Cisco WS-X6K-SUP1A-PFC= Software Guide
Cisco WS-X6K-SUP1A-PFC= - Catalyst 6000 Supervisor Engine 1A 2Ge Manual
 |
UPC - 746320290881
View all Cisco WS-X6K-SUP1A-PFC= manuals
Add to My Manuals
Save this manual to your list of manuals |
Cisco WS-X6K-SUP1A-PFC= manual content summary:
- Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 1
Family Software Configuration Guide Software Releases 6.3 and 6.4 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7813315= Text Part Number: 78-13315 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 2
, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 3
Interface 1 Switch Command-Line Interface 2 MSFC Command-Line Interface 8 Cisco IOS Command Modes 8 Cisco IOS Command-Line Interface 10 Configuring the Switch IP Address and Default Gateway MSFC for the First Time 4 CONTENTS Catalyst 6000 Family Software Configuration Guide, Releases 6.3 and 6.4 3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 4
the Port Speed 5 Setting the Port Duplex Mode 5 Configuring IEEE 802.3X Flow Control 6 Enabling and Disabling Port Negotiation 7 Changing the Default Port Enable State 7 Setting Example VLAN Trunk Configurations 9 Catalyst 6000 Family Software Configuration Guide, Releases 6.3 and 6.4 4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 5
EtherChannel Port Path Cost 6 Setting the EtherChannel VLAN Cost 6 Configuring EtherChannel Tunneling Configuration Guidelines 2 Configuring Support for 802.1Q Tunneling 3 Configuring the Switch to Support 802.1Q Tunneling 3 Configuring Family Software Configuration Guide, Releases 6.3 and 6.4 5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 6
Configuring the PVST+ Port Cost 17 Configuring the PVST+ Port Priority 18 Configuring the PVST+ Default Port Cost Mode 18 Configuring the PVST+ Port Cost for a VLAN 19 Guard 1 Understanding How PortFast Works 2 Catalyst 6000 Family Software Configuration Guide, Releases 6.3 and 6.4 6 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 7
VTP Advertisements 2 Understanding VTP Version 2 3 Understanding VTP Pruning 3 Default VTP Configuration 5 VTP Configuration Guidelines 5 Configuring VTP 6 Configuring a VTP Server 6 Configuring a VTP Client 6 Disabling VTP (VTP Transparent Mode) 7 Catalyst 6000 Family Software Configuration - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 8
Mapping 23 Private VLAN Support on the MSFC 23 Configuring FDDI VLANs 24 Configuring Token Ring VLANs 24 Understanding Token Ring TrBRF VLANs 25 Understanding Token Ring TrCRF VLANs 25 Token Ring VLAN Configuration Guidelines 27 Catalyst 6000 Family Software Configuration Guide, Releases 6.3 and - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 9
Restrictions 11 Configuring CEF for PFC2 12 Displaying Layer 3-Switching Entries on the Supervisor Engine 12 Configuring CEF on the MSFC2 14 Configuring IP Multicast on the Layer 3-Switched Packet Rewrite 2 Understanding MLS 4 Catalyst 6000 Family Software Configuration Guide, Releases 6.3 and 6.4 9 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 10
13 Configuring MLS 14 Configuring Unicast MLS on the MSFC 14 Configuring MLS on Supervisor Engine 1 17 Configuring IP MMLS 28 15 C H A P T Access Control 1 Understanding How ACLs Work 1 Hardware Requirements 2 Supported ACLs 2 QoS ACLs 2 Catalyst 6000 Family Software Configuration Guide, Releases - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 11
Cisco IOS ACLs 15 Guidelines for Configuring Cisco IOS ACLs and VACLs on the Same VLAN Interface 16 Guidelines for Using Layer 4 Operations 20 Using VACLs in your Network 22 Wiring Closet Configuration 22 Redirecting Broadcast Traffic to a Specific Server Flash Memory 43 Manually Moving the Support - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 12
8 Troubleshooting VMPS 8 Troubleshooting Dynamic Port VLAN Membership 8 Dynamic Port VLAN Membership with VMPS Configuration Examples 9 VMPS Database Configuration File Example 9 Dynamic Port VLAN Membership Configuration Example 10 Catalyst 6000 Family Software Configuration Guide, Releases - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 13
with Auxiliary VLANs 13 Checking Port Status and Connectivity 1 Checking Module Status 1 Checking Port Status 2 Checking Port Capabilities 4 Using Static ARP Entries 8 Scheduling a System Reset 9 Scheduling a Reset at a Specific Time 10 Scheduling a Reset Within a Specified Amount of Time 10 Power - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 14
Modules Up or Down 13 Determining System Power Requirements 14 Environmental Monitoring 16 Environmental Monitoring Using CLI Commands 16 LED Indications 16 Displaying System Status Information for Technical Support Catalyst 6000 Family Software Configuration Guide, Releases 6.3 and 6.4 14 78-13315- - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 15
57 Specifying RADIUS Servers 58 Updating the Server 59 Suppressing Accounting Supervisor Engine 6 High Availability 8 Supervisor Engine Synchronization Examples 14 MSFC Redundancy 18 Dual MSFC Redundancy 19 Single Router Mode Redundancy 41 Manual Software Configuration Guide, Releases 6.3 and 6.4 15 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 16
Setting the Text File Configuration Mode 2 Listing the Files on a Flash Device 3 Supervisor Engine Images Using TFTP 3 Downloading Switching Module Images Using TFTP 4 TFTP Download Procedures Example 5 Uploading System Software Images to a TFTP Server 8 Preparing to Upload an Image to a TFTP Server - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 17
MSFC 9 Uploading the Configuration File to a TFTP Server 10 Uploading the Configuration File to the Supervisor Engine Flash PC Card 11 Downloading the Configuration File from a Remote Host 11 Downloading the Configuration File from the Supervisor Engine Flash PC Card 13 Configuring System Message - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 18
Buffer Size 6 Configuring the syslog Daemon on a UNIX syslog Server 7 Configuring syslog Servers 7 Displaying the Logging Configuration 9 Displaying System Messages 10 Configuring the UDLD Configuration 5 Catalyst 6000 Family Software Configuration Guide, Releases 6.3 and 6.4 18 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 19
Clearing NTP Servers 7 Disabling List 2 Adding IP Addresses to the IP Permit List 2 Enabling the IP Permit List 3 Disabling the IP Permit List 4 Clearing an IP Permit List Entry 4 Configuring Port Security 1 Understanding How Port Security Works 1 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 20
Configuring SNMPv3 from an NMS 11 Configuring SNMPv3 from the CLI 12 Configuring RMON 1 Understanding How RMON Works 1 Enabling RMON 2 Catalyst 6000 Family Software Configuration Guide, Releases 6.3 and 6.4 20 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 21
P T E R 40 C H A P T E R 78-13315-02 Viewing RMON Data 2 Supported RMON and RMON2 MIB Objects 2 Configuring SPAN and RSPAN 1 Understanding How SPAN and RSPAN Works 1 SPAN Configuring Multicast Services 1 Understanding How Multicasting Works 1 Multicasting and Multicast Services Overview 2 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 22
Traffic 5 Nonreverse Path Forwarding Multicast Fast Drop 5 Enabling Installation of Directly Connected Subnets 6 Configuring IGMP Snooping 6 Default Group Entries 22 Configuring RGMP 22 Configuring RGMP on the Supervisor Engine 22 Configuring RGMP on the MSFC 25 Displaying Multicast Protocol - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 23
Thresholds 52 Configuring DSCP Value Maps 55 Displaying QoS Information 58 Displaying QoS Statistics 59 Reverting to QoS Defaults 60 Disabling QoS 60 Configuring COPS Support 60 Configuring RSVP Support 66 Configuring QoS Statistics Data Export 70 Catalyst 6000 Family Software Configuration - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 24
Switch Fabric Module 4 Configuring the LCD Banner 8 44 C H A P T E R Configuring a VoIP Network 1 Hardware and Software Requirements 1 Understanding How a VoIP Network Works 2 Cisco IP Phone 7960 2 Cisco CallManager 4 Access Gateways 4 Catalyst 6000 Family Software Configuration Guide, Releases - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 25
Power Management 10 Configuring Auxiliary VLANs on Catalyst LAN Switches 19 Configuring the Access Gateways 21 Displaying Active Call Information 27 Configuring QoS in the Cisco IP Phone 7960 29 Contents 78-13315-02 Catalyst 6000 Family Software Configuration - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 26
Contents Catalyst 6000 Family Software Configuration Guide, Releases 6.3 and 6.4 26 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 27
This preface describes who should read the Catalyst 6000 Family Software Configuration Guide, how it is organized, and its document conventions. Audience This publication is for experienced network administrators who are responsible for configuring and maintaining Catalyst 6000 family switches - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 28
the VLAN Management Policy Server (VMPS). Checking Port Status and Connectivity Describes how to display information about modules and switch ports and to monitor and control access to the CLI. Configuring Redundancy Describes how to install and configure redundant supervisor engines and MSFCs - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 29
server load balancing (ASLB). Describes how to configure the Switch Fabric Module. Describes how to configure a Voice-over-IP (VoIP) network. Related Documentation The following publications are available for the Catalyst 6000 family switches: • Catalyst 6000 Family Module Installation Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 30
where noted, the term supervisor engine is used to refer to both Supervisor Engine 1 and Supervisor Engine 2. This publication uses the key labeled Control-for example, the key combination ^D in a screen display means hold down the Control key while you Guide-Releases 6.3 and 6.4 30 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 31
order the Documentation CD-ROM (product number DOC-CONDOCCD=) through the online Subscription Store: http://www.cisco.com/go/subscription Ordering Documentation You can find instructions for ordering documentation at this URL: http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm You can order - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 32
, troubleshooting tips, and sample configurations from the Cisco TAC website. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC website, including TAC tools and utilities. Cisco.com Cisco.com offers a suite of interactive, networked services that - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 33
687/Directory/DirTAC.shtml Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled: for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). When you call the center, please have available - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 34
Information about Cisco products, technologies, and network solutions is available from various online and printed sources. • The Cisco Product Catalog describes the networking products offered by Cisco Systems as well as ordering and customer support services. Access the Cisco Product Catalog - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 35
Feature Card 2 (PFC2), and Multilayer Switch Feature Card 2 (MSFC2) • Supervisor Engine 2 and PFC2 • Supervisor Engine 1, PFC, and MSFC or MSFC2 • Supervisor Engine 1 and PFC • Supervisor Engine 1 Note The Switch Fabric Module is supported only in Catalyst 6500 series switches. Refer to the Release - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 36
Chapter 1 Product Overview Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 1-2 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 37
of the ATM Cisco IOS CLI and commands, refer to the ATM Software Configuration Guide and Command Reference-Catalyst 5000 Family and 6000 Family Switches publication. For a description of the Multilayer Switch Module (MSM) IOS CLI and commands, refer to the Multilayer Switch Module Installation and - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 38
access the ROM monitor through a terminal server, you can escape to the Telnet prompt ) cable. Note For complete information on how to connect to the supervisor engine console port, refer to the hardware documentation for your switch. To Configuration Guide-Releases 6.3 and 6.4 2-2 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 39
supported. Telnet sessions disconnect automatically after remaining idle for a set time period. To access the switch CLI from a remote ... Connected to Catalyst_1. Escape character is '^]'. Cisco Systems Console Enter password: Catalyst_1> Accessing the Configuration Guide-Releases 6.3 and 6.4 2-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 40
15 (if the MSFC is installed on the supervisor engine in slot 1) or 16 (if the MSFC is installed on the supervisor engine in slot 2). If no module number is specified, the console will switch to the MSFC on the active supervisor engine. Note To access the Cisco IOS CLI on the standby MSFC, connect - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 41
in slot 1. If your switch has a redundant supervisor engine, the supervisor engines reside in slots 1 and 2. To designate a specific module, use the module number. Port 1 is always the left-most port. To designate a specific port on a specific module, the command syntax is mod/port. For example - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 42
module 6 Specifies ports 1 and 2 on module 3 and port 8 on module 4 VLANs are identified using the VLAN ID, a single number associated with the VLAN. To specify a list of VLANs, use a comma-separated list are made up of a network section, an optional subnet Guide-Releases 6.3 and 6.4 2-6 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 43
this key. 1. The arrow keys function only on ANSI-compatible terminals such as VT100s. History Substitution The history buffer stores by using special abbreviated commands. Table 2-4 lists the history substitution commands. Table 2-4 History Software Configuration Guide-Releases 6.3 and 6.4 2-7 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 44
IOS to support direct Telnet access to the MSFC. Refer to "Configuring Authentication" in the Cisco IOS Security Configuration Guide: http://www.cisco.com configuration mode, subinterface configuration mode, and a variety of protocol-specific modes. ROM monitor mode is a separate mode used when the - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 45
# Router(config)# Router(config-if)# Router(config-line)# The Cisco IOS command interpreter, called the EXEC, interprets and executes the commands List of IOS Commands and Syntax In any command mode, you can get a list of available commands by entering a question mark (?). Router> ? To obtain a list - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 46
Up an MSFC Interface, page 2-11 Accessing Cisco IOS Configuration Mode To access the Cisco IOS configuration mode, perform this task: Note Enter the switch console command to access the MSFC from the switch CLI when directly connected to the supervisor engine console port. To access the MSFC from - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 47
)# Ctrl-Z Viewing and Saving the Cisco IOS Configuration To view and save the interface command. Note In a redundant supervisor engine setup, if an interface on one stop forwarding packets. Therefore, you should manually shut down the matching interface on the Guide-Releases 6.3 and 6.4 2-11 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 48
MSFC Command-Line Interface Chapter 2 Command-Line Interfaces 2-12 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 49
) management interface is connected to the switching fabric and participates in all of the functions of a normal switch port, such as spanning tree, Cisco Discovery Protocol (CDP), VLAN membership, and so forth. The out-of-band management interface (sl0) is not connected to the switching fabric and - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 50
an IP address from the DHCP server: • Manual allocation-The network administrator maps the switch MAC address to an IP address at the DHCP server. • Automatic allocation-The switch obtains another IP address. Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 3-2 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 51
responds to the request, the switch takes appropriate action. If a DHCPOFFER message is received from a DCHP server, the switch processes all supported options contained in the message. Table 3-1 shows the supported DHCP options. Other options specified in the DHCPOFFER message are ignored. Table - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 52
image that has network interface code and end-host protocol code. The system image is the main Cisco IOS software image with full multiprotocol routing support. As shipped, image on the supervisor Flash PC card. Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 3-4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 53
Note To boot a system image stored on the supervisor engine Flash PC card, at least one VLAN the bootflash from an image on the supervisor engine Flash PC card by entering these commands [vlan] (make sure the VLAN is associated with the network to which the IP address belongs). If necessary, bring - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 54
enable) Configuring Default Gateways The supervisor engine sends IP packets destined for other IP subnets to the default gateway (typically, a router interface in the same network or subnet as the switch table. Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 3-6 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 55
this task: Step 1 Step 2 Step 3 Step 4 Step 5 Task Command Access the switch from a remote host with Telnet. telnet {host_name | ip_addr} Enter privileged mode on the switch. enable Set the console attach 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 3-7 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 56
Step 2 Step 3 Task Command Access the switch from a remote host with Telnet. telnet {host_name | ip_addr} Enter privileged Connected to 172.20.52.38. Escape character is '^]'. Cisco Systems, Inc. Console Enter password: Console> enable Enter password Guide-Releases 6.3 and 6.4 3-8 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 57
2 Step 3 Step 4 Step 5 Step 6 Step 7 Task Command Make sure that there is a DHCP, BOOTP, or - RARP server on the network. Obtain the last address in the MAC address range for module 1 (the supervisor engine). This address is displayed under the MAC-Address(es) heading. (With DHCP, this step is - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 58
,RUNNING> vlan 1 inet 172.20.25.244 netmask 255.255.255.0 broadcast 172.20.25.255 dhcp server: 172.20.25.254 Console> Renewing and Releasing a DHCP-Assigned IP Address If you are using DHCP Console> (enable) 3-10 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 59
and Gigabit Ethernet switching modules, as well as to the uplink ports on the supervisor engine. Note For Catalyst 6000 family switches support simultaneous, parallel connections problems caused by high-bandwidth devices and a large number of users by assigning each device (for example, a server) - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 60
or server, or to a hub through which workstations or servers connect to the network. Ports receives a frame for a destination address not listed in its address table, it floods the frame exchanges flow-control parameters, remote fault information, Guide-Releases 6.3 and 6.4 4-2 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 61
for receive (Rx) and desired for transmit (Tx) Flow control (other Ethernet) Flow control set to off for receive (Rx); transmit (Tx) not supported Spanning Tree Protocol (STP) Enabled for VLAN 1 Native VLAN VLAN 1 Port VLAN cost • Port VLAN cost of 100 for 10-Mbps Ethernet ports • Port VLAN - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 62
page 4-5 • Configuring IEEE 802.3X Flow Control, page 4-6 • Enabling and Disabling Port Fast Ethernet, and Gigabit Ethernet switching modules to facilitate switch administration. To set ) set port name 1/2 Server Link Port 1/2 name set full 1000 1000BaseSX 1/2 Server Link connected trunk full - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 63
Setting the Port Speed You can configure the port speed on 10/100-Mbps Ethernet switching modules. Use the auto keyword to autonegotiate the port's speed and duplex mode with the neighboring [mod[/port]] 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 4-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 64
that tells remote ports to delay sending more packets for a specified period of time. All Ethernet ports (1000 Mbps, 100 Mbps, and 10 Mbps) can receive and act upon "pause" packets from other devices. Enter the set port flow control command to configure flow control on ports. Table 4-3 lists the set - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 65
the Default Port Enable State Note Changing the default port enable state applies to all port types, not just Ethernet. Note This feature is not supported on systems that do not have a chassis ID PROM. 78-13315-02 Catalyst 6000 Family Software Configuration - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 66
might cause a security and network instability problem. Entering the set default manually configure the ports back to the enable state. The default port status configuration is stored on the chassis. This means it is tied to a chassis and not the supervisor Guide-Releases 6.3 and 6.4 4-8 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 67
Ethernet, and Gigabit Ethernet Switching Setting the Port Configuration Table 4-4 lists the time delay that occurs before the switch notifies the main processor to reenable all the errdisabled ports manually. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 4-9 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 68
to all reasons) You can enable or disable errdisable timeout for each of the above listed reasons. The ports in errdisable state for reasons other than the first four reasons are mismatch Console> (enable) 4-10 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 69
speed. At 10 Mbps and 1000 Mbps the module supports the jumbo frame default of 9216 bytes. - Trunk ports - EtherChannels • Jumbo frames are supported on all Optical Services Modules (OSMs). • Jumbo frames are not supported on ATM modules (WS-X6101-OC12-SMF/MMF). • The Multilayer Switching Feature - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 70
.1 Router(config-if)# mtu mtu_size Verify the configuration. Router# show interface vlan 111 1. Set the MTU size no larger than 9216, which is the size supported by the supervisor engine. 4-12 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 71
route This example shows how to ping a remote host and how to trace the hop-by-hop path of packets through the network using traceroute: Console> (enable) ping somehost .1.2.3) 3 ms * 2 ms Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 4-13 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 72
