable. Supervisor Engine 720 and Supervisor Engine 32. OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX A-33 - Cisco 7604 | Software Configuration Guide - Page 976
less than one second. Duration of the disruption depends on the configuration of looped-back port (for example, Spanning Tree Protocol). Forwarding and port functions are disrupted during the test. A-34 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 977
Default Release Corrective action Hardware support Do not disable. On. 12.2(14)SX. Not applicable. DFC-equipped modules TestTxPathMonitoring The TestTxPathMonitoring test sends index-directed packets periodically to each port on the Supervisor Engine 720 and WS-X67xx series modules to verify ASIC - Cisco 7604 | Software Configuration Guide - Page 978
supervisor engines. Tip For additional information (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html A-36 Cisco 7600 Series Router Cisco IOS Software - Cisco 7604 | Software Configuration Guide - Page 979
protocol data unit bridge relay function Bisync Block Serial Tunnel broadcast and unknown server bridge-group virtual interface content-addressable memory committed access rate circuit card assembly Cisco Discovery Protocol Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 980
Link Switching data movement processor Domain Name System Department of Defense denial of service 802.1Q dynamic RAM Dual Ring Protocol destination service access point differentiated services code point downstream SNA Physical Units Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 981
Module IOS File System Internet Group Management Protocol Interior Gateway Routing Protocol Integrated Local Management Interface Internet Protocol interprocessor communication Internetwork Packet Exchange OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 982
entity multicast routing monitor Multicast Source Discovery Protocol Multilayer Switching Feature Card Multilayer Switch Module multiple spanning tree maximum transmission unit multiple VLAN access port Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX A-4 OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 983
Policy Feature Card Pragmatic General Multicast physical sublayer policy information base protocol independent multicast Point-to-Point Protocol Policy Rule Identifiers Per VLAN Spanning Tree+ QoS device manager QoS manager Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 984
manager Switch-Module Configuration Protocol Synchronous Data Link Control Stack Group Bidding Protocol single in-line memory module server load balancing Supervisor Line-Card Processor Serial Line Internet Protocol Software Management and Delivery Systems software MAC filter Standby Monitor - Cisco 7604 | Software Configuration Guide - Page 985
circuit identifier Virtual Configuration Register Virtual Network System virtual LAN VLAN Membership Policy Server virtual private network VPN routing and forwarding VLAN Trunking Protocol voice VLAN ID wide area network Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12 - Cisco 7604 | Software Configuration Guide - Page 986
) Acronym WCCP WFQ WRED WRR XNS Expansion Web Cache Communications Protocol weighted fair queueing weighted random early detection weighted round-robin Xerox Network System Appendix A Acronyms Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX A-8 OL-4266-08 - Cisco 7604 | Software Configuration Guide - Page 987
with previous releases of AToM 15 Ethernet over MPLS 16 ARP ACL 70 ARP spoofing 1 AToM 13 audience 30 authentication See also port-based authentication Authentication, Authorization, and Accounting OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX IN-1 - Cisco 7604 | Software Configuration Guide - Page 988