Setting the Port Configuration Chapter 4 Configuring Ethernet, Fast Ethernet, and Gigabit Ethernet Switching 4-14 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 73
entire network. Two trunking encapsulations are available on all Ethernet ports: • Inter-Switch Link (ISL)-ISL is a Cisco- proprietary trunking encapsulation • IEEE 802.1Q-802.1Q is an industry-standard trunking encapsulation 78-13315-02 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 74
see Chapter 6, "Configuring EtherChannel." Ethernet trunk ports support five different trunking modes (see Table 5-1). In configure the neighboring port manually as a trunk port to establish a trunk link. Table 5-2 lists the encapsulation types used Guide-Releases 6.3 and 6.4 5-2 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 75
Nontrunk ISL trunk Nontrunk 1. Using this configuration can result in spanning tree loops and is not recommended. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 5-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 76
problem, ensure that trunking is turned off on ports connected to non-switch devices if you do not intend to trunk across those links. When manually enabling trunking on a link to a Cisco without disabling spanning tree on every VLAN in the network can cause spanning tree loops. We recommend that you - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 77
Port Mode Encapsulation Status Native vlan 1/1 on isl trunking 1 Port Vlans allowed on trunk 1/1 1-1005, 1025-4094 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 5-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 78
> (enable) show trunk Port Mode Encapsulation 2/9 desirable dot1q Status -----------trunking Native vlan ----------1 Port Vlans allowed on trunk 2/9 1-1005, 1025-4094 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 5-6 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 79
the Allowed VLANs on a Trunk When you configure a trunk port, all VLANs are added to the allowed VLANs list for that trunk. However, you can remove VLANs from the allowed list to prevent traffic for those VLANs from passing over the trunk. 78-13315-02 Catalyst 6000 Family Software Configuration - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 80
allowed VLANs list for clear trunk mod/port vlans a trunk. (Optional) Add specific VLANs to the allowed set trunk mod/port vlans VLANs list for a trunk. Verify the allowed VLAN list for the trunk [mod/port] Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 5-8 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 81
Vlans allowed on trunk 1/1 1-1005, 1025-4094 Port Vlans allowed and active in management domain 1/1 1,521-524 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 5-9 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 82
in spanning tree forwarding state and not pruned 1/1 Switch1> (enable) Define the allowed VLAN list for the trunk by entering the clear trunk command to remove the VLANs that should not pass trunk link. 5-10 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 83
Neighbor Neighbor mode status device port 3/1 connected auto channel WS-C5500 069003103(Sw 1/1 3/2 connected auto channel WS-C5500 069003103(Sw 1/2 Switch_B> (enable) Step 4 trunk. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 5-11 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 84
,917,999 3/2 1-5,10,20,50,152,200,300,400,500,521-524,570,801,850,917,999 Switch_B> (enable) 5-12 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 85
in EtherChannel auto mode. The system logging messages provide information about the formation of the EtherChannel bundle. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 5-13 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 86
WS-C4003 JAB023806(Sw 2/3 3/4 connected auto channel WS-C4003 JAB023806(Sw 2/4 3/5 connected auto channel WS-C4003 JAB023806(Sw 2/5 3/6 connected auto channel WS :Port 2/3 has become dot1q trunk 5-14 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 87
-524,570,850,917,999 Port Vlans in spanning tree forwarding state and not pruned 2/3 2/4 2/5 2/6 Switch_A> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 5-15 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 88
over each trunk while still maintaining a fault-tolerant configuration. Figure 5-3 shows a parallel trunk configuration between two switches, using the Fast Ethernet uplink ports on the supervisor engine. 5-16 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 89
Make sure Switch 1 is a VTP server. You can configure Switch 2 as a VTP client or as a VTP server. Switch_1> (enable) set vtp domain BigCorp mode server VTP domain BigCorp modified Switch_1> (enable) commands. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 5-17 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 90
Index VTP Version Local Mode Password BigCorp 1 2 server - Vlan-count Max-vlan-storage Config Revision Notifications default active . . . Switch_1> (enable) Configure the supervisor engine uplinks on Switch 1 as ISL trunk ports by Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 91
spanning tree takes one to two minutes to converge. After the network stabilizes, check the spanning tree state of each trunk port on 19 Switch_1> (enable) show spantree 1/2 Port Vlan Port-State Cost 1/2 1 blocking 19 1/2 10 blocking 19 1/2 20 blocking Guide-Releases 6.3 and 6.4 5-19 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 92
,31-1004 using portpri 32. Port 1/1 vlans 10,20,30 using portpri 1. Port 1/1 vlans 1005 using portpri 4. Switch_2> (enable) 5-20 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 93
Switch_1> (enable) show spantree 1/1 Port Vlan Port-State Cost 1/1 1 forwarding 19 1/1 10 forwarding 19 1/1 20 forwarding (enable) show spantree 1/2 Port Vlan Port-State Cost 1/2 1 blocking 19 1/2 10 blocking 19 1/2 20 5-4 shows the network after you configure VLAN - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 94
previously traveling over the failed link. If Trunk 1 fails in the network shown in Figure 5-4, STP reconverges to use Trunk 2 to forward traffic (enable) show spantree 1/2 Port Vlan Port-State Cost 1/2 1 forwarding 19 1/2 10 forwarding 19 1/2 20 Configuration Guide-Releases 6.3 and - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 95
network, the impact of broadcast storms increases. Because spanning tree applies to the entire network supervisor engine continues to transmit and receive packets from control protocols such as Cisco interface. Verify the allowed VLAN list for the trunk. Command clear Guide-Releases 6.3 and 6.4 5-23 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 96
Disabling VLAN 1 on Trunks Chapter 5 Configuring Ethernet VLAN Trunks 5-24 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 97
Fast Ethernet, and Gigabit Ethernet switching modules, as well as to the uplink ports on the supervisor engine. Note For complete syntax and Ethernet ports on all modules, including those on a standby supervisor engine, support EtherChannel (maximum of eight compatibly configured ports) with no - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 98
Understanding How EtherChannel Works Chapter 6 Configuring EtherChannel Note The network device to which a Catalyst 6000 family switch is connected may impose its own default, ports are in auto silent mode. Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 6-2 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 99
supervisor engine to determine if EtherChannel frame distribution is configurable on your switch: • If the display shows the "Sub-Type" to be "L2 Switching Engine I WS-F6020," then EtherChannel frame distribution is not configurable on your switch; it uses source and destination Media Access Control - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 100
network loops and other problems. Follow these guidelines to avoid configuration problems: • You can have a maximum of eight compatibly configured ports per EtherChannel; the ports do not have to be contiguous or on the same module An EtherChannel supports the same for a port list, the ports service - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 101
Port Mode, page 6-5 • Setting the EtherChannel Port Path Cost, page 6-6 • Setting the EtherChannel VLAN Cost, page 6-6 • Configuring EtherChannel Frame Distribution, page 6-8 • to auto. Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 6-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 102
-ID Platform group 20 1/1 20 1/2 066510644(cat26-lnf(NET25)) 2/1 WS-C6009 Console> (enable) Console> (enable) set channel cost 768 12 Port(s) 1/1,1/2 port path cost are updated to 31. Channel 768 cost is set to 12. Warning:channel cost may not be applicable if channel is broken. Console - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 103
3/47-48 vlan cost are updated to 16. cost 16 • set spantree portvlancost 3/48 cost 16 cost VLAN cost. Configure the port cost for the desired VLANs on set spantree portvlancost {mod/port} [cost cost WS-C6009 Console> (enable) Console> (enable) set channel vlancost 856 10 Port(s) 3/47-48 vlan cost - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 104
port channel all distribution session command option is supported on Supervisor Engine 2 only. This example shows how to the outgoing port used in an EtherChannel for a specific address or Layer 4 port number, perform this task 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 6-8 78 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 105
an EtherChannel: Console> (enable) set port channel 2/2-8 mode off Ports 2/2-8 channel mode set to off. Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 6-9 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 106
Configuring EtherChannel Chapter 6 Configuring EtherChannel 6-10 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 107
tunneling enables service providers to use a single VLAN to support customers who network device. The tunnel can cross other network links and other network devices before reaching the egress tunnel port. A tunnel can have as many tunnel ports as required to support Guide-Releases 6.3 and 6.4 7-1 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 108
configuring 802.1Q tunneling in your network: • Use asymmetrical links to put in the 802.1Q 2-byte Tag Control Information field. • Asymmetrical links do not support the Dynamic Trunking Protocol (DTP), configured on ports configured to support: - Private VLANs - Voice over IP (Cisco IP Phone 7960) • - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 109
edge switch in an ISP, but the customer network must use Per VLAN Spanning Tree + (PVST+) and cannot be configured for Multi-Instance Spanning Tree Protocol (MISTP). The ISP infrastructure must use either PVST+ or MISTP-PVST+. Configuring Support for 802.1Q Tunneling These sections describe 802.1Q - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 110
4/1. Console> (enable) show port dot1qtunnel 4/1 Port Dot1q tunnel mode 4/1 disabled Removing Global Support for 802.1Q Tunneling You do not need to enter the set dot1q-all-tagged disable from the port. Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 7-4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 111
-all-tagged disable [all] show dot1q-all-tagged This example shows how to remove tunneling support on the switch and verify the configuration: Console> (enable) set dot1q-all-tagged disable Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 7-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 112
Configuring Support for 802.1Q Tunneling Chapter 7 Configuring IEEE 802.1Q Tunneling Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 7-6 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 113
the specific functions that are common to all spanning tree protocols. Cisco's network while preventing undesirable loops. All spanning tree protocols use an algorithm that calculates the best loop-free path through the network. 78-13315-02 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 114
are placed in STP-blocked mode. The topology of an active switched network is determined by the following: • The unique switch identifier Media Access Control ([MAC] address of the switch) associated with each switch • The path cost to the root associated with each switch port • The port identifier - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 115
port for the switched network, as well as MAC address in the network becomes the root switch stations in a switched network might not be ideal. ] link) is the root port. Network traffic might be more efficient over the by changing the Port Cost parameter for the fiber- cost. switch • The cost of the - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 116
specify the calculation method using the CLI. Calculating the Port Cost Using the Short Method The IEEE 802.1D specification assigns 16-bit (short) default port cost values to each port based on bandwidth. You can also manually assign port costs between 1 and 65535. The 16-bit values are only used - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 117
manually assign port costs between 1 and 200,000,000. The formula for obtaining default 32-bit port costs is to divide the bandwidth of the port by 200,000,000. Table 8-1 shows the default port cost old topology. Note With IOS Release 12.1.(1)E or later (TCN) from the supervisor engine. The feature - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 118
, VLAN Trunking Protocol (VTP). When you enable spanning tree, every switch in the network goes through the blocking state and the transitory states of listening and learning at power and forwarding are enabled. Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 8-6 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 119
BPDUs and directs them to the system module. • Does not transmit BPDUs received from the system module. • Receives and responds to network management messages. Listening State The listening state state. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 8-7 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 120
and directs them to the system module. • Processes BPDUs received from the system module. • Receives and responds to network management messages. Learning State A port and directs them to the system module. Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 8-8 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 121
Network management and data frames Filtering database System module Frame forwarding Station addresses Data frames BPDUs Port 2 Network management frames Learning All segment frames BPDU and network management frames S5694 78-13315-02 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 122
and directs them to the system module. • Processes BPDUs received from the system module. • Receives and responds to network management messages. Caution Use spanning tree BackboneFast, and Loop Guard." 8-10 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 123
not direct them to the system module. • Does not receive BPDUs for transmission from the system module. • Receives and responds to network management messages. Understanding PVST+ and -PVST+ (combination mode) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 8-11 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 124
than one for each VLAN, as in PVST+. Because there are fewer BPDUs in an MISTP network, MISTP networks converge faster with less overhead. MISTP discards PVST+ BPDUs. An MISTP instance can have any required.) 8-12 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 125
You can use the show module command to view the MAC address the range is assigned to the supervisor engine in-band (sc0) management Reduction For Catalyst family switches that support 4096 VLANs, MAC address reduction unique identifier in the network. When you enable Guide-Releases 6.3 and 6.4 8-13 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 126
sec Forward Delay 15 sec If you have a Catalyst switch in your network with MAC address reduction enabled, you should also enable MAC address reduction Cisco switches that have 64 MAC addresses (Cisco 7606, CISCO7603, WS-C6503, and WS-C6513). 8-14 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 127
cost • Gigabit Ethernet: 4 • Fast Ethernet: 191 • FDDI/CDDI: 10 • Ethernet: 1002 Default spantree port cost mode configurable on a per-VLAN basis in PVST+ Port VLAN cost Same as port cost but configurable on a per-VLAN basis in PVST+ the port cost is 19. 2. If 10/100 Mbps ports autonegotiate or are - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 128
enabled Designated Root 00-60-70-4c-70-00 Designated Root Priority 16384 Designated Root Cost 19 Designated Root Port 2/3 Root Max Age 14 sec Hello Time 2 sec Forward type ieee Spanning tree enabled 8-16 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 129
Cost Cost Prio Portfast Channel_id 1/1 1 not-connected 4 32 disabled 0 1/2 1 not-connected 4 32 disabled 0 2/1 1 not-connected 100 32 disabled 0 2/2 1 not-connected 100 32 disabled 0 2/3 1 forwarding 12 32 disabled 0 78-13315-02 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 130
. Port Vlan Port-State Cost Prio Portfast Channel_id 1/1 1 Cost Mode If any switch in your network is using a port speed of 10 Gb or over and the network is using PVST+ spanning tree mode, all switches in the network must have the same path cost enabled, the actual cost is incremented by - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 131
set spantree portvlancost 2/3 cost 20000 1-5 Port 2/3 VLANs 6-11,13-1005,1025-4094 have path cost 12. Port 2/3 VLANs 1-5,12 have path cost 20000. This parameter applies to trunking ports only. Console> (enable 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 8-19 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 132
a VLAN. The port with the lowest priority value for a specific VLAN forwards frames for that VLAN. The possible port priority range spantree portvlancost 2/1 cost 99 set spantree portvlancost 2/2 cost 99 set spantree portvlancost 2/3 cost 20000 1-5,12 Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 133
routers in the VLAN. If spanning tree remains enabled on the switches and routers, they will have incomplete information about the physical topology of the network which may cause unexpected results. 78-13315-02 Catalyst 6000 Family Software Configuration - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 134
instances on Catalyst 6000 family switches that are either in VTP server mode or transparent mode only. You cannot map VLANs to MISTP switches while you configure them. When all switches in the network are configured in MISTP-PVST+, you can then enable MISTP Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 135
to 10 Mbps, the port cost is 100. Setting MISTP-PVST+ Mode or MISTP Mode If you enable MISTP in a PVST+ network, you must be careful to avoid bringing down the network. This section explains how to the switch. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 8-23 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 136
MISTP-PVST+ mode. When in the PVST+ mode, use the optional keyword config to display the list of mappings configured on the local switch. Note MAC addresses are not displayed when you specify the 3e-78-70-00 - 8-24 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 137
sys ID ext: 1) Hello Time 2 sec Forward Delay 15 sec Port Vlan Port-State Cost Prio Portfast Channel_id 1/1 1 not-connected 20000 32 disabled 0 1/2 1 not-connected 20000 32 200000 32 disabled 0 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 8-25 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 138
4c-18-00 Designated Root Priority 32769 (root priority: 32768, sys ID ext: 1) Designated Root Cost 0 Designated Root Port none VLANs mapped: 6 Root Max Age 20 sec Hello Time 2 sec Forward /port] active 8-26 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 139
cost 22222222. Port 2/12 instances 2 have path cost 110110. Console> (enable) Configuring the MISTP Port Instance Priority You can set the port priority for an instance of MISTP. The port with the lowest priority value for a specific Family Software Configuration Guide-Releases 6.3 and 6.4 8-27 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 140
. Console> (enable) show spantree mistp-instance 2 Instance 2 Spanning tree mode MISTP Spanning tree type ieee Spanning tree instance enabled . . . 8-28 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 141
00 Designated Root Priority 49153 (root priority: 49152, sys ID ext: 1) Designated Root Cost 0 Designated Root Port none VLANs mapped: 6 Root Max Age 20 sec Hello Time 15 sec Port Inst Port-State Cost Prio Portfast Channel_id 78-13315-02 Catalyst 6000 Family Software Configuration - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 142
To clear up the conflict, you must manually remove the incorrect mapping(s) from the root switch. The remaining entry on the list becomes the official mapping. To determine VLAN Vlan 6 configuration successful 8-30 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 143
on access switches. To configure a switch as the primary root switch, perform this task in privileged mode: 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 8-31 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 144
. VLANs 22,24 bridge hello time set to 1 second. VLANs 22,24 bridge forward delay set to 7 seconds. Console> (enable) Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 145
Timer, and Maximum Age Timer requires a 50-second delay. This reconfiguration time depends on the network diameter, which is the maximum number of bridges between any two end stations. To speed up listening and 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 8-33 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 146
for the specified port(s). If a port goes into the root-inconsistent state, it automatically goes into the listening state. 8-34 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 147
time for a VLAN or for an MISTP instance. The possible range of interval is 1 to 10 seconds. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 8-35 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 148
spanning tree maximum aging time for a VLAN or an instance. The possible range of agingtime is 6 to 40 seconds. 8-36 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 149
skewing detects BPDUs that are not processed in a regular time frame on the nonroot switches in the network. If BPDU skewing occurs, a syslog message is displayed. The syslog applies to both PVST+ and seconds 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 8-37 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 150
Configuring BPDU Skewing Chapter 8 Configuring Spanning Tree Configuring BPDU Skewing Commands that support the spanning tree BPDU skewing feature perform these functions: • Allow you 26:05 Console> (enable) 8-38 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 151
shows how to configure BPDU skewing for VLAN 1 on module 8, port 2 and view the skewing statistics: Console> command displays if BPDU skew detection is enabled and also lists the VLANs or instances affected in the skew. This example 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 8-39 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 152
Configuring BPDU Skewing Chapter 8 Configuring Spanning Tree 8-40 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 153
BPDU Filter, page 9-11 • Configuring UplinkFast, page 9-13 • Configuring BackboneFast, page 9-15 • Configuring Loop Guard, page 9-17 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 9-1 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 154
connected to a single workstation or server to allow those devices to connect to the network immediately, rather than waiting for spanning prevent invalid configurations, because you must manually put the interface back in service. Note When enabled on the Guide-Releases 6.3 and 6.4 9-2 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 155
is a set of ports (per VLAN), only one of which is forwarding at any given time. Specifically, an uplink group consists of the root port (which is forwarding) and a set of blocked ports. forwarding state 11242 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 9-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 156
switchover takes approximately 30 seconds. Figure 9-4 shows how BackboneFast reconfigures the topology to account for the failure of link L1. Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 9-4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 157
to become designated as root if BPDUs are absent. Some software failures may introduce temporary loops in the network. The loop guard feature checks if a root port or an alternate root port receives BPDUs. If . 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 9-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 158
a shared link. Note We recommend that you enable loop guard on root ports and alternate root ports on access switches. Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 9-6 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 159
dynamic VLAN membership. • If your network has a type-inconsistent port or to the redundant supervisor engine. The newly activated supervisor engine recovers the port grouped in the channel must have compatible configurations. PAgP enforces uniform configurations of Guide-Releases 6.3 and 6.4 9-7 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 160
switch port; otherwise, you might create a network loop. To enable PortFast on a switch port connected to a single workstation or server. Verify the PortFast setting. Command set spantree 4/1 Port Vlan Port-State Cost 4/1 1 blocking 19 4/1 100 Guide-Releases 6.3 and 6.4 9-8 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 161
0 0 4 4 100 0 0 0 4 4 152 0 0 0 4 4 200 0 0 0 5 5 300 0 0 0 4 4 400 0 0 0 4 4 500 0 0 0 4 4 521 0 0 0 4 4 524 0 0 0 4 4 570 0 0 0 4 4 801 0 0 0 0 0 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 9-9 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 162
0 4 4 400 0 0 0 4 4 500 0 0 0 4 4 521 0 0 0 4 4 524 0 0 0 4 4 570 0 0 0 4 4 801 0 0 0 0 0 802 0 0 0 0 0 850 0 0 0 4 4 917 0 0 0 4 4 999 0 0 0 4 4 9-10 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 163
for vlans: none. Portfast bpdu-filter enabled for bridge. Uplinkfast disabled for bridge. Backbonefast disabled for bridge. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 9-11 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 164
0 0 4 4 2 0 0 0 4 4 3 0 0 0 4 4 4 0 0 0 4 4 5 0 0 0 4 4 6 0 0 0 4 4 10 0 0 0 4 4 . . . 802 0 0 0 0 0 850 0 0 0 4 4 917 0 0 0 4 4 999 0 0 0 4 4 9-12 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 165
Enabling UplinkFast The set spantree uplinkfast enable command increases the path cost of all ports on the switch, making it unlikely that the spantree uplinkfast enable VLANs 1-4094 bridge priority set to 49152. The port cost and portvlancost of all ports set to above 3000. Station update rate set - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 166
to off. VLAN port list 1 1/1(fwd),1/2 100 1/2( field set to off. VLAN port list 1-20 1/1(fwd),1/2-1/5 21-50 to 49152. The port cost and portinstancecost of all feature settings for a specific instance: Console> show Inst port list 1 4/1(fwd priority and port cost values are not - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 167
uplinkfast all-protocols field set to off. VLAN port list 1 1/1(fwd),1/2 100 1/2(fwd) 521 1/1(fwd),1/2 522 it on all switches in the network. BackboneFast is not supported on Token Ring VLANs. This feature is supported for use with third-party switches Guide-Releases 6.3 and 6.4 9-15 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 168
) set spantree backbonefast disable Backbonefast enabled for all VLANs Console> (enable) show spantree backbonefast Backbonefast is disable. Console> (enable) 9-16 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 169
disable rootguard on this port. Do you want to continue (y/n) [n]? y Loopguard on port 5/1 is disabled. Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 9-17 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 170
Configuring Loop Guard Chapter 9 Configuring Spanning Tree PortFast, UplinkFast, BackboneFast, and Loop Guard 9-18 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 171
problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations. You can use VTP to manage VLANs 1 to 1005 in your network. (Note that VTP does not support Pruning, page 10-3 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 10-1 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 172
using either the command-line interface (CLI) or Simple Network Management Protocol (SNMP). By default, the switch is in VTP server mode and is in the no-management domain state until 802.10 SAID values (FDDI) 10-2 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 173
in your network, you must Support-A VTP server supported in supervisor engine software release 5.1(1) and later releases. Note If you are using routers to route between emulated LANS, you should disable VTP pruning in the VTP management domain that contains the switches with ATM LANE modules installed - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 174
Switch 1. Switch 1 floods the broadcast and every switch in the network receives it, even though Switches 3, 5, and 6 have no ports 6 Switch 3 Switch 1 Enabling VTP pruning on a VTP server enables pruning for the entire management domain. VTP pruning takes Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 175
VTP password VTP pruning Default Value Null Server Version 2 is disabled None Disabled VTP Configuration Guidelines Follow these guidelines when implementing VTP in your network: • All switches in a VTP domain 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 10-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 176
how to configure VTP: • Configuring a VTP Server, page 10-6 • Configuring a VTP Client Server When a switch is in VTP server mode, you can change the VLAN configuration and have it propagate throughout the network. To configure the switch as a VTP server Lab_Network 1 2 server - Vlan-count - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 177
running VTP version 2 does forward received VTP advertisements out all of its trunk links. Note Network devices in VTP transparent mode do not send VTP Join messages. On Catalyst 6000 family vtp domain 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 10-7 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 178
VTP version. Do not enable VTP version 2 unless every switch in the VTP domain supports version 2. Note In a Token Ring environment, you must enable VTP version 2 Index VTP Version Local Mode Password Lab_Net 1 2 server - Vlan-count Max-vlan-storage Config Revision Notifications 10 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 179
, VLANs 2-1000 are pruning eligible.) clear vtp pruneeligible vlan_range (Optional) Make specific VLANs pruning eligible set vtp pruneeligible vlan_range on the device. Verify the VTP pruning modified. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 10-9 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 180
domain Domain Name Domain Index VTP Version Local Mode Password Lab_Network 1 2 server - Vlan-count Max-vlan-storage Config Revision Notifications 8 1023 16 disabled Last vtp statistics 10-10 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 181
pruning statistics: Trunk Join Trasmitted Join Received 1/1 0 1/2 0 Console> (enable) ------------0 0 Summary advts received from non-pruning-capable device 0 0 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 10-11 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 182
Configuring VTP Chapter 10 Configuring VTP 10-12 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 183
to a VLAN, page 11-12 • Deleting a VLAN, page 11-13 • Configuring Private VLANs, page 11-13 • Configuring FDDI VLANs, page 11-24 • Configuring Token Ring VLANs Figure 11-1 shows an example of VLANs segmented into logically defined networks. These sections describe VLANs: • VLAN Ranges, page 11-2 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 184
Defined Networks Engineering VLAN Marketing VLAN Cisco router Fast routed. Port VLAN membership on the switch is assigned manually on a port-by-port basis. When you assign VLAN Ranges Catalyst 6000 family switches support 4096 VLANs in accordance with the Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 185
N/A VLANs. 1 Normal range Cisco default. You can use this Cisco defaults for FDDI and Token Ring. Not N/A supported on Catalyst 6000 family switches. You cannot delete these VLANs. 1006-1009 Reserved range Cisco exception: FlexWAN modules and routed ports instance • Private VLAN type: - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 186
Routes Explorer frames (ARE) and Spanning Tree Explorer frames (STE) for Token Ring • Remote Switched Port Analyzer (RSPAN) Default VLAN Configuration Table 11-2 shows the default VLAN configuration VLAN 11-4 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 187
bridge mode Remote switched port VTP to maintain global VLAN configuration information on your network, configure VTP before you create any normal-range manage extended-range VLANs 1025-4094.) • FlexWAN modules and routed ports automatically allocate a number of VLANs Guide-Releases 6.3 and 6.4 11-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 188
configure extended-range VLANs 1025-4094: • Extended-Range VLAN Configuration Guidelines, page 11-7 • Creating Extended-Range VLANs, page 11-7 11-6 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 189
if you have dot1q-to-isl mappings. • You can configure private VLAN parameters and RSPAN for extended-range VLANs; however, all then VLAN 4089, and so forth. Caution If you move a FlexWAN module from one slot to another on the same switch, it will allocate another Guide-Releases 6.3 and 6.4 11-7 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 190
switches in two ways: Note If the list of VLANs does match in both the switches, packet loss might occur. 1. From non-Cisco devices in your network using VLANs 1006-1024 to nonreserved VLANs on , page 11-10 11-8 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 191
VLANs are any VLANs that are not reserved by Cisco; this includes normal-range and extended-range VLANs. Note If You must configure the VLAN mappings on all applicable switches in the network. To map a reserved VLAN to a nonreserved VLAN, perform this Guide-Releases 6.3 and 6.4 11-9 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 192
completely cleared and the nonreserved VLANs still exist in the list of VLANs. To delete reserved VLAN mappings, perform this 802.1Q standard is 0-4095. In a network environment with non-Cisco devices connected to Cisco switches through 802.1Q trunks, you can Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 193
local to each switch. Make sure you configure the same VLAN mappings on all appropriate switches in the network. To map an 802.1Q VLAN to an ISL VLAN, perform this task in privileged mode: Step > (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 11-11 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 194
VLAN. You can create a new VLAN and then specify the module and ports later, or you can create the VLAN and specify the module and ports in a single step. Note Make sure you assign switch Console> (enable) 11-12 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 195
Ethernet VLAN in VTP server mode, the VLAN is Private VLAN, page 11-22 • Deleting an Isolated, Community, or Two-Way Community VLAN, page 11-22 • Deleting a Private VLAN Mapping, page 11-23 • Private VLAN Support on the MSFC, page 11-23 78-13315-02 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 196
promiscuous port. You can extend private VLANs across multiple Ethernet switches by trunking the primary, isolated, and any community or two-way community VLANs to other switches that support private VLANs. 11-14 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 197
port to monitor and/or back up all the private VLAN servers from an administration workstation. Note A two-way private VLANs: Note In this section, the term community VLAN is used for both unidirectional community VLANs and two-way community VLANs unless specifically Guide-Releases 6.3 and 6.4 11-15 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 198
a private VLAN, you cannot change the VTP mode to client or server mode, because VTP does not support private VLAN rejected. Table 11-3 Modules with Ports Listed by ASIC Groups Module Number WS-X6224-100FX-MT WS-X6248-RJ-45 WS-X6248-TEL Description Ports Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 199
Private VLANs Table 11-3 Modules with Ports Listed by ASIC Groups (continued) Module Number WS-X6348-RJ-45 Description 48-port 10/100TX RJ-45 WS In networks with should manually check remote SPAN VLAN (RSPAN) for a private VLAN. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 200
11 Configuring VLANs • IGMP snooping and multicast shortcuts are not supported in private VLANs. • You cannot enable EtherChannel on isolated, community, or promiscuous ports. • You can apply different VACLs and quality of service (QoS) ACLs to primary, isolated, and community VLANs. Note For - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 201
to the private VLAN using private VLAN, use 15/1 as the MSFC mod/port number if the supervisor engine is in slot 1, or use 16/1 if the supervisor private ports), you do not need to create private VLANs and you can prune the private set the following ports to Private Vlan 7,901: 4/3 Console> - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 202
Console> (enable) set pvlan 7 903 4/7-9 Successfully set the following ports to Private Vlan 7,903:4/7-9 Console> (enable) This example shows how to map the isolated/community 4/4-6 7 903 community 4/7-9 11-20 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 203
Private Private VLAN Port You can view the port capability of a port in a private be made a private vlan port. private vlan port due to Promiscuous ports cannot be made private private vlan port due to Trunking ports are not Private private vlan port due to Promiscuous ports cannot be made private - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 204
Ports 5/1 - 5/12 are in the same ASIC range as port 5/3. Port 5/3 cannot be made a private vlan port due to Conflict with Promiscuous port(s) : 5/2 Conflict with Trunking port(s) : 5/1 Console> ( > (enable) 11-22 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 205
private VLAN support on the MSFC: • Enter the show pvlan command to display information about private VLANs. The show pvlan command displays information about private VLANs only when the primary private VLAN is up. • Entering a set pvlan mapping or a clear pvlan mapping command on the supervisor - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 206
• You can add or remove private VLAN ARP entries manually as follows: obelix-rp(config)# Token Ring VLANs These sections describe the two Token Ring VLAN types that are supported on switches running VTP version 2: • Understanding Token Ring TrBRF VLANs, page Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 207
switches do not support ISL-encapsulated Token network (see Figure 11-2). The TrBRF can be extended across a network on different logical rings. To accommodate IBM System Network Architecture (SNA) traffic, you can use a combination network: undistributed and backup. 78-13315-02 Catalyst - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 208
one backup TrCRF for a TrBRF is allowed, and only one port per switch can belong to a backup TrCRF. 11-26 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 209
vlan [name name] type trbrf [said said] [mtu mtu] bridge bridgeber [stp {ieee | ibm}] show vlan [vlan] 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 11-27 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 210
must specify a ring number (either in hexadecimal or in decimal) and a parent TrBRF VLAN when creating a new TrCRF. 11-28 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 211
the VLAN configuration. Command set vlan vlan aremaxhop hopcount set vlan vlan stemaxhop hopcount show vlan [vlan] 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 11-29 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 212
998 trcrf 100998 4472 999 0xff - - srb 0 0 VLAN AREHops STEHops Backup CRF 998 10 10 off Console> (enable) 11-30 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 213
Module Port Adapter Installation and Configuration Notes for information about configuring routing on FlexWAN module interfaces. Understanding How InterVLAN Routing Works Network network, each VLAN is mapped to an IPX network number. Configuring VLANs helps control Guide-Releases 6.3 and 6.4 12-1 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 214
them much as you do a physical router interface. MSFC2 and MSFC support the same range of VLANs as the supervisor engine. MSFC2 supports up to 1,000 VLAN interfaces. MSFC supports up to 256 VLAN interfaces. 12-2 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 215
. Router(config-if)# Ctrl-Z 1. This step is necessary if you have multiple routers in the network. 2. This step is necessary if you enabled IP routing in Step 1. This step might include other commands type. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 12-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 216
config-if)# Ctrl-Z 1. This step is necessary if you have multiple routers in the network. This example shows how to enable AppleTalk routing on the MSFC, create a VLAN interface Auto State Feature, page 12-5 12-4 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 217
. Entering the show mls entries command on the supervisor engine displays the other packets in the Layer 2 redirected flows. Configure the Cisco IOS WCCP as described in the Cisco IOS Configuration Fundamentals Configuration Guide at http://www.cisco.com/univercd/cc/td/doc/product/software/ios121 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 218
switch does not have knowledge of, or control over, the MSM or MSFC configuration (just as the switch does not have knowledge of, or control over, external router configurations). The auto Console> (enable) 12-6 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 219
by default. This example shows how to disable the auto state feature if you have an MSM installed: Console> (enable) set msmautostate disable MSM port auto state disabled. Console> (enable) To Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 12-7 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 220
Configuring InterVLAN Routing on the MSFC Chapter 12 Configuring InterVLAN Routing 12-8 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 221
PFC2, page 13-12 • Configuring NetFlow Statistics, page 13-22 Note Supervisor Engine 1 with the PFC1 and the MSFC or MSFC2 provide Layer 3 the MSFC2 to support MLS on a Catalyst 5000 family switch, refer to the Layer 3 Switching Software Configuration Guide at http://www.cisco.com/univercd/cc - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 222
be Layer 3 switched. Note Layer 3 switching supports the routing protocols configured on the MSFC2. Layer switched after being processed by the VLAN access control list (VACL) feature and the quality of service (QoS) feature. Understanding Layer 3-Switched Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 223
IPX traffic, the switch increments the Layer 3 Transport Control value by 1 and recomputes the Layer 3 packet / Destination Net/ IPX Length/ Node/ Transport Control Socket Source Net/ Node/ Socket MSFC2 MAC Net/ IPX Length/ Node/ Transport Control Socket n+1 Destination B IPX Source Net - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 224
with CEF for PFC2. CEF for PFC2 is permanently enabled on Supervisor Engine 2. Cisco IOS CEF is permanently enabled on the MSFC2 in support of CEF for PFC2. CEF for PFC2 works with CEF (for be processed. 13-4 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 225
Works Note Access control lists (ACLs) and or topology changes occur in the network, the unicast and multicast routing tables tables on the MSFC2. The FIB supports 256K entries, which includes 16K IP multicast address for IP unicast • Destination IPX network for IPX unicast • Source and destination - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 226
: • Module number of the MSFC that is supporting the FIB • FIB entry type (receive, connected, resolved, drop, wildcard, or default) • Destination address (IP address or IPX network) • Destination mask • Next-hop address (IP address or IPX network) • Next-hop mask • Next-hop load-sharing weight - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 227
for PFC2 provides Layer 3 switching when the extended access list deny condition on the RPF interface specifies something other than the timers. CEF for PFC2 Examples Figure 13-1 shows a simple IP CEF network topology. In this example, Host A is on the Sales VLAN (IP Guide-Releases 6.3 and 6.4 13-7 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 228
Dd Host C 171.59.2.2 Data 171.59.1.2:171.59.2.2 Dd:Cc 44610 Figure 13-2 shows a simple IPX CEF network topology. In this example, Host A is on the Sales VLAN (IPX address 01.Aa), Host B is on A to Host C. 13-8 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 229
the statistics (see the "Excluding IP Protocol Entries from the NetFlow Table" section on page 13-25). 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 13-9 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 230
Masks Flow masks determine how NetFlow table entries are created. CEF for PFC2 supports only one flow mask (the most specific one) for all statistics. If CEF for PFC2 detects different flow masks be disabled) 13-10 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 231
services PFC2 supports a maximum of 16 unique Hot support the standby use-bia HSRP command. • CEF for PFC2 supports the following ingress and egress encapsulations: - For IP unicast: Ethernet V2.0 (ARPA) 802.3 with 802.2 with 1 byte control PFC2 supports 225.0.0.* through 239.0.0.* and - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 232
are reserved for routing control packets and must be • Displaying Layer 3-Switching Entries on the Supervisor Engine, page 13-12 • Configuring CEF Supervisor Engine CEF for PFC2 is permanently enabled on Supervisor Engine Layer 3-switching entries on the supervisor engine, perform this task: Task - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 233