enable command 3 CEF 1 configuring MSFC2 5 supervisor engine 5 examples 3 Layer 3 switching 2 packet rewrite 2 CEF for PFC2 See CEF CGMP 8 channel-group group command 8, 12 command example 9 checking configuration, system 10 Cisco Discovery Protocol See CDP Cisco Emergency Responder 4 Cisco Express - Cisco 7604 | Software Configuration Guide - Page 989
4 interface configuration mode 5 privileged EXEC mode 5 ROM monitor 7 software basics 4 command line processing 3 commands, getting list of 5 Committed Access Rate (CAR), not supported 3 Common and Internal Spanning Tree See also CIST 15 Common Spanning Tree See CST 15 community ports 3 community - Cisco 7604 | Software Configuration Guide - Page 990
database DHCP Snooping Database Agent adding to the database (example) 18 enabling (example) 15 overview 5 reading from a TFTP file (example) 17 DHCP snooping increased bindings limit 7, 15 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX IN-4 - Cisco 7604 | Software Configuration Guide - Page 991
13, 14 logging system messages 14 rate limit for incoming ARP packets 4, 9 default configuration 5 denial-of-service attacks, preventing 9 described 1 DHCP snooping binding database 3 displaying ARP ACLs 15 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 992
(tasks) 7 DFC restriction, see CSCdt27074 in the Release Notes interface port-channel command example 8 interface port-channel (command) 7 lacp system-priority command example 10 Layer 2 configuring 8 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX IN-6 - Cisco 7604 | Software Configuration Guide - Page 993
-destination-source-ip 3 ip-full 3 ip-interface-full 3 minimum 7 overview 3 flows IP MMLS completely and partially switched 4 forward-delay time MSTP 25 forward-delay time, STP 32 frame distribution OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX IN-7 - Cisco 7604 | Software Configuration Guide - Page 994
command 10 configuration 8 to 9 configuration mode 5 Layer 2 modes 4 number 2 parameters, configuring 8 interface-destination-source-ip flow mask 3 interface port-channel command example 8 interface port-channel (command) 7 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 995
27 unsupported features 9 IP multicast IGMP snooping and 9 MLDv2 snooping and 10 overview 1 IP multicast MLS See IP MMLS ip multicast-routing command enabling IP multicast 10 IP phone configuring 6 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX IN-9 - Cisco 7604 | Software Configuration Guide - Page 996
switching CEF 2 Layer 4 port operations (ACLs) 8 leave processing, IGMP enabling 12 leave processing, MLDv2 enabling 13 LERs 2, 6, 7 Link Failure detecting unidirectional 8 link negotiation 8 link redundancy See Flex Links OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide - Cisco 7604 | Software Configuration Guide - Page 997
4 private VLANs 17 MPLS 2 aggregate label 2 any transport over MPLS 13 basic configuration 8 core 4 DiffServ Tunneling Modes 32 egress 4 experimental field 3 guidelines and restrictions 7 ingress 3 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX IN-11 - Cisco 7604 | Software Configuration Guide - Page 998
type 27 path cost 22 port priority 21 root switch 19 secondary root switch 20 switch priority 23 CST defined 3 operations between regions 4 default configuration 16 displaying status 28 enabling the mode 17 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX IN-12 - Cisco 7604 | Software Configuration Guide - Page 999