> (enable) show mls entry Mod FIB-Type Destination-IP Destination-Mask NextHop-IP Weight 15 receive 0.0.0.0 255.255.255.255 15 receive 255.255.255.255 255.255 reflexive access control lists (ACLs). 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 13-13 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 234
is required to support CEF for PFC2. Note The ip load-sharing per-packet, ip cef accounting per-prefix, and ip cef accounting non-recursive IOS CEF commands on the "IP Multicast" section of the Cisco IOS IP and IP Routing Configuration Guide at http://www.cisco.com/univercd/cc/td/doc/product/software - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 235
on MSFC interfaces, see the "Enabling IP PIM on an MSFC2 Interface" section on page 13-15. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 13-15 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 236
Information on the MSFC2, page 13-16 • Displaying IP Multicast Information on the Supervisor Engine, page 13-20 Displaying IP Multicast Information on the MSFC2 These sections describe # show ip interface 13-16 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 237
00:00:19/00:02:41, flags:JT Incoming interface:Vlan800, RPF nbr 80.0.0.2, RPF-MFD Outgoing interface list: Vlan10, Forward/Dense, 00:00:19/00:00:00, H Displaying IP Multicast Details The show mls statistics] 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 13-17 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 238
install Ack:9 Flow install Nack:0 Flow update Ack:2 Flow update Nack:0 Flow delete Ack:0 Complete flow install Ack:10 Complete flow install shows how to display information on a specific IP MMLS entry on the MSFC: Router Vlan9 RFD-MFD installed: Vlan13 (1.1.9.3, Vlan9 RFD-MFD installed: Vlan12 (1.1.12 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 239
outgoing interfaces: Vlan20 Vlan9 RFD-MFD installed: Vlan11 Total hardware switched installed: 6 Router# This example shows Services Using Debug Commands on the SCP Table 13-4 describes the Serial Control Protocol (SCP)-related debug commands to troubleshoot Guide-Releases 6.3 and 6.4 13-19 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 240
on the Supervisor Engine These 3c-a0 Transmit: Delete Notifications: 23 Acknowledgements: 92 Flow Statistics: 56 Receive: Open Connection Requests: 1 Keep Alive Messages: 72 Shortcut Messages: 19 Shortcut Install TLV: 0 Global Delete TLV: 0 MFD Install TLV: 7 MFD Delete TLV: 0 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 241
Requests: 1 Keep Alive Messages: 68 Shortcut Messages: 6 Shortcut Install TLV: 4 Selective Delete TLV: 2 Group Delete TLV: 0 multicast statistics All statistics for the MLS routers in include list are cleared. Console> (enable) Displaying IP Multicast Guide-Releases 6.3 and 6.4 13-21 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 242
Console> (enable) This example shows how to display IP multicast entries for a specific MSFC2 and a specific multicast source address: Console> (enable) show mls multicast entry 15 source 1.1.11.1 13-28 13-22 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 243
Time Value The entry aging time for each protocol (IP and IPX) applies to all protocol-specific NetFlow table entries. Any entry that has not been used for agingtime seconds is aged out. 512 Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 13-23 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 244
table entry that is removed is the entry for flows to and from a Domain Name Server (DNS) or TFTP server; the entry might never be used again after it is created. Detecting and aging out the NetFlow table. 13-24 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 245
enter the show mls entry cef command (see the "Displaying Layer 3-Switching Entries on the Supervisor Engine" section on page 13-12.) To display a summary of NetFlow table entries and = 112 Total routes = 48 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 13-25 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 246
IPX flow mask is Destination flow IPX max hop is 15 Module 15:Physical MAC-Address 00-50-3e-a9-ab-fc Vlan statistics entry command can display all statistics or statistics for specific NetFlow table entries. Specify the destination address, source address Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 247
.26.22 source 172.20.22.113 flow tcp 1652 23 MLS IP entry cleared Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 13-27 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 248
debug information that you can send to your technical support representative for analysis if necessary. To display NetFlow statistics your technical support representative. Note The show tech-support command displays supervisor engine system information. Use application-specific commands to - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 249
Layer 3 switching with Supervisor Engine 1, the Policy for the supervisor engine commands used Supervisor Engine 2, PFC2, and MSFC2 provide Layer 3 switching with Cisco requires minimal support from the MSFC. The Layer 3 switching supports the routing protocols planning, and troubleshooting. Layer - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 250
• Layer 2 (MAC) source address • Layer 3 IP Time to Live (TTL) or IPX Transport Control • Layer 3 checksum • Layer 2 (MAC) checksum (also called the frame checksum or FCS) If Source calculation1 Data FCS 14-2 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 251
Header Layer 3 IPX Header Destination Source Checksum/ Destination Net/ IPX Length/ Node/ Transport Control Socket MSFC MAC Source A MAC n Destination B IPX Source Net/ Node/ Socket Source Data FCS 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 14-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 252
be used in place of the internal MLS-RP. Supervisor Engine 1, PFC, and MSFC or MSFC2 provide network traffic consists of many end-to-end conversations, or flows, between users or applications. MLS supports client to a server and from the server to the client Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 253
destination IP multicast group. The PFC uses this list to identify the VLANs on which traffic to a given multicast flow should be replicated. These MSFC IOS commands affect the multicast MLS cache entries on . 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 14-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 254
Mask Modes The PFC supports only one flow mask (the most specific one) for all entry for each destination IPX address (network and node). All flows to a part of the entry. The source VLAN is the multicast reverse path forwarding (RPF) interface for the multicast flow. • full flow-The most-specific - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 255
5/8 1/1 2345 123456 09:03:32 09:08:12 Total Entries: 2 * indicates TCP flow has ended Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 14-7 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 256
on an egress interface for the flow. • The extended access list deny condition on the RPF interface specifies anything other than the expiration timers. MLS Examples Figure 14-1 shows a simple IP MLS network topology. In this example, Host A is on the Sales VLAN Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 257
59.2.2 Data 171.59.1.2: 2000 Dd:Cc 25481 Figure 14-2 shows a simple IPX MLS network topology. In this example, Host A is on the Sales VLAN (IPX address 01.Aa), traffic from Host C to Host A. The destination VLAN is stored as part of each IPX MLS entry so that the correct VLAN identifier is used - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 258
seconds (no fast aging) 0 packets Table 14-2 shows the default IP MMLS switch configuration. Table 14-2 Default IP MMLS Supervisor Engine Configuration Feature Default Value Multicast services (IGMP snooping or GMRP) Disabled IP MMLS Enabled 14-10 Catalyst 6000 Family Software Configuration - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 259
1500. To change the MTU on an IP MLS-enabled interface, enter the ip mtu mtu command. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 14-11 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 260
Supervisor Engine 1 for IP MMLS: • Only ARPA rewrites are supported for IP multicast packets. • Subnetwork Address Protocol (SNAP) rewrites are not supported. • You must enable one of the multicast services . 14-12 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 261
IPX MLS Interaction with Other Features Other IOS software features affect IPX MLS as follows: • IPX accounting-IPX accounting cannot be enabled on an IPX MLS-enabled interface. • IPX EIGRP-To support MLS on EIGRP interfaces you must set the Transport Control (TC) maximum to a value greater than the - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 262
Supervisor Engine 1" section on page 14-17. Note The MSFC can be specified as the MLS route processor (MLS-RP) for Catalyst 5000 family switches using MLS. Refer to the Layer 3 Switching Configuration Guide disable unicast IP or IPX MLS on a specific MSFC interface, perform this task: Task Specify - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 263
reenable) it if you have previously disabled it. To enable unicast IP or IPX MLS on a specific MSFC interface, perform this task: Task Command Specify an MSFC interface. Router(config)# interface vlan-id 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 14-15 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 264
Table 14-6 describes MLS-related debug commands that you can use to troubleshoot MLS problems on the MSFC. Table 14-6 MLS Debug Commands Command [no] and changes of access lists and flow masks. Turns on IPX-related events for MLS, including route purging Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 265
IP or IPX MLS on the MSFC, IP or IPX MLS is automatically disabled on Supervisor Engine 1. All existing protocol-specific MLS cache entries are purged. To disable MLS on the MSFC, see the "Disabling to 128. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 14-17 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 266
IPX MLS entries in the MLS table is low relative to IP MLS entries in full-flow mode. 14-18 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 267
is the entry for flows to and from a Domain Name Server (DNS) or TFTP server; the entry might never be used again after it is created section on page 14-6. For example, if you do not configure access lists on any MSFC, then the IP MLS flow mask on the PFC Guide-Releases 6.3 and 6.4 14-19 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 268
(enable) Displaying CAM Entries on the Supervisor Engine The show cam command displays the content-addressable memory (CAM) entries associated with a specific MAC address. If the MAC address belongs -----H H 14-20 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 269
information and MSFC-specific information for all MSFCs. Command show mls {ip | ipx} [mod1] 1. The mod keyword specifies the module number of the MSFC; either 15 (if the MSFC is installed on Supervisor Engine 1 in -02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 14-21 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 270
Supervisor Engine 1: • Displaying All MLS Entries, page 14-22 • Displaying MLS Entries for a Specific IP Destination Address, page 14-23 • Displaying IPX MLS Entries for a Specific TCP flow has ended. 14-22 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 271
Specific IP Destination Address To display MLS entries for a specific specific 172.20.25.1 (Module 15): 172.20.22 Module 16): Total entries:1 Console> (enable) Displaying IPX MLS Entries for a Specific IPX Destination Address To display IPX MLS entries for a specific specific .1.0.56 (Module 15): 3E - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 272
MSFC 172.20.27.1 (Module 16): Total entries:1 Console> (enable) Displaying Entries for a Specific IP Flow The show mls entry ip flow command displays MLS entries for a specific IP flow. The protocol argument -24 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 273
specific MSFC. Command show mls entry ipx mod1 1. The mod keyword specifies the module number of the MSFC; either 15 (if the MSFC is installed on Supervisor Engine 1 in slot 1) or 16 (if the MSFC is installed on Supervisor 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 14-25 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 274
Console> (enable) Clearing IPX MLS Cache Entries The clear mls entry ipx command removes specific IPX MLS cache entries. The destination and source keywords specify the source and destination IPX page 14-27 14-26 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 275
the destination IP address, source IP address, protocol, and source and destination ports to see specific MLS cache entries. A value of zero (0) for src_port or dst_port is treated as a 347854 Console> 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 14-27 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 276
send to your technical support representative. Note The show tech-support command displays supervisor engine system information. Use application-specific commands to get more Interfaces, page 14-30 14-28 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 277
on the MSFC. For more detailed IP multicast configuration information, refer to the "IP Multicast" section of the Cisco IOS IP and IP Routing Configuration Guide at http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt3/index.htm Enabling IP Multicast Routing Globally - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 278
)# mls ip multicast Router(config-if)# Use the no keyword to disable IP MMLS on an MSFC interface. 14-30 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 279
59, RP 80.0.0.2, flags:SJ Incoming interface:Vlan800, RPF nbr 80.0.0.2 Outgoing interface list: Vlan10, Forward/Dense, 01:29:57/00:00:00, H (22.0.0.10, interface list: Vlan10, Forward/Dense, 00:00:19/00:00:00, H 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 14 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 280
statistics: Flow install Ack:9 Flow install Nack:0 Flow update Ack:2 Flow update Nack:0 Flow delete Ack:0 Complete flow install Ack:10 Complete flow install Nack:0 Complete flow Complete flow exists error :0 14-32 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 281
specific IP MMLS entry on the MSFC: Router# show mls ip multicast 224.1.1.1 Multicast hardware switched flows: (1.1.13.1, 224.1.1.1) Incoming interface: Vlan13, Packets switched: 61590 Hardware switched outgoing interfaces: Vlan20 Vlan9 RFD-MFD installed debug troubleshooting Switching Services - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 282
Table 14-10 describes the Serial Control Protocol (SCP)-related debug commands to troubleshoot the SCP that runs over the MMLS Entries, page 14-36 Note IP MMLS is permanently enabled on Supervisor Engine 1 and cannot be disabled. Note To configure IP MMLS on Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 283
10 Router include list : 1.1.9.254 3c-a0 Transmit: Delete Notifications: 23 Acknowledgements: 92 Flow Statistics: 56 Receive: Open Connection Requests: 1 Keep Alive Messages: 72 Shortcut Messages: 19 Shortcut Install : 0 Global Delete TLV: 0 MFD Install TLV: 7 MFD Delete TLV: 0 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 284
0 Output VLAN Delete TLV: 0 Global Delete TLV: 0 MFD Install TLV: 4 MFD Delete TLV: 0 Console (enable) Clearing IP MMLS multicast statistics All statistics for the MLS routers in include list are cleared. Console> (enable) Displaying IP MMLS Entries Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 285
20 2756160 20 2756160 20 This example shows how to display IP MMLS entries for a specific multicast group address: Console> (enable) show mls multicast entry group 226.0.1.3 short Router > (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 14-37 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 286
Configuring MLS Chapter 14 Configuring MLS 14-38 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 287
Layer 3 switching with Cisco Express Forwarding for Remote Monitoring (RMON) capabilities on the switch that allow you to see all port traffic. Note NDE is not supported for IP multicast or Internetwork Packet Exchange (IPX) traffic. Note NDE version 7 and NDE version 8 are not supported - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 288
. Flow collectors, such as the Cisco SwitchProbe and NetFlow FlowCollector, gather and statistics cache of one or more switches or Cisco routers. The switch or router transmits data Integrated Layer 3 Switching Management Routers Network planning Accounting/Billing Switches Flow profiling Flow - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 289
Filter, page 15-8 • Specifying Protocols for Statistics Collection, page 15-8 • Removing Protocols for Statistics Collection, page 15-8 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 15-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 290
to four protocol filters, but packets from filtered protocols will go to the MSFC. • Keep specific flows from being added to the Netflow table with the set mls nde flow exclude command. } {udp_port_number} 15-4 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 291
the NDE source address on the MSFC: Router(config)# ip flow-export source vlan 10 Router(config)# 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 15-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 292
Command Specify a destination and source subnet set mls nde flow destination [ip_addr_spec] source filter for an NDE flow. [ip_addr_spec] 15-6 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 293
.69.194.140/255.255.255.255 Destination port filter is 23 Filter type: include Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 15-7 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 294
set mls statistics protocol 17 1934 Protocol 17 port 1934 is added to protocol statistics list. Console> (enable) Removing Protocols for Statistics Collection You can enter the clear mls protocol port | all} 15-8 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 295
17 1934 Protocol 17 port 1934 cleared from protocol statistics list. Console> (enable) Clearing the NDE Flow Filter To Netflow data export filter cleared. Console> (enable) Disabling NDE Note With Supervisor Engine 1 and a PFC, if NDE is enabled and you disable Guide-Releases 6.3 and 6.4 15-9 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 296
171.69.194.140/255.255.255.0 Destination port filter is 23 Total packets exported = 26784 Console> (enable) 15-10 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 297
This chapter describes how to configure access control lists (ACLs) on the Catalyst 6000 family switches. Configuration of the ACLs depends on the type of hardware you install on your supervisor engine. See the "Hardware Requirements" section on page 16-2 for details. Note For complete syntax - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 298
by which switching engine daughter card is installed on the supervisor engine. See Chapter 41, "Configuring QoS" for more information. Supported ACLs These sections describe the ACLs supported by the Catalyst 6000 family switches: • QoS ACLs, page 16-2 • Cisco IOS ACLs, page 16-3 • VACLs, page 16 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 299
Inbound access control ACLs (standard, extended, and/or reflexive) • Encryption ACLs (not supported on the MSFC) • Policy routing ACLs • Network Address Translation (NAT) for outside-to-inside translation After packets are routed and before they are forwarded out to the next hop, Cisco IOS examines - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 300
VACLs are used to access control this traffic. You can enforce Supported in VACLs A VACL contains an ordered list of access control support three types of ACEs in the hardware: • IP ACEs • IPX ACEs • Ethernet ACEs Table 16-1 lists network IPX destination network IPX destination node IPX - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 301
Configuring Access Control Supported ACLs Table permit tcp .... port eq port_number and the software would implicitly install the following ACE at the top of the ACL: permit does not automatically install a global permit statement for fragments. This keyword allows you to control how fragments are - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 302
Supported ACLs Chapter 16 Configuring Access Control statement, the next access-list entry is processed. Note implicitly installs ACEs to permit flows to a specific IP address to the TFTP server 10.1.1.2. The system automatically installs a permit for all Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 303
Access Control Applying Cisco IOS ACLs and VACLs on VLANs Applying Cisco IOS ACLs and VACLs on VLANs This section describes how to apply Cisco IOS ACLs order: 1. VACL for input VLAN 2. Input Cisco IOS ACL 3. Output Cisco IOS ACL 4. VACL for output VLAN 78-13315-02 Catalyst 6000 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 304
Cisco IOS ACLs and VACLs on VLANs Chapter 16 Configuring Access Control Figure 16-2 Applying ACLs on Routed Packets Routed Input IOS ACL Bridged VACL MSFC Output IOS VACL for input VLAN b. Input Cisco IOS ACL 2. Packets after multicast expansion: a. Output Cisco IOS ACL b. VACL for output VLAN - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 305
ACLs for IP, refer to the "Configuring IP Services" chapter in the Network Protocols Configuration Guide, Part 1. When a feature is configured on the router to process traffic (such as NAT), the Cisco IOS ACL associated with the feature determines the specific traffic that is bridged to the router - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 306
Cisco IOS ACLs in your Network Chapter 16 Configuring Access Control Caution For PFC: By default, the MSFC sends Internet Control list command, the match count displayed does not account for packets access controlled in the hardware. Note IPX Cisco IOS software: • Security Cisco IOS ACLs, page 16- - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 307
Chapter 16 Configuring Access Control Using Cisco IOS ACLs in your Network • NAT, page 16-12 • Unicast RPF Check, page 16-12 • Bridge-Groups, page 16-12 Security Cisco IOS ACLs The IP and IPX security Cisco IOS ACLs with PFC are as follows: • The flows that match a "deny" statement in a security - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 308
Cisco IOS ACLs in your Network Chapter 16 Configuring Access Control are handled in the software; HTTP replies from the server and the Cache Engine are handled in the hardware. in the hardware. Unicast RPF Check The unicast RPF feature is supported in hardware on the PFC. For ACL-based RPF checks, - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 309
show ip access-list command, the match count displayed does not account for packets access controlled in the hardware. Note IPX Cisco IOS ACLs with the input and output ACLs are supported in the hardware when the ACL parameters are IPX source network, destination network, destination node, and/or - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 310
Using Cisco IOS ACLs in your Network Chapter 16 Configuring Access Control Reflexive ACLs ICMP packets are handled in the software. For TCP/UDP flows, once the flow is established, they are handled in hardware. Note that - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 311
cause high CPU utilization. Note Drop-suppress statistics for ACL-based RPF check is not supported. Bridge-Groups Cisco IOS bridge-group ACLs are handled in the software. Using VACLs with Cisco IOS ACLs To access control both bridged and routed traffic, you can use VACLs only or a combination of - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 312
Cisco IOS ACLs Chapter 16 Configuring Access Control Guidelines for Configuring Cisco IOS ACLs and VACLs on the Same VLAN Interface Follow these guidelines when you need to configure a Cisco IOS Cisco IOS the end of the list specifying permit ip list). An ACL end of the list). When configuring - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 313
Chapter 16 Configuring Access Control Using VACLs with Cisco IOS ACLs To specify a with Layer 4 information, put the Layer 4 ACEs at the end of the list to prioritize the traffic filtering based on IP addresses. Estimating Merge Results If you Configuration Guide-Releases 6.3 and 6.4 16-17 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 314
Using VACLs with Cisco IOS ACLs Chapter 16 Configuring Access Control ******** IOS ACL 1 deny ip any host 239.255.255.255 2 permit ip any any ******** MERGE ********** has any any lt 30 5 permit ip any any 16-18 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 315
Chapter 16 Configuring Access Control Using VACLs with Cisco IOS ACLs ******* IOS ACL 1 deny ip any host 239.255.255.255 2 permit ip any any ******* MERGE .0 0.0.0.15 gt 1023 [...] total 168 entries 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 16-19 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 316
Using VACLs with Cisco IOS ACLs Chapter 16 Configuring Access Control ******** IOS ACL ********* 1 permit ip 147.150.213.64 0.0.0.31 194.72.6.64 0.0.0.15 2 ... lt 9 deny ... gt 11 deny ... neq 6 redirect 16-20 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 317
Chapter 16 Configuring Access Control Using VACLs with Cisco IOS ACLs Note There is no limit to the use of "eq" operators as the "eq" ACL1 Layer 4 operations: 5 • ACL2 Layer 4 operations: 4 • LOUs: 4 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 16-21 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 318
VACLs in your Network Chapter 16 Configuring Access Control An explanation Specific Server Port, page 16-23 • Restricting the DHCP Response for a Specific Server, page 16-24 • Denying Access to a Server on Another VLAN, page 16-25 • Restricting ARP Traffic, page 16-26 • Configuring ACLs on Private - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 319
with MSFC Using VACLs in your Network Switch A with PFC only VACL: deny http from X to Y http is dropped at entry point Host X VLAN 1 VLAN 2 Packet Switch C with PFC only Host Y 26959 Redirecting Broadcast Traffic to a Specific Server Port Some application traffic uses broadcast packets - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 320
Using VACLs in your Network Chapter 16 Configuring Access Control Figure 16-5 Redirecting Broadcast Traffic to a Specific Server Port VACL Target server Host A 4/1 Catalyst 6500 series switches with PFC Host B VLAN 10 Application broadcast packet Host C 26960 Restricting the DHCP Response - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 321
Chapter 16 Configuring Access Control Using VACLs in your Network Figure 16-6 shows that only the target server returns a DHCP response from the DHCP request. Figure 16-6 Redirect DHCP Response for a Specific Server VACL Target server 1.2.3.4 Host A Catalyst 6500 series switches with PFC - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 322
in your Network Chapter 16 Configuring Access Control Figure 16-7 Deny Access to a Server on Another VLAN VACL 10.1.1.100 Server (VLAN 10 the associated secondary VLANs. • You cannot map Cisco IOS ACLs to secondary VLANs. • You cannot map dynamic ACEs to a private VLAN. • You can map QoS ACLs to - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 323
complete configuration details. Unsupported Features This section lists ACL-related features that are not supported or have limited support on the Catalyst 6000 family switches. • Non-IP version 4/non-IPX Cisco IOS ACLs-The following types of Cisco IOS security ACLs cannot be enforced on the switch - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 324
Control Configuring 16-16. • See the "Using VACLs in your Network" section on page 16-22 for configuration examples. • list of ACEs before making any changes to the edit buffer. • Note that in systems with redundant MSFCs, the ACL configurations for Cisco IOS Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 325
Control Configuring VACLs • Follow these guidelines for using the redirect option: - Note that redirected packets can only go out a port that supports Note VACLs have an implicit deny feature at the end of the list; a packet is denied if it does not match any VACL Guide-Releases 6.3 and 6.4 16-29 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 326
Access Control • Clearing in privileged mode: Task • If an IP protocol specification is not required, use the following syntax. Command set VACLs have an implicit deny feature at the end of the list, all other traffic is denied. This example shows how to Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 327
Control ] command to see the current ACE listing stored in NVRAM (enter the editbuffer service levels that range between 0 and 15. Note The ToS is bits 3 through 6 of the IP ToS byte as defined by RFC-1349. The precedence is bits 0 through 2 as defined by RFC Guide-Releases 6.3 and 6.4 16-31 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 328
VACLs Chapter 16 Configuring Access Control ACL IPACL2 is committed to an ACE for IPXACL1 to redirect broadcast traffic to port 4/1 from source network 3456: Console> (enable) set security acl ipx IPXACL1 redirect 4/1 any 3456 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 329
16 Configuring Access Control Configuring VACLs This This example shows how to create an ACE for IPXACL1 to allow all traffic from source network 1 and insert this ACE before ACE number 2: Console> (enable) set security acl ipx Family Software Configuration Guide-Releases 6.3 and 6.4 16-33 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 330
AppleTalk, DECnet, and so on) are classified as MAC traffic and MAC VACLs are used to access control this traffic. To create a new non-IP version 4/non-IPX VACL and add ACEs, or to hardware. Console> (enable) 16-34 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 331
Chapter 16 Configuring Access Control Configuring VACLs Note to map it to a VLAN. Committing ACLs You can commit all ACLs or a specific ACL to NVRAM with the commit command. Any committed ACL with no ACEs will be Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 16-35 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 332
Access Control Showing | all} This example shows how to show the mappings of a specific VACL: Console> (enable) show security acl map IPACL1 ACL IPACL1 1 Console> (enable) This example shows how to show the mappings of a specific VLAN: Console> (enable) show security acl map 1 VLAN 1 is mapped to - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 333
16 Configuring Access Control Configuring VACLs Clearing the last commit state. Console> (enable) Removing ACEs from Security ACLs You can remove a specific ACE or all ACEs from an ACL with the clear security acl command. This command Family Software Configuration Guide-Releases 6.3 and 6.4 16-37 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 334
Configuring Access Control This example This example shows how to clear the mapping for a specific VACL on a specific VLAN: Console> (enable) clear security acl map IPACL1 when configuring capture ports: • The capture port cannot be part of an EtherChannel. • The capture port cannot be an - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 335
Chapter 16 Configuring Access Control Configuring VACLs • You can specify any number of switch ports as capture ports. Capture ports are added to a capture port list and the configuration is saved in ) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 16-39 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 336
Note This feature is only available with Supervisor Engine 2 with Layer 3 Switching Engine controlled by the set logging level acl severity command. The first packet that triggers the access list logging messages to a syslog server. For information on configuring Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 337
Chapter 16 Configuring Access Control Configuring VACLs To enable VACL logging, perform these steps: Step 1 Step 2 Enter the set logging level acl Max Flow Pattern : 512 Redirect Rate (pps) : 1000 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 16-41 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 338
ACLs in Flash Memory Chapter 16 Configuring Access Control This example shows how to create an full. In addition to limiting ACL configuration, filling up NVRAM can cause problems when you attempt to upgrade from one software version to another. Note In Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 339
Chapter 16 Configuring Access Control Configuring and Storing VACLs and QoS ACLs in Flash Memory This section describes the following tasks: • Automatically Moving the VACL and QoS ACL Configuration to Flash Memory, page 16-43 • Manually Moving the VACL and QoS ACL Configuration to Flash Memory, - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 340
Control Manually Moving the VACL and QoS ACL Configuration to Flash Memory If your VACL and QoS ACL configuration requirements require more memory than the 512-KB NVRAM, you can manually automatically to the standby supervisor engine. Console> (enable Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 341
Control auto-config file is synchronized automatically to the standby supervisor engine because synchronization was enabled. If you cannot NVRAM. You have to copy the configuration to the Flash file manually as follows: • If you use the set boot config-register Guide-Releases 6.3 and 6.4 16-45 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 342
of VACL redirection supported by the Policy Feature Card 2 (PFC2). It can prove to be particularly beneficial in any flat Layer 2 network used for transparent bridging where a limited amount of inter-VLAN communication is required. This feature can also be used in server farms or DMZs where - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 343
Control specific, a rewritten network, you need to specify static ARP entries on participating hosts. Hardware and Software Requirements PBF hardware and software requirements are as follows: • PBF requires Supervisor Engine 2 with the Policy Feature Card 2 (PFC2) (WS-X6K-S2-PFC2). • PBF is not supported - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 344
Configuring Policy-Based Forwarding Chapter 16 Configuring Access Control Configuring Policy-Based Forwarding This section provides guidelines and configuration examples in use, packets might get dropped. 16-48 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 345
16 Configuring Access Control Configuring Policy-Based Forwarding 01-64-61-39-c2 Console> (enable) This example shows how to enable PBF with a specific MAC address: Console> (enable) set pbf mac 00-11-11-11-11-11 PBF committed Family Software Configuration Guide-Releases 6.3 and 6.4 16-49 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 346
Configuring Policy-Based Forwarding Chapter 16 Configuring Access Control This example shows how to clear the PBF MAC address: Console> (enable) clear pbf PBF cleared. used by more than one redirect ACE. 16-50 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 347
Chapter 16 Configuring Access Control Configuring Policy-Based Forwarding To specify an adjacency table entry for the PFC2, perform this task in ACL IPACL2 successfully mapped to VLAN 11. Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 16-51 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 348
Chapter 16 Configuring Access Control Displaying PBF Information This for all show pbf map [adj name] adjacency table entries or a specific adjacency table entry. Console> show security acl info adjacency set security acl adjacency Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 349
Chapter 16 Configuring Access Control Configuring Policy-Based Forwarding 3. Clear the adjacency table entry. 4. Commit the adjacency table entry. To clear a page 16-54 • MS-Windows/NT/2000 Hosts, page 16-55 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 16-53 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 350
Control Note When a router is not present in the network network support network, you must define the host routes for all networks part of a different network (11.x.x.x in this example). This is a limitation of ARP in all Sun Workstations. To overcome this problem that network as follows: - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 351
Chapter 16 Configuring Access Control Configuring Policy-Based Forwarding You need to set only one dummy ARP entry for PBF-related traffic and the hosts on VLAN 1 and hosts on VLAN 2 (see Figure 16-9). 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 16-55 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 352
Configuring Policy-Based Forwarding Chapter 16 Configuring Access Control Figure 16-9 Policy-Based Forwarding Configuration Example Catalyst 6500 series switches PFC2 MAC address: security acl map ip2 2 16-56 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 353
Chapter 16 Configuring Access Control Configuring Policy-Based Forwarding This example shows how to display MAC addresses learned by the switch 6/9 [ALL] Total Matching CAM Entries Displayed for 6/9 = 16 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 16-57 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 354
Configuring Policy-Based Forwarding Chapter 16 Configuring Access Control This example shows how to display the PBF status and the PFC2 MAC address: Console> (enable) -20-23 00-11-22-33-44-55 0x000260f8 b_4 16-58 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 355
• GVRP Configuration Guidelines, page 17-2 • Configuring GVRP, page 17-2 Note GVRP requires supervisor engine software release 5.2 or later releases. Understanding How GVRP Works GVRP is a GARP application 1p. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 17-1 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 356
GVRP Statistics, page 17-8 • Disabling GVRP on Individual 802.1Q Trunk Ports, page 17-8 • Disabling GVRP Globally, page 17-9 17-2 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 357
must be an 802.1Q trunk port, either through CLI configuration or Dynamic Trunking Protocol (DTP) negotiation. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 17-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 358
restrictions are imposed: • You cannot change the switch to VTP server or client mode • You cannot disable GVRP on a trunk port in the normal registration mode. Note Dynamic VLAN creation supports all VLAN types. To enable GVRP dynamic VLAN creation Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 359
gvrp registration normal 1/1 Registrar Administrative Control set to normal on port 1/1. Console trunk port in fixed registration mode allows manual creation and registration of VLANs, prevents VLAN registration fixed 1/1 Registrar Administrative Control set to fixed on port 1/1. Console> - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 360
enable) set gvrp registration forbidden 1/1 Registrar Administrative Control set to forbidden on port 1/1. Console> ( reconfiguration on a port connected to a device that does not support Per-VLAN STP+ (PVST+), configure the GVRP active applicant Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 361
. Console> (enable) show garp timer Timer Timer Value (milliseconds) Join 200 Leave 600 LeaveAll 10000 Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 17-7 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 362
an individual 802.1Q trunk port. Verify the configuration. Command set port gvrp disable mod/port show gvrp configuration 17-8 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 363
how to disable GVRP globally on the switch: Console> (enable) set gvrp disable GVRP disabled Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 17-9 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 364
Configuring GVRP Chapter 17 Configuring GVRP 17-10 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 365
Server Troubleshooting network to a port on another switch in the network , the switch assigns the new port to the proper VLAN for that host dynamically. When you enable VMPS, a MAC address-to-VLAN mapping database downloads from a Trivial File Transfer Protocol (TFTP) server VMPS server receives - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 366
to specific MAC addresses for that come online through the server VMPS database configuration filename VMPS fallback VLAN VMPS secure mode VMPS no domain requests Default Configuration Disabled Null None vmps-config-database.1 Null Open Allow 18-2 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 367
immediately to that VLAN. However, VMPS checks the legality of the specific host on the dynamic port after a certain period. • Static secure domain and the management VLAN of VMPS clients and the VMPS server must be the same. For more information, see Chapter 10 Guide-Releases 6.3 and 6.4 18-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 368
database and store it on a TFTP server. The VMPS parser is line based. Start incorrectly being read by the VMPS server. • Define the VMPS domain network connectivity. A port is identified by the IP address of the switch and the module/port server so it can be downloaded to the switch - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 369
specification. Configure dynamic port VLAN membership assignment to a port. Verify the dynamic port assignments. Command set vmps server ip_addr [primary] show vmps server set port membership mod/port dynamic show port [mod[/port]] 78-13315-02 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 370
specify the VMPS server, verify the VMPS server specification, assign dynamic ports, and verify the configuration: Console> (enable) show vmps server VMPS domain server VMPS Status show vmps statistics 18-6 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 371
status Console> (enable) To download the VMPS database manually (to download a changed database configuration file or retry after 2 Task Download the VMPS database from the TFTP server, or specify a different VMPS database configuration file. Verify Configuration Guide-Releases 6.3 and 6.4 18-7 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 372
Troubleshooting VMPS Table 18-2 shows VMPS error messages you might see when you enter the set vmps state enable or the download vmps command. Table 18-2 VMPS Error Messages VMPS Error Message TFTP server to prevent the host from connecting to the network. • More than 50 active hosts reside on - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 373
configuration file is an ASCII text file that is stored on a TFTP server accessible to the switch configured as the VMPS server. A summary of the configuration example follows: • The security mode is Purple ! 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 18-9 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 374
shows a network with a VMPS server switch and VMPS servers. • End stations are connected to these clients: - Switch 2 - Switch 9 • The database configuration file is called Bldg-G.db and is stored on a TFTP server with IP address 172.20.22.7. 18-10 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 375
Port VLAN Membership Configuration Catalyst 6500 series switches Primary VMPS Server 1 Switch 1 172.20.26.150 3/1 Client End 6000 Secondary VMPS Server 2 Switch 3 172.20.26.152 Ethernet segment Switch 4 172.20.26.153 Switch 5 172.20.26.154 Switch 6 172.20.26.155 TFTP server 172.20.22.7 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 376
port 3/1. When End Station 2 sends a packet, Switch 2 sends a query to the primary VMPS server, Switch 1. Switch 1 responds with the VLAN to assign to port 3/1. Because spanning tree PortFast mode native VLAN 18-12 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 377
and Cisco voice-over-IP networks, see Chapter 44, "Configuring a VoIP Network." Configuration manually configured, the VMPS server is queried for packets coming from the PC, not for packets coming from the IP phone. • All packets except Cisco Software Configuration Guide-Releases 6.3 and 6.4 18-13 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 378
> (enable) set port auxiliaryvlan 5/10 223 Auxiliary vlan cannot be set to 223 as PVID=223. Console> (enable) 18-14 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 379
number to see detailed information on that module. This example shows how to check module status. The output shows that there is one supervisor engine and four additional modules installed in the chassis. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 19-1 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 380
1.0 Console> (enable) This example shows how to check module status on a specific module: Console> (enable) show module 4 Mod Slot Ports Module-Type Model Status 4 4 48 10/100BaseTX (Telco) WS-X6248-TEL ok Mod Module-Name Serial-Num 4 SAD03140787 Mod MAC-Address(es) Hw - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 381
Checking Port Status This example shows how to see information on the ports on a specific module only: Console> (enable) show port 1 Port Name Status Vlan Duplex Speed off RxPause TxPause 0 0 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 19-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 382
WS-X6K-SUP1A-2GE Port 1/1 Type No Connector Speed 1000 Duplex full Trunk encap type 802.1Q,ISL Trunk mode on,off,desirable,auto,nonegotiate Channel yes Broadcast suppression percentage(0-100) Flow control devices in the network. Up to eight simultaneous Telnet sessions are possible. - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 383
on the network from the switch, perform this task in privileged mode: Task Open a Telnet session with a remote host. supported for remote logins to the switch only. Telnet sessions initiated from the switch cannot be encrypted. To use this feature, you must install Guide-Releases 6.3 and 6.4 19-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 384
, perform this task in privileged mode: Task Command Disconnect an active user session on the switch. disconnect {console | ip_addr} 19-6 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 385