RPF check 2 Multiple Spanning Tree See MST Multiple Spanning Tree Protocol See MSTP 15 N NAC non-responsive hosts 5 native VLAN 10 NBAR 1, 53 NDE configuration, displaying 18 displaying configuration 18 enabling 10 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX - Cisco 7604 | Software Configuration Guide - Page 1000
enable password 15 enable secret 15 line password 16 static enable password 15 TACACS+ 16 TACACS+ (caution) 17 encrypting 17 (caution) 17 recovering lost enable passwords 19 path cost MSTP 22 PBR 4 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX IN-14 - Cisco 7604 | Software Configuration Guide - Page 1001
switch as proxy 2 RADIUS client 2 topologies, supported 5 port-based QoS features see QoS port channel switchport trunk encapsulation dot1q 6 port-channel see EtherChannel port-channel load-balance command 10, 11 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 1002
levels 17 privilege level 18 exiting 19 logging in 18 procedures global parameters, configuring 3 to 8 interfaces, configuring 8 to 9 using configuration mode 10 promiscuous ports 3 protocol tunneling OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX IN-16 - Cisco 7604 | Software Configuration Guide - Page 1003
25 QoS scheduling (definition) 124 QoS single-receive, dual-transmit queue ports configuring 99 QoS statistics data export 1 configuring 2 configuring destination host 7 configuring time interval 6, 9 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX IN-17 - Cisco 7604 | Software Configuration Guide - Page 1004
CEF 2 IP MMLS 3 RGMP 1 overview 1 packet types 2 RIF cache monitoring 17 rommon command 24 ROM monitor boot process and 20 CLI 7 root bridge, STP 24 root guard See STP root guard root switch MSTP 19 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX IN-18 - Cisco 7604 | Software Configuration Guide - Page 1005
command 3 show cdp neighbors command 3 show cdp traffic command 3 show ciscoview package command 3 show ciscoview version command 3 show configuration command 16 show debugging command 3 show eobc command 17 OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 1006
command example 9 spanning-tree portfast bpdu-guard command 12 spanning-tree port-priority command 27 spanning-tree protocol for bridging 2 spanning-tree uplinkfast command 13 command example 13 spanning-tree vlan OL-4266-08 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release - Cisco 7604 | Software Configuration Guide - Page 1007
13 figure adding a switch 7 spanning-tree backbonefast command 13, 14 command example 14 understanding 4 STP BPDU Guard and MST 16 configuring 12 spanning-tree portfast bpdu-guard command 12 understanding 2 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX IN - Cisco 7604 | Software Configuration Guide - Page 1008
engine redundancy configuring 10, 5 supervisor engines displaying redundancy configuration 7 Switched Port Analyzer See SPAN switch fabric functionality 2 configuring 4 monitoring 4 switch fabric module 1 configuring 3 monitoring 5 slot locations 2 switchport configuring 14 example 13 show - Cisco 7604 | Software Configuration Guide - Page 1009
2 system configuration register configuration 21 to 24 settings at startup 22 configuring global parameters 3 to 8 System Hardware Capacity 5 system image determining if and how to load 22 loading from Flash 24 T TACACS+ 1 TCP Intercept 2 TDR checking cable connectivity 19 enabling and disabling - Cisco 7604 | Software Configuration Guide - Page 1010
16 example 11 vlan mapping dot1q command 15, 16 command example 17 VLAN mode 16 VLANs allowed on trunk 11 configuration guidelines 8 configuration options global configuration mode 9 VLAN database mode 9 IN-24 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX OL-4266 - Cisco 7604 | Software Configuration Guide - Page 1011