, page 19-8 Understanding How Ping Works You can use IP ping to test connectivity to remote hosts. If you attempt to ping a host in a different IP subnetwork, you must define a static route to the network or configure a router to route between those subnets. The ping command is configurable from - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 386
ping another device on the network from the switch, perform one of these tasks in normal or privileged mode: Task Ping a remote host. Ping a remote host using ping options. Command /avg/max = 2/2/3 Console> 19-8 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 387
traffic only. • You must enable CDP on all of the Catalyst 5000 and 6000 family switches in the network. (See Chapter 29, "Configuring CDP" for information about enabling CDP.) If any devices in the path port. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 19-9 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 388
path that packets take through the network at Layer 3 on a hop-by-hop basis. The command output displays all network layer (Layer 3) devices, such (TTL) field in the IP header to cause routers and servers to generate specific return messages. Traceroute starts by sending a User Datagram Protocol ( - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 389
. Executing IP Traceroute To trace the path that packets take through the network, perform this task in privileged mode: Task Execute IP traceroute to trace the Layer ms 3 ms 3 ms 3 ms Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 19-11 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 390
Using IP Traceroute Chapter 19 Checking Port Status and Connectivity 19-12 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 391
16 • Displaying System Status Information for Technical Support, page 20-17 Setting the System Name and no system name configured. If you do not manually configure a system name, the system name is server • Enable DNS on the switch • Specify at least one valid DNS server on the switch - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 392
the system name changes, unless you manually configure the prompt using the set prompt the command-line interface (CLI) or Simple Network Management Protocol (SNMP) • You configure a • You enable DNS or specify DNS servers If the system name is user configured, Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 393
-Status Temp-Alarm Sys-Status Uptime d,h:m:s Logout ok none ok off ok 0,04:04:07 20 min 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 20-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 394
System Clock Note You can configure the switch to obtain the time and date using the Network Time Protocol (NTP). For information on configuring NTP, see Chapter 31, "Configuring NTP." Login Banner, page 20-5 20-4 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 395
switch. Verify the currently defined command aliases. Command set alias name command [parameter] [parameter] show alias [name] 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 20-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 396
module 8 sp8 show port 8 Console> (enable) sm8 Mod Module-Name Ports Module-Type Model Serial-Num Status 8 2 DS3 Dual PHY ATM WS- . IP aliases can make it easier to refer to other network devices when using ping, telnet, and other commands, even Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 397
network address can be variably subnetted to support Classless Interdomain Routing (CIDR). You can specify the subnet mask (netmask) for a destination network Task Command Configure a static route to the remote network. set ip route destination[/netmask] gateway [ Guide-Releases 6.3 and 6.4 20-7 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 398
arp permanent command, the ARP entry is retained even after a system reset. Because most hosts support dynamic resolution, you usually do not need to specify static or permanent ARP cache entries. > (enable) 20-8 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 399
describe how to schedule a system reset: • Scheduling a Reset at a Specific Time, page 20-10 • Scheduling a Reset Within a Specified Amount a switch. To avoid misconfiguration or the possibility of losing network connectivity to the device, you can set up the startup Guide-Releases 6.3 and 6.4 20-9 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 400
The minimum downtime argument is valid only if the system has a standby supervisor engine. This example shows how to schedule a reset at a specific time: Console> (enable) reset at 20:00 Reset scheduled at 20:00 -10 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 401
Command Schedule the reset time within a specific amount reset [mindown] in [hh] only if the system has a standby supervisor engine. This example shows how to supported power supply configurations for each chassis, refer to the Catalyst 6000 Family Installation Guide. Catalyst 6000 family modules - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 402
wattage power supply will be disabled. If the active power supply fails, the lower wattage power supply that was disabled comes online and, if necessary, modules are powered down to accommodate the lower wattage power supply. In a nonredundant configuration, the power available to the system is the - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 403
. • If there is not enough power for all previously powered-up modules, some modules are powered down and marked as power-deny in the show module Status field. System is booted with power supplies of different wattage installed and redundancy enabled • System log and syslog messages are generated - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 404
Table 20-2 Module Power Requirements Module Supervisor Engine 1: WS-X6K-SUP1A-2GE WS-X6K-SUP1-2GE Supervisor Engine 1 with PFC: WS-X6K-SUP1A-PFC Supervisor Engine 1 with PFC and MSFC: WS-X6K-SUP1A-MSFC Supervisor Engine 1 with PFC and MSFC2: WS-X6K-S1A-MSFC2 Supervisor Engine 2 with PFC2: WS-X6K-S2 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 405
4.25A 3.59 Server load balancing: WS-X6066-SLB-APG 3.00A 8-Port T1/E1 PSTN Interface: WS-X6608-T1 WS-X6608-E1 1.98A 1.98A 24-Port FXS Analog Interface: WS-X6624-FXS 1.54A Cisco IP Phone 7960 (when plugged into the WS-X6348-RJ-45 0.167A (default) and WS-X6648-PWR modules) 0.120A (after - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 406
and avoid network interruptions. . Major alarms indicate a critical problem that could lead to the system lists the environmental indicators for the supervisor engine and switching modules. Note For additional information on LED indications, refer to the Catalyst 6000 Family Module Installation Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 407
and all module front panels. 3. The STATUS LED is red on the failed supervisor engine. If there is no redundant supervisor, the SYSTEM LED is red also. 4. See the "Power Management" section on page 20-11 for instructions. Displaying System Status Information for Technical Support These sections - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 408
a problem to Cisco Technical Assistance Center (TAC). This command is a combination of several show system status commands. You can upload the output of the command to a TFTP server, where you can send it to TAC. You can use keywords to limit the output to certain areas, such as specific modules - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 409
Switch Displaying System Status Information for Technical Support This example shows how to enable the core file is slot0:crash.hz (4) Please make sure the above device has been installed, and ready to use Core-dump enabled Console> (enable) This example shows how Guide-Releases 6.3 and 6.4 20-19 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 410
Displaying System Status Information for Technical Support Chapter 20 Administering the Switch The following is an example of an image stack that may debugger. GDB: It will hang until examined with gdb. 20-20 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 411
This chapter describes how to configure authentication, authorization, and accounting (AAA) to monitor and control access to the command-line interface (CLI) on the Catalyst 6000 family switches. Note 21-7 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 21-1 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 412
configure any combination of these authentication methods to control access to the switch: • Login authentication • users from guessing the password. The user is limited to a specific number of attempts to successfully log in to the switch. If Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 413
control protocol specified by RFC 1492. TACACS+ uses TCP to ensure reliable delivery and encrypt all traffic between the TACACS+ server and the TACACS+ daemon on a network + server. A TACACS+ server can provide authentication, authorization, and accounting functions. These services, while all part of - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 414
transmitted over the network. Note For more information about how the RADIUS protocol operates, refer to RFC 2138, "Remote Authentication Dial In User Service (RADIUS)." You can configure the following RADIUS parameters on the switch: • Enable or disable RADIUS authentication to control login access - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 415
modified to support the Kerberos credential infrastructure. General term referring to authentication tickets, such as ticket granting tickets (TGTs) and service credentials. Kerberos credentials verify the ticket of a user or service. If a network service decides to trust the Kerberos server that - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 416
and the KDC share. 6. If the Telnet client has been instructed to do so, it forwards the TGT to the switch. This step ensures that the user does not need to get another TGT in order to use another network service from the switch. Figure 21-1 shows the Kerberos Telnet connection process. Figure - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 417
modem or terminal server through the in-band management port. Telnet does not support non-Kerberized login. the switch. 5. If you want to access other network services, the KDC must be contacted directly for authentication. 1x is a client-server-based access control and authentication protocol that - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 418
a LAN MAC service. In Flow control only on incoming frames in an unauthorized switch port. Port PAE2 Single point of attachment to the LAN infrastructure (for example, MAC bridge ports). Protocol object associated with a specific system port. PDU Protocol data unit. RADIUS Remote Access Dial - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 419
server is located remotely, because RADIUS has extensions that support encapsulation of EAP frames built into it. 802.1x Parameters Configurable on the Switch You can configure these 802.1x parameters on the switch: • Force-Authorized, Force-Unauthorized, or Automatic 802.1x port control - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 420
server server IP address RADIUS server UDP auth-port RADIUS key RADIUS server timeout RADIUS server server IP address Kerberos DES key Kerberos server auth-port Kerberos local-realm name Kerberos credentials forwarding Kerberos clients mandatory Kerberos preauthentication 802.1x port control (servers - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 421
remotely located authentication server. • You cannot enable 802.1x on a secure port until you turn off the security feature on that port. You cannot enable security on an 802.1x port. • 802.1x is only supported 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 21-11 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 422
) enabled(primary) attempt limit 3 3 lockout timeout (sec) disabled disabled Console> (enable) Http Session disabled disabled disabled enabled(primary) - 21-12 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 423
Enable Password, page 21-15 • Disabling Local Authentication, page 21-15 • Recovering a Lost Password, page 21-16 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 21-13 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 424
primary) Console> (enable) Setting the Login Password The login password controls access to the user mode CLI. Passwords are case sensitive, remain non-case sensitive. You must reset the password after installing software release 5.4 to activate case sensitivity. 21-14 Catalyst 6000 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 425
enable) Setting the Enable Password The login password controls access to the user mode CLI. Passwords sensitive. You must reset the password after installing software release 5.4 to activate case sensitivity. or if the RADIUS or TACACS+ server is not online, you may be unable to log in - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 426
for each password. To recover a lost password, perform the following task in privileged mode: Step 1 Step 2 Connect to the switch through the supervisor engine console port. You cannot recover the password if you are connected through a Telnet connection. Enter the reset system command to reboot - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 427
172.20.52.2 primary 172.20.52.2 added to TACACS server table as primary server. Console> (enable) set tacacs server 172.20.52.10 172.20.52.10 added to TACACS server table as backup server. Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 21-17 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 428
: Tacacs login attempts: 3 Tacacs timeout: 5 seconds Tacacs direct request: disabled Tacacs-Server Status 172.20.52.3 172.20.52.2 primary 172.20.52.10 Console> (enable console and telnet session. 21-18 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 429
client, make sure you configure an identical key on the TACACS+ server. To specify the TACACS+ key, perform this task in privileged mode 5 seconds Tacacs direct request: disabled Tacacs-Server 172.20.52.3 172.20.52.2 172 the TACACS+ server. The default timeout is 5 seconds. 78- - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 430
This example shows how to specify the server timeout interval and verify the configuration: Console timeout: 30 seconds Tacacs direct request: disabled Tacacs-Server 172.20.52.3 172.20.52.2 172.20. timeout: 30 seconds Tacacs direct request: disabled Tacacs-Server 172.20.52.3 172.20.52.2 172.20 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 431
: Secret_TACACS_key Tacacs login attempts: 5 Tacacs timeout: 30 seconds Tacacs direct request: enabled Tacacs-Server 172.20.52.3 172.20.52.2 172.20.52.10 Console> (enable) Status ------- . Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 21-21 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 432
all keyword to clear all of the servers from the configuration. clear tacacs server [ip_addr | all] Verify the TACACS+ server configuration. show tacacs This example shows how to clear a specific TACACS+ server from the configuration: Console> (enable) clear tacacs server 172.20.52.3 172.20.52 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 433
sections describe how to configure RADIUS authentication on the switch: • Specifying RADIUS Servers, page 21-24 • Specifying the RADIUS Key, page 21-24 • Enabling Specifying the RADIUS Deadtime, page 21-28 • Clearing RADIUS Servers, page 21-29 78-13315-02 Catalyst 6000 Family Software Configuration - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 434
, page 21-30 Specifying RADIUS Servers To specify one or more RADIUS servers, perform this task in privileged mode 0 minutes 2 5 seconds Radius-Server Status 172.20.52.3 primary Console RADIUS client and server. You must configure the same key on the client and the RADIUS server. The length - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 435
Command Specify the RADIUS key used to encrypt packets set radius key key sent to the RADIUS server. Verify the RADIUS configuration. show radius This example shows how to specify the RADIUS key and . 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 21-25 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 436
the password assigned to the $enab15$ user. If your RADIUS server does not support the $enab15$ username, you can set the service-type attribute (attribute 6) to Administrative (value 6) for a (enable) 21-26 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 437
of times the switch will attempt to contact a RADIUS server before the next configured server is tried. By default, each RADIUS server will be tried two times. To specify the RADIUS (enable) show radius 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 21-27 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 438
can configure the switch so that, when a RADIUS server does not respond to an authentication request, the switch marks that server as dead for the length of time specified by the ) local enabled enabled 21-28 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 439
radius server table. Console> (enable) This example shows how to clear all RADIUS servers from the configuration: Console> (enable) clear radius server all All radius servers cleared from radius server table. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 21-29 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 440
Radius Key: Radius Retransmit: Radius Timeout: 0 minutes 2 5 seconds Radius-Server Status 172.20.52.3 primary Console> (enable) Auth-port -----------1812 Disabling (primary) Console> (enable) 21-30 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 441
36 • Disabling Credentials Forwarding, page 21-37 • Defining and Clearing a Private DES Key, page 21-38 • Encrypting a Telnet Session, page 21-38 • Displaying and Clearing Kerberos Configurations, page 21-39 Configuring a Kerberos Server Before you can use Kerberos as an authentication method on the - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 442
Configuring Authentication Step 7 Start the KDC server as follows: /usr/local/sbin/krb5kdc /usr/local/sbin/kadmind Chapter 21 Configuring Switch enabled(primary) local enabled enabled kerberos> (enable) 21-32 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 443
network services that are registered to a Kerberos server [email protected] 0 932423923 1 1 8 01;;8>00>50;0=0=0 kerberos> (enable) Specifying a Kerberos Server You can specify to the switch which KDC to use in a specific a given Kerberos set kerberos server kerberos_realm {hostname | realm. - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 444
server CISCO.COM 187.0.2.1 750 Kerberos Realm-Server-Port entry set to:CISCO.COM - 187.0.2.1 - 750 kerberos> (enable) Console> (enable) clear kerberos server CISCO.COM 187.0.2.1 750 Kerberos Realm-Server-Port entry CISCO turn and manually copy the through the network by using the (service) on the - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 445
from the KDC. set kerberos srvtab remote {hostname | ip_address} filename ( CISCO.COM Kerberos server entries: Realm:CISCO.COM, Server:187.0.2.1, Port:750 Realm:CISCO.COM, Server:187.20.2.1, Port:750 Kerberos DomainRealm entries: Domain:cisco.com, Realm:CISCO Guide-Releases 6.3 and 6.4 21-35 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 446
authenticate from the switch to Kerberized remote hosts on the network using Kerberized Telnet. As an additional layer of security, you can configure the switch so that after users authenticate to it, these users can authenticate only to other services on the network with Kerberized clients. If you - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 447
None Kerberos config key: Kerberos SRVTAB Entries Console> (enable) Kerberos server entries: Kerberos DomainRealm entries: Kerberos Clients Mandatory Kerberos Credentials Forwarding Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 21-37 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 448
and Clearing a Private DES Key You can define a private DES key for the switch. The private DES key can be CISCO.COM Kerberos server entries: Realm:CISCO.COM, Server:170.20.2.1, Port:750 Realm:CISCO.COM, Server:172.20.2.1, Port:750 Kerberos DomainRealm entries: Domain:cisco.com, Realm:CISCO - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 449
CISCO.COM Kerberos server entries: Realm:CISCO.COM, Server:187.0.2.1, Port:750 Realm:CISCO.COM, Server:187.20.2.1, Port:750 Kerberos DomainRealm entries: Domain:cisco.com, Realm:CISCO . Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 21-39 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 450
the Supplicant, page 21-42 • Manually Reauthenticating the Supplicant, page 21-42 Authenticator-to-Authentication-Server Retransmission Time for if they meet the specific requirements required by 802.1x control enable 21-40 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78- - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 451
information on specifying a RADIUS server, see the "Specifying RADIUS Servers" section on page 21-24. To enable and initialize 802.1x authentication for access to the switch, perform this task in privileged mode: Step 1 Step 2 Step 3 Task Enable 802.1x control on a specific port. Initialize 802.1x - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 452
Auth-State BEnd-State Port-Control Port-Status 4/1 connecting finished auto unauthorized Port Multiple-Host Re-authentication 4/1 disabled enabled Manually Reauthenticating the Supplicant You can manually reauthenticate the supplicant connected to a specific port at any time. When - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 453
port dot1x mod/port re-authenticate to a specific port. This example shows how to manually reauthenticate the supplicant connected to port 1 on module 4: Console> (enable) set port dot1x 0 to 65535 seconds. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 21-43 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 454
frame to 15 seconds: Console> (enable) set dot1x supp-timeout 15 dot1x supp-timeout set to 15 seconds. 21-44 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 455
Authenticator-to-Supplicant Frame-Retransmission Number The authentication server notifies the back-end authenticator each time it receives a specific number of frames. When the back-end authenticator 802.1x. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 21-45 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 456
Authenticator Only Protocol Version 1 system-auth-control enabled max-req 2 quiet-period 60 seconds re-authperiod 3600 seconds server-timeout 30 seconds supp-timeout 30 seconds [] 21-46 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 457
Port-Control Port-Status 4/1 connecting finished auto unauthorized Port Multiple-Host Re-authentication 4/1 disabled enabled To display the statistics for the different types of EAP frames transmitted and received by the authenticator on a specific port on a specific module, perform - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 458
Version 1 system-auth-control enabled max-req 2 quiet-period 60 seconds re-authperiod 3600 seconds server-timeout 30 seconds supp the login and enable passwords. Figure 21-3 TACACS+ Example Network Topology TACACS+ server 172.20.52.10 Switch Console port connection 18927 Workstation A - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 459
) based on the username and password pair. The access list resides on the host running the TACACS+ or RADIUS server. The server responds to the user password information with an access list number that causes the specific list to be applied. Authorization Events You can enable authorization for - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 460
server, server fails to respond. This is the default behavior. • if-authenticated-If you have been authenticated, and there is no response from the TACACS+ server , then authorization will succeed immediately. • none-Authorization will succeed if the TACACS+ server + server will - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 461
that the argument string matches one of the commands listed above. If there is no match, the switch part of the user-profile. When you log in using RADIUS authentication and you do not have Administrative/Shell (6) Service-Type access, the network access server Guide-Releases 6.3 and 6.4 21-51 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 462
servers before enabling authorization. See the "Specifying TACACS+ Servers" section on page 21-17 or the "Specifying RADIUS Servers" section on page 21-24 for more information on server . Console> 21-52 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 463
disable authorization for both console port and Telnet connection attempts. set authorization enable disable [console | telnet | both] 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 21-53 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 464
deny deny - Console: -------- Primary ------- exec: tacacs+ enable: tacacs+ commands: config: tacacs+ all: - Console> (enable) Fallback -------- deny deny deny - 21-54 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 465
value of 6) in the RADIUS server to launch the user into enable mode in the RADIUS server. If the service-type is set for anything Example Figure 21-4 shows a simple network topology using TACACS+. When Workstation A Figure 21-4 TACACS+ Example Network Topology TACACS+ server 172.20.52.10 Switch - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 466
suspicious connection attempts in the network, and unauthorized changes to the NAS configuration itself. The accounting information is sent to the accounting server where it is saved in the purposes. 21-56 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 467
the event (when the event started, its duration, type of service, and traffic statistics). Accounting records are created and sent to the server at two events: • Start-stop-Records are sent at both events. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 21-57 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 468
Specifying RADIUS Servers To specify one or more RADIUS servers, perform this servers. Specify the primary server using the primary keyword. Optionally, specify the destination UDP port to use on the server. Verify the RADIUS server configuration. Command set radius server Radius-Server Status - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 469
to send accounting information to the TACACS+ server. There are two options: • Newinfo-Sends accounting information to the server only when new accounting information becomes available. Disabled Stop-only 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 21-59 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 470
TACACS+ servers before enabling accounting. See the "Specifying TACACS+ Servers" section on page 21-17 or the "Specifying RADIUS Servers" section on page 21-24 for more information on server setup. > (enable) 21-60 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 471
user with no username. Console> (enable) This example shows how to periodically update the server: Console> (enable) set accounting update periodic 120 Accounting updates will be periodic at 120 disable 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 21-61 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 472
actions on tty288091924, User (null) Priv 0 Overall Accounting Traffic: Starts Stops Active Exec 0 0 0 Connect 0 0 0 Command 0 0 0 System 1 2 0 Console> (enable) 21-62 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 473
the system is updated every 120 minutes. Figure 21-5 TACACS+ Example Network Topology TACACS+ server 172.20.52.10 Switch Console port connection 18927 Workstation A Terminal In : periodic, Interval = 120 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 21-63 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 474
actions on tty288091924, User (null) Priv 0 Overall Accounting Traffic: Starts Stops Active Exec 0 0 0 Connect 0 0 0 Command 0 0 0 System 1 0 0 Console> (enable) 21-64 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 475
MSFC is used to refer to the MSFC and MSFC2 except where specifically differentiated. For more information about installing redundant Catalyst 6000 family supervisor engines, refer to the Catalyst 6000 Family Module Installation Guide. For syntax and usage information for the commands used in this - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 476
normally. You must install redundant supervisor engines in slots 1 and 2 of the chassis. Redundant supervisor engines are hot swappable. The system continues to operate with the same configuration after switching over to the redundant supervisor engine. Note To allow you to control the booting of - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 477
supervisor engine synchronizes its current boot image with the standby supervisor active supervisor engine in the standby supervisor engine File System." The supervisor engine has a Flash supervisor engine • If the standby supervisor engine bootstring needs to be changed • If the standby supervisor - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 478
, the active supervisor engine initiates boot-image synchronization. The NVRAM configuration module detects this event supervisor engine. Synchronization occurs when you change the boot variable. To run the new image, you must reset the system. 22-4 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 479
You can verify the status of the standby supervisor engine using a number of CLI commands. Note The show module output provides information about installed daughter cards. The show test command provides information about onboard application-specific integrated circuits (ASICs). To verify the status - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 480
Supervisor module. Do you want to continue (y/n) [n]? y Console> (enable) 12/07/1998,17:04:39:SYS-5:Module 1 reset from Console// System Bootstrap, Version 3.1(2) Copyright (c) 1994-1997 by cisco Systems, Inc. System Bootstrap, Version 3.1(2) 22-6 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 481
force a switchover from the active to the standby supervisor engine: Cisco Systems Console Enter password: 12/07/1998,17:04:43:MLS-5:Multilayer switching is enabled 12/07/1998,17:04:43:MLS-5:Netflow Data Export disabled 12/07/1998,17:04:44:SYS-5:Module 2 is online 12/07/1998,17:04:45:SYS - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 482
Supported Features, page 22-9 • Versioning Overview, page 22-10 • CLI Commands, page 22-11 • Loading a Different (but Compatible) Image on the Standby Supervisor from the network, and controls all modules. Protocols run on the active supervisor engine only. The standby supervisor engine is isolated - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 483
irrespective of high availability being enabled or disabled (provided there are compatible NVRAM versions on the two supervisor engines). If you do not install a standby supervisor engine during system bootup, the active supervisor engine detects this and the database updates are not queued for - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 484
availability is fully supported with the active and standby supervisor engines running different images as long as the images are compatible. The only fully compatible images are as follows: • 5.5(3) and 5.5(4) • 6.1(3) and 6.1(4) Images that are compatible with all modules except Gigabit Ethernet - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 485
Supervisor Engines Note When you install two supervisor engines, the first supervisor engine to come online becomes the active module; the second supervisor engine goes into standby mode. If two supervisor engines are installed 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 22-11 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 486
is disabled. - OFF (standby-supervisor-not-present): The standby supervisor engine is not installed. - OFF (standby-supervisor-image-incompatible): The standby supervisor engine is running a different image than the active supervisor engine and it is not version compatible (the versioning option in - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 487
Compatible) Image on the Standby Supervisor Engine Use this procedure to load a new image on the standby supervisor supervisor engine bootflash. Console> (enable) copy tftp:image2.bin bootflash IP address or name of remote standby supervisor engine image, reset the standby supervisor engine. Console> ( - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 488
and Standby Supervisor Engines, page supervisor engine does not support TFTP booting. The number is included in these examples to be consistent with Cisco IOS supervisor engine configuration is as follows (if the image in the standby supervisor engine is identical to the image in the active supervisor - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 489
supervisor engine. • The expected results are as follows: - The active supervisor engine copies f1 to the standby supervisor engine and renames the file RTSYNC_f1. - The standby supervisor for example 4 is as follows: • The active supervisor engine configuration is as follows: - Runtime image: - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 490
bootstring to the following: f2,1;. • The expected results are as follows: - The active supervisor engine is unable to allocate f2, causing the synchronization to fail. - An error is recorded in syslog. 22-16 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 491
engine; the time stamp for f2 on the active supervisor engine is the same as f2 on the standby supervisor engine. • The active supervisor engine bootstring is modified to the following: f2,1; f1,1;. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 22-17 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 492
f3, BTSYNC_f2. - The standby supervisor engine boot string is modified to the following: bootflash:BTSYNC_f2,1;bootflash:f1,1;. MSFC Redundancy MSFC redundancy is described in these sections: • Dual MSFC Redundancy, page 22-19 • Single Router Mode Redundancy, page 22-41 • Manual-Mode MSFC Redundancy - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 493
with a PFC and an MSFC. Note Each MSFC must be running the same release of Cisco IOS software. Layer 3 Redundancy for a Single Chassis In a single Catalyst 6000 family chassis, you can have redundant supervisor engines, each with an MSFC. You can configure HSRP on the MSFCs to provide transparent - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 494
network • IPX default-route - Same default routes - Same policy routes - Same VLAN interfaces - Same IOS listed in Table 22-2, see the "alt Keyword Usage" section on page 22-33. Redundant supervisor adjacency table, Cisco IOS software, and policy routing ACLs on the active supervisor engine. If - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 495
the MSFCs, you have the following Layer 2 and Layer 3 redundancy mechanisms: • Layer 2 redundancy for the supervisor engines (one active and one in standby)-If the active supervisor engine fails (the MSFC installed on it will also fail), both Layer 2 and Layer 3 functions roll over to the redundant - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 496
Cisco IOS access control lists (ACLs) on the MSFC, you must configure the ACLs on both MSFCs identically, globally, and at the interface level. Only the designated MSFC (the MSFC to come online first, or the MSFC that has been online a supervisor engine with an MSFC in slot - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 497
supervisor engines. The supervisor engines automatically perform image and configuration synchronization; you must manually Switch S2. In a complete switch failure, the remaining switch would service both even and odd VLANs. You can achieve further load sharing by Guide-Releases 6.3 and 6.4 22-23 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 498
a single chassis to share HSRP duties for even VLANs, you can share the control plane ARP traffic. In an MSFC failure, only the ARP entries on the section describe possible failure scenarios within a single chassis with dual supervisor engines and dual MSFCs (see Figure 22-4) when you enable high - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 499
While the examples are specific to the PFC, the failover scenarios for the PFC2/MSFC2 would be similar for handling ACLs and CEF table entries. On a Supervisor Engine 2, the #1 remains the designated MSFC. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 22-25 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 500
the designated MSFC. Failure Case 5: New or Previously Failed Supervisor Comes Back Online This sequence occurs when the previously failed supervisor engine (Sup #2) comes online: 1. Sup #1 continues to be the active supervisor engine. 2. Sup #2 synchronizes its image and configuration with Sup - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 501
created. This problem is independent of any MSFC Cisco IOS release. (This problem is documented in group_number, group 0 is used. To assist in troubleshooting, configure the group number to match the VLAN to configure an interface as part of HSRP group 100: Router Guide-Releases 6.3 and 6.4 22-27 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 502
Figure 22-5, high availability cannot be configured on the supervisor engines but HSRP can be configured on the MSFCs. Figure 22-5 Two Chassis with One Supervisor Engine and One MSFC Each VLAN 10 VLAN 21 22-28 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 503
Figure 22-6, high availability is configured on the supervisor engines, and HSRP is configured on the MSFCs. Figure 22-6 Single Chassis with Redundant Supervisors and MSFCs VLAN 10 VLAN 21 Switch S1 .10 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 22-29 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 504
convergence and load sharing. In both switches, Sup #1 is the active supervisor engine, and Sup #2 is the standby supervisor engine. Figure 22-7 Dual MSFC Operational Model for Redundancy and Load Sharing 22-30 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 505
Router(config-if)# standby 21 preempt Router(config-if)# standby 21 timers 5 15 Router(config-if)# standby 21 authentication Secret Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 22-31 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 506
, or the MSFC that has been online the longest) and the nondesignated MSFC. High-availability redundancy is disabled by default. Caution Configuration synchronization is only supported for IP and IPX configurations. Before enabling synchronization, you must ensure that both MSFCs have identical - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 507
- The designated and nondesignated MSFCs are running compatible images When you enable the Config Sync RuntimeStatus, alt keyword relates to the MSFC on the supervisor engine in slot 1 of the switch; the the alt keyword relates to the MSFC on the supervisor engine in slot 2. Note The alt keyword is - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 508
ip_address [alt ip_address] • [no] ipx network network [encapsulation encapsulation_type [secondary]] [alt [no] ipx network network [encapsulation encapsulation_type [secondary]]] This example shows . 22-34 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 509
was not specified. After checking the HSRP addresses, the IPX network address is checked. The designated MSFC is configured first. supervisor engine in slot 2. See the "alt Keyword Usage" section on page 22-33 for more information. 78-13315-02 Catalyst 6000 Family Software Configuration Guide- - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 510
the designated MSFC: 00:17:05: %RUNCFGSYNC-6-SYNCEVENT: Non-Designated Router is now online High-Availability Redundancy Feature is not enabled on the Non-Designated Router This example Non-Designated Router 22-36 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 511
! ip subnet-zero ! ip cef redundancy high-availability config-sync cns event-service server ! ! ! interface Vlan1 ip address 70.0.70.4 255.255.0.0 alt ip service timestamps debug uptime service timestamps log uptime no service password-encryption ! Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 512
c6msfc-boot-mz.120-7.XE1 ! ip subnet-zero ! ip cef redundancy high-availability config-sync cns event-service server ! ! ! interface Vlan1 ip address 70.0.70.4 255.255.0.0 alt ip address 70.0.70.5 255. MSFC. 22-38 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 513
is no longer accessible 00:00:51: %RUNCFGSYNC-6-SYNCEVENT: Non-Designated Router is now online Running Configuration Synchronization will begin in 1 minute A one-minute timer will start, allowing with CNTL/Z. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 22-39 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 514
no longer accessible 00:00:51: %RUNCFGSYNC-6-SYNCEVENT: Non-Designated Router is now online Running Configuration Synchronization will begin in 1 minute A one-minute timer will start, allowing on page 22-39. 22-40 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 515
network network network supervisor supervisor engine daughter card configurations: - Supervisor Engine 2 with PFC2 and MSFC2 - Supervisor Engine 1 with PFC and MSFC or MSFC2 Note Cisco IOS Release 12.1(8a)E4 provides initial support Supervisor engine software release 6.3(1) or later releases • Cisco IOS - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 516
the same Cisco IOS image. • SRM redundancy requires that a Cisco IOS image is networks and copy commands such as copy tftp: can be used without any restrictions. • For SRM to work properly, high availability must be enabled on the supervisor engine. • When using authentication methods to control - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 517
:image_name and ensure that this image is the first in the boot list. Clear any existing "'boot system" commands that appear in the running and nondesignated router. Note If you already have SRM-capable Cisco IOS images loaded, you do not need to perform Step Guide-Releases 6.3 and 6.4 22-43 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 518
Mode Enabled This section describes how to upgrade the Cisco IOS image on the active and standby MSFC when show module command display that is issued from the active supervisor engine. Step 5 On the standby MSFC, copy the new image from the supervisor engine Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 519
and nondesignated router. Manual-Mode MSFC Redundancy Note Manual-mode MSFC redundancy will be supported until December, 2002, due to the release of supervisor engine software release 6.3(1), which contains the feature SRM. Cisco recommends using SRM rather than manual-mode MSFC redundancy to - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 520
Release 12.1(7)E or later releases - Supervisor engine software release 5.5.8 or later releases and MSFC IOS Release 12.1(7a)E1 or later releases Note Each MSFC must be running the same release of Cisco IOS software. Guidelines for Configuring Manual-Mode MSFC Redundancy Follow these guidelines to - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 521
not supported on Telnet sessions. Accessing the Standby MSFC To access the standby MSFC, enter the switch supervisor command followed by the switch console command. Note The standby MSFC does not appear in the show module command display issued from the active supervisor engine. Manually Booting - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 522
booted, from Cisco IOS configuration mode enter the config-register 0x2102 command to ensure the MSFC will boot when the switch is reset. Option 2: If You Have Remote Access Only to the Switch If you only have remote access to the switch, use this option. From the active supervisor engine with the - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 523
supervisor engine prompt. Ensure that high availability has synchronized the supervisor Operational-status" is ON. Enter the switch supervisor command. Enter the switch console command. the system. After the MSFC has booted from the IOS configuration mode on the newly active MSFC's console port, - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 524
MSFC Redundancy Step 12 Enter ^C^C^C to return to the supervisor engine prompt. Chapter 22 Configuring Redundancy 22-50 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 525
Understanding the Boot Process The boot process involves two software images: ROM monitor and supervisor engine system code. When the switch is powered up or reset, the ROM- stays in ROM-monitor mode or loads the supervisor engine system code. 78-13315-02 Catalyst 6000 Family Software Configuration - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 526
can manually load a system image from Flash memory, from a network server file, Boot capability (allows manual boot and autoboot) system and supports the newly the ROM monitor loads a supervisor engine system image at startup. commands to load a system image manually. • When the boot field equals - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 527
network numbers (not used). • Bit 15 (0x8000)-Enables diagnostic messages and ignores NVRAM contents (not used). Understanding the BOOT Environment Variable The BOOT environment variable specifies a list ROM-monitor mode where you can manually specify an image to boot. Guide-Releases 6.3 and 6.4 23-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 528
on page 23-7. • Overwrite-When you add a list of configuration files to the CONFIG_FILE environment variable, overwriting the standby supervisor engine. The file(s) are kept consistent with what is on the active supervisor engine. • Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 529
redundant supervisor engine. You must set the configuration register separately for each supervisor engine in configuration register bits that control the boot field and leaves the remaining bits unaltered. The following boot methods are supported: • ROM monitor- Guide-Releases 6.3 and 6.4 23-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 530
next time the switch is restarted. This command affects only the configuration register bits that control the baud rate and leaves the remaining bits unaltered. Note The baud rate specified in the > (enable) 23-6 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 531