configuration 12 configuring 7 overview 4 server, configuring 9 statistics 10 transparent mode, configuring 9 version 2 enabling 8 overview 3 W web browser interface 1 weighted round robin 109 WRR 109 X xconnect command 15 Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
-
486
-
487
-
488
-
489
-
490
-
491
-
492
-
493
-
494
-
495
-
496
-
497
-
498
-
499
-
500
-
501
-
502
-
503
-
504
-
505
-
506
-
507
-
508
-
509
-
510
-
511
-
512
-
513
-
514
-
515
-
516
-
517
-
518
-
519
-
520
-
521
-
522
-
523
-
524
-
525
-
526
-
527
-
528
-
529
-
530
-
531
-
532
-
533
-
534
-
535
-
536
-
537
-
538
-
539
-
540
-
541
-
542
-
543
-
544
-
545
-
546
-
547
-
548
-
549
-
550
-
551
-
552
-
553
-
554
-
555
-
556
-
557
-
558
-
559
-
560
-
561
-
562
-
563
-
564
-
565
-
566
-
567
-
568
-
569
-
570
-
571
-
572
-
573
-
574
-
575
-
576
-
577
-
578
-
579
-
580
-
581
-
582
-
583
-
584
-
585
-
586
-
587
-
588
-
589
-
590
-
591
-
592
-
593
-
594
-
595
-
596
-
597
-
598
-
599
-
600
-
601
-
602
-
603
-
604
-
605
-
606
-
607
-
608
-
609
-
610
-
611
-
612
-
613
-
614
-
615
-
616
-
617
-
618
-
619
-
620
-
621
-
622
-
623
-
624
-
625
-
626
-
627
-
628
-
629
-
630
-
631
-
632
-
633
-
634
-
635
-
636
-
637
-
638
-
639
-
640
-
641
-
642
-
643
-
644
-
645
-
646
-
647
-
648
-
649
-
650
-
651
-
652
-
653
-
654
-
655
-
656
-
657
-
658
-
659
-
660
-
661
-
662
-
663
-
664
-
665
-
666
-
667
-
668
-
669
-
670
-
671
-
672
-
673
-
674
-
675
-
676
-
677
-
678
-
679
-
680
-
681
-
682
-
683
-
684
-
685
-
686
-
687
-
688
-
689
-
690
-
691
-
692
-
693
-
694
-
695
-
696
-
697
-
698
-
699
-
700
-
701
-
702
-
703
-
704
-
705
-
706
-
707
-
708
-
709
-
710
-
711
-
712
-
713
-
714
-
715
-
716
-
717
-
718
-
719
-
720
-
721
-
722
-
723
-
724
-
725
-
726
-
727
-
728
-
729
-
730
-
731
-
732
-
733
-
734
-
735
-
736
-
737
-
738
-
739
-
740
-
741
-
742
-
743
-
744
-
745
-
746
-
747
-
748
-
749
-
750
-
751
-
752
-
753
-
754
-
755
-
756
-
757
-
758
-
759
-
760
-
761
-
762
-
763
-
764
-
765
-
766
-
767
-
768
-
769
-
770
-
771
-
772
-
773
-
774
-
775
-
776
-
777
-
778
-
779
-
780
-
781
-
782
-
783
-
784
-
785
-
786
-
787
-
788
-
789
-
790
-
791
-
792
-
793
-
794
-
795
-
796
-
797
-
798
-
799
-
800
-
801
-
802
-
803
-
804
-
805
-
806
-
807
-
808
-
809
-
810
-
811
-
812
-
813
-
814
-
815
-
816
-
817
-
818
-
819
-
820
-
821
-
822
-
823
-
824
-
825
-
826
-
827
-
828
-
829
-
830
-
831
-
832
-
833
-
834
-
835
-
836
-
837
-
838
-
839
-
840
-
841
-
842
-
843
-
844
-
845
-
846
-
847
-
848
-
849
-
850
-
851
-
852
-
853
-
854
-
855
-
856
-
857
-
858
-
859
-
860
-
861
-
862
-
863
-
864
-
865
-
866
-
867
-
868
-
869
-
870
-
871
-
872
-
873
-
874
-
875
-
876
-
877
-
878
-
879
-
880
-
881
-
882
-
883
-
884
-
885
-
886
-
887
-
888
-
889
-
890
-
891
-
892
-
893
-
894
-
895
-
896
-
897
-
898
-
899
-
900
-
901
-
902
-
903
-
904
-
905
-
906
-
907
-
908
-
909
-
910
-
911
-
912
-
913
-
914
-
915
-
916
-
917
-
918
-
919
-
920
-
921
-
922
-
923
-
924
-
925
-
926
-
927
-
928
-
929
-
930
-
931
-
932
-
933
-
934
-
935
-
936
-
937
-
938
-
939
-
940
-
941
-
942
-
943
-
944
-
945
-
946
-
947
-
948
-
949
-
950
-
951
-
952
-
953
-
954
-
955
-
956
-
957
-
958
-
959
-
960
-
961
-
962
-
963
-
964
-
965
-
966
-
967
-
968
-
969
-
970
-
971
-
972
-
973
-
974
-
975
-
976
-
977
-
978
-
979
-
980
-
981
-
982
-
983
-
984
-
985
-
986
-
987
-
988
-
989
-
990
-
991
-
992
-
993
-
994
-
995
-
996
-
997
-
998
-
999
-
1,000
-
1,001
-
1,002
-
1,003
-
1,004
-
1,005
-
1,006
-
1,007
-
1,008
-
1,009
-
1,010
-
1,011
 |
 |
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Cisco 7600 Series Router
Cisco IOS Software Configuration Guide
Release 12.2(18)SXF and Rebuilds and Earlier Releases
Text Part Number: OL-4266-08