default, when you set the CONFIG_FILE environment variable, the list of configuration files to use at startup is retained only command affects only the configuration register bit that controls whether the CONFIG_FILE environment variable settings are Configuration Guide-Releases 6.3 and 6.4 23-7 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 532
a new file is generated on the standby supervisor engine with the name of the file on the active supervisor engine. If a file with that name already exists on the standby supervisor engine, it is overwritten. 23-8 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 533
the switch is restarted. This command affects only the configuration register bits that control whether the switch ignores the NVRAM configuration and leaves the remaining bits unaltered. Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 23-9 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 534
are not copied automatically to a redundant supervisor engine (if present). You must set the BOOT variable separately for each supervisor engine in the switch. These sections describe bin,1; Console> (enable) 23-10 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 535
system all [mod] This example shows how to clear a specific entry from the BOOT environment variable: Console> (enable) clear Entering the set boot auto-config command erases any list of configuration files previously specified using the set boot Configuration Guide-Releases 6.3 and 6.4 23-11 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 536
-config: disabled auto-config: recurring console baud: 9600 boot: image specified by the boot system commands Console> (enable) 23-12 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 537
The Flash file system on a Catalyst 6000 family supervisor engine provides a number of useful commands to help you page 24-2 • Setting the Text File Configuration Mode, page 24-2 • Listing the Files on a Flash Device, page 24-3 • Copying Files, page 24 Configuration Guide-Releases 6.3 and 6.4 24-1 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 538
storage. Note VLAN commands are not saved as part of the configuration file when the switch is operating in text mode with the VTP mode set to server. To set the text file configuration mode, perform reset. 24-2 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 539
system location ----display truncated-----Console> (enable) Listing the Files on a Flash Device To list the files on a Flash device, perform one ] deleted Display a list of all files on a Flash device, including dir [[m/]device:][filename] all deleted files. Display a detailed list of files on - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 540
shows how to list the files on server, to a Flash device, or to the running configuration. Copy the running configuration to Flash memory, copy config {flash | file-id | tftp | rcp} another Flash device, to a TFTP server, or rcp server. 24-4 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 541
of remote host []? 172.20.52.3 Name of file to copy from []? dns_config.cfg Configure using tftp:dns_config.cfg (y/n) [n]? y / Finished network download. (135 bytes) >> >> set ip dns server 172 . Console> (enable) Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 24-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 542
configuration file on a Flash device to a TFTP server: Console> (enable) copy slot0:6000_config.cfg tftp IP address or name of remote host []? 172.20.52.3 Name of file to Erasing squeeze log Console> (enable) 24-6 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 543
) verify cat6000-sup.5-2-1-CSX.bin CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC CCCCCCCCCCCCCCC File bootflash:cat6000-sup.5-2-1-CSX.bin verified OK Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 24-7 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 544
1 do not support the same Flash PC card format. To use a Flash PC card with Supervisor Engine 2, format the card with Supervisor Engine 2. To use a Flash PC card with Supervisor Engine 1, format the card with Supervisor Engine 1. 24-8 Catalyst 6000 Family Software Configuration Guide-Releases - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 545
Images to the Switch With TFTP, page 25-2 • Uploading System Software Images to a TFTP Server, page 25-8 • Downloading System Software Images Using rcp, page 25-9 • Uploading System Software CiscoView image. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 25-1 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 546
supervisor engine and to intelligent modules network from a TFTP server. Some modules, such as ATM modules Supervisor engine software image-The image file is downloaded to the supervisor as the TFTP server is configured services file contains this line: tftp 69/udp 25-2 Catalyst - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 547
/etc/services files. server. The switch and the TFTP server TFTP server (usually other problem) supervisor engine to the active supervisor engine. To download a supervisor engine software image to the switch from a TFTP server server and the name of the file to download. On those platforms that support - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 548
server, the name of the file to download, the Flash device to which to copy the file, and the destination filename. If there are multiple modules session disconnects if you reset the module through which your connection was made. When the upgraded modules come online, enter the show version [mod] - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 549
Module Image TFTP Download Example, page 25-7 Supervisor Image TFTP Download Example Note For a step-by-step procedure for downloading a supervisor engine software image from a TFTP server, see the "Downloading Supervisor 4.2 Copyright (c) 1994-1998 by cisco Systems, Inc. c6k_sup1 processor with - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 550
2 Running System Diagnostics from this Supervisor (Module 1) This may take up to 2 minutes....please wait Cisco Systems Console Enter password: 07/21/1998,13:52:51:SYS-5:Module 1 is online 07/21/1998,13:53:11:SYS-5:Module 4 is online 07/21/1998,13:53:11:SYS-5:Module 5 is online 07/21/1998,13:53:14 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 551
# Versions 5 1 WS-X6101 003414463 Hw : 1.2 Fw : 1.3 Sw : 3.2(6) Console> (enable) copy tftp flash IP address or name of remote host []? 172.20 -5:Module 4 is online 07/21/1998,12:25:10:SYS-5:Module 5 is online Console> (enable) show version 4 Mod Port Model Serial # Versions 4 1 WS- - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 552
WS-X6101 003414463 Hw : 1.2 Fw : 1.3 Sw : 3.2(7) Console> (enable) Uploading System Software Images to a TFTP Server and /etc/services files. To server. The switch and the TFTP server server using the ping command. • You might need to create an empty file on the TFTP server to the server. • If - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 553
Switching Module Images Using rcp, page 25-10 • Example rcp Download Procedures, page 25-11 Preparing to Download an Image Using rcp Before you begin downloading a software image using rcp, make sure of the following: • Ensure that the workstation acting as the rcp server supports the remote shell - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 554
other problem) during Supervisor Engine Images Using rcp To download a supervisor engine software image to the switch from an rcp server server and the name of the file to download. On those platforms that support supervisor Module Images Using rcp To download a software image to an intelligent module - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 555
Images Using rcp Step 3 Enter the command appropriate for your switch and supervisor engine to download the software image from the rcp server: • If there is only one module of the type appropriate for the image, or if there are multiple modules of the same type and you want to update the image on - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 556
= 64 readCafe2Version: 0x00000001 RIn Local Test Mode, Pinnacle Synch Retries: 2 Running System Diagnostics from this Supervisor (Module 1) This may take up to 2 minutes....please wait Cisco Systems Console 25-12 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 557
copied successfully. Console> (enable) 09/2/1999,13:13:54:SYS-5:Module 4 is online Console> (enable) show version 4 Mod Port Model Serial # Versions 4 1 WS-X6101 003414855 Hw : 1.2 Fw : 1.3 Sw : 3.2(7) Console> (enable) Multiple Module Image rcp Download Example Note For a step-by-step - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 558
been copied successfully. Console> (enable) 09/2/1999,12:25:10:SYS-5:Module 4 is online 09/2/1999,12:25:10:SYS-5:Module 5 is online Console> (enable) show version 4 Mod Port Model Serial # Versions 4 1 WS-X6101 003414855 Hw : 1.2 Fw : 1.3 Sw : 3.2(7) Console> (enable) show version 5 Mod - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 559
example shows how to upload the supervisor engine software image to an rcp server: Console> (enable) copy flash rcp Flash device [bootflash]? slot0: Name of file to copy from []? cat6000-sup.5-3-1.bin IP address or name of remote host [172.20.52.3]? 172.20.52.10 Name of file to copy to [cat6000 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 560
supervisor engine console port is connected to a serial port on your PC or workstation with a serial cable. • Ensure that the Kermit software is installed To prevent communication problems, do not use module 1 by default. 25-16 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 561
file, erases the Flash memory on the supervisor engine or the appropriate module, and reprograms the Flash memory with the the kermit command (make sure the directory where Kermit is installed is included in the $PATH environment variable on the workstation). Guide-Releases 6.3 and 6.4 25-17 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 562
serial command. The file downloads to module 1 by default. When prompted, confirm four packets transferred. If there is a problem transferring the file, one or more of memory on the supervisor engine or the appropriate module, and reprograms procedures over the supervisor engine console port - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 563
Kermit send command from there[ Send `Filename`] Kermit> send None Last warning: None Kermit> connect Finished network download. (1136844 bytes) Flash erase in progress to be reset to run the new image. Cisco Systems Console Enter password: Mon Apr 06, 1998 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 564
escape character followed by C to get back, or followed by ? to see other options. Download OK Initializing Flash Programming Flash Base....Code....Length....Time....Done Cisco Systems Console Enter password: Mon Apr 06, 1998, 17:35:08 Console> 25-20 Catalyst 6000 Family Software Configuration - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 565
connection from the telephone network to your console port introduces security issues that you should consider before enabling the connection. For example, remote users can dial into your modem and access the switch configuration settings. Caution If you have redundant supervisor engines, you must - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 566
bps, depending on the speed supported by your modem. Enter the confreg ROM monitor command to configure the console port transmission speed. c. Connect a modem to the remote computer and to the telephone network and configure it for the same speed as the supervisor engine. d. Dial the number of - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 567
page 26-3 • Uploading Configuration Files to a TFTP Server, page 26-5 • Copying Configuration Files Using rcp, page Configuration Files from an rcp Server, page 26-6 • Uploading Configuration Files to an rcp Server, page 26-7 • Clearing module and port configurations. 78-13315-02 Catalyst - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 568
IP addresses are not changed, and ports and modules are not disabled. • If no passwords have module disable mod - set port disable mod/port Creating a Configuration File When creating a configuration file, you must list #dns set ip dns server 172.16.10.70 primary set ip dns server 172.16.10.140 set - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 569
hardware that supports the etc/inetd.conf and /etc/services files. To restart the daemon server and the name of the file to download. The configuration file downloads, and the commands are executed as the file is parsed line-by-line. 78-13315-02 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 570
address or name of remote host []? 172.20.52.3 Name of file to copy from []? dns-config.cfg Configure using tftp:dns-config.cfg (y/n) [n]? y / Finished network download. (134 bytes) >> >> set ip dns server 172.16.10.70 primary 172.16.10.70 added to DNS server table as primary server. >> set ip dns - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 571
• Ensure that the workstation acting as the TFTP server is configured properly. On a Sun workstation, make sure that the /etc/inetd.conf file contains this line: tftp dgram udp wait root /usr/etc/in.tftpd in.tftpd -p -s /tftpboot Make sure that the /etc/services file contains this line: tftp 69/udp - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 572
a connectionless protocol, rcp uses Transmission Control Protocol (TCP), which is connection-oriented. To use rcp to copy files, the server from or to which you will be copying files must support rcp. The rcp copy commands rely on the rsh server (or daemon) on the remote system. To copy files using - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 573
name of remote host []? 172.20.52.3 Name of file to copy from []? dns-config.cfg Configure using rcp:dns-config.cfg (y/n) [n]? y / Finished network download. (134 bytes) >> >> set ip dns server 172.16.10.70 primary 172.16.10.70 added to DNS server table as primary server. >> set ip dns server 172.16 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 574
running configuration on a Catalyst 6000 family switch to an rcp server for storage: Console> (enable) copy config rcp IP address or name of remote host []? 172.20.52.3 Name of file to copy clear config all 26-8 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 575
configuration is inconsistent. The output of the show module command indicates this problem. To resolve the inconsistency, clear the configuration on the problem module. This example shows how to clear the configuration on a specific module: Console> (enable) clear config 2 This command will clear - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 576
, ensure the following: • You have a connection to the MSFC either with a console terminal or remotely through a Telnet session. • The MSFC is connected to a network supporting a file server (remote host). • The remote host supports the TFTP application. • You have the IP address or name of the - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 577
remote file server. remote host successfully, contact your network administrator or see http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for instructions on contacting the technical assistance center. Uploading the Configuration File to the Supervisor Remote Host After you install - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 578
or address of the remote server and the filename, and repeat the preceding steps. If you are unable to retrieve the configuration, contact your network administrator or see http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for instructions on contacting the technical assistance - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 579
the configuration file. Downloading the Configuration File from the Supervisor Engine Flash PC Card To download the configuration file from the supervisor engine Flash PC card in PCMCIA slot 0, perform config 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 26-13 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 580
Working with Configuration Files on the MSFC Chapter 26 Working with Configuration Files 26-14 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 581
• Provides you with logging information for monitoring and troubleshooting • Allows you to select the types of logging remotely by accessing the switch through Telnet or the console port, or by viewing the logs on a syslog server. 78-13315-02 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 582
Private VLAN facility Quality of Service Remote Access Dial-In User Service ReSerVation Protocol Security Simple Network Management Protocol Spanning Tree Protocol System Terminal Access Controller Transmission Control Protocol 27-2 Catalyst 6000 Family Software Configuration Guide-Releases - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 583
Protocol VLAN Membership Policy Server VLAN Trunking Protocol Table 27-2 describes the severity levels supported by the system message logs facility to which the message refers (for example, SNMP, SYS, etc.). Single-digit code from 0 to 7 that indicates the severity of the message. Text string - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 584
01:26 %SYS-5-MOD_OK:Module 1 is online 1999 Apr 16 10:01:47 %SYS-5-MOD_OK:Module 3 is online 1999 Apr 16 10:01:42 %SYS-5-MOD_OK:Module 6 is online 1999 Apr 16 10: Daemon on a UNIX syslog Server, page 27-7 27-4 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 585
Chapter 27 Configuring System Message Logging Configuring System Message Logging • Configuring syslog Servers, page 27-7 • Displaying the Logging Configuration, page 27-9 • Displaying System > (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 27-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 586
to log to the logging set logging buffer buffer_size buffer. Verify the system message logging configuration. show logging [noalias] 27-6 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 587
syslog Daemon on a UNIX syslog Server Before you can send system log messages to a UNIX syslog server, you must configure the syslog daemon on a UNIX server. Log in as root, server messages. Command set logging server ip_addr set logging server facility server_facility_parameter set logging server - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 588
disable This example shows how to disable logging to syslog servers: Console> (enable) set logging server disable System logging messages will not be sent to the configured syslog servers. Console> (enable) 27-8 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 589
the host names of the configured syslog servers. To display the current system message logging 2 3 2 2 2 5 2 2 2 2 4 2 2 Current Session Sever 5 4 3 5 2 2 2 2 2 2 3 2 5 5 5 2 2 3 3 2 3 2 2 2 5 2 2 2 2 4 2 2 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 27-9 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 590
Apr 16 08:40:11 %SYS-5-MOD_OK:Module 1 is online 1999 Apr 16 08:40:14 %SYS-5-MOD_OK:Module 3 is online 1999 Apr 16 08:40:14 %SYS-5-MOD_OK:Module 2 is online 1999 Apr 16 08:41:15 %PAGP 3/1-2 Console> (enable) 27-10 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 591
. To use DNS, you must have a DNS name server present on your network. You can specify a primary DNS name server on the switch as well as two backup servers. The first server specified is the primary unless you explicitly identify the primary server. The switch sends DNS queries to the primary - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 592
DNS, page 28-2 • Clearing a DNS Server, page 28-3 • Clearing the DNS Domain Name server 10.2.2.1 10.2.2.1 added to DNS server table as primary server. Console> (enable) set ip dns server 10.2.24.54 primary 10.2.24.54 added to DNS server table as primary server. Console> (enable) set ip dns server - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 593
This example shows how to clear all of the DNS servers from the DNS server table: Console> (enable) clear ip dns server all All DNS servers cleared Console> (enable) Clearing the DNS Domain Name To (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 28-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 594
Configuring DNS Chapter 28 Configuring DNS 28-4 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 595
including routers, bridges, access and communication servers, and switches. Using CDP, you can view information about all the Cisco devices directly attached to the switch. In addition, CDP detects native VLAN and port duplex mismatches. Network management applications can retrieve the device type - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 596
cdp disable CDP disabled globally Console> (enable) show cdp CDP : disabled Message Interval : 60 Hold Time : 180 Console> (enable) 29-2 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 597
3/1 disabled 3/2 disabled 3/3 disabled 3/4 disabled 3/5 disabled 3/6 disabled 3/7 enabled 3/8 enabled 3/9 enabled 3/10 enabled 3/11 enabled 3/12 enabled Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 29-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 598
message interval specifies how often the switch will transmit CDP messages to directly connected Cisco devices. To set the default CDP message interval, perform this task in privileged 225 Console> (enable) 29-4 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 599
for a device that supports earlier versions of about directly connected Cisco devices, perform this WS-C2948 3/1 JAB023806JR(4003) 2/1 WS-C4003 3/2 JAB023806JR(4003) 2/2 WS-C4003 3/5 JAB023806JR(4003) 2/5 WS-C4003 3/6 JAB023806JR(4003) 2/6 WS Guide-Releases 6.3 and 6.4 29-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 600
Copyright (c) 1995-1999 by Cisco Systems, Inc. Platform: WS-C2948 Port-ID (Port on Neighbors's Device): 2/2 VTP Management Domain: Lab_Network Native VLAN: 522 Duplex: full Console> (enable) Chapter 29 Configuring CDP 29-6 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 601
shuts down the affected port and alerts the user. Unidirectional links can cause a variety of problems, including spanning tree topology loops. UDLD is a Layer 2 protocol that works with the Layer 1 mechanism. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 30-1 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 602
specific acknowledgment (echo), the link is flagged as unidirectional and the port is shut down. Devices on both ends of the link must support UDLD in order for the protocol to successfully identify and disable unidirectional links. Note With supervisor control Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 603
ports, perform this task in privileged mode: Step 1 Step 2 Task Enable UDLD on a specific port. Verify the configuration. Command set udld enable mod/port show udld port [mod[/port]] This > (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 30-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 604
, perform this task in privileged mode: Step 1 Step 2 Task Disable UDLD on a specific port. Verify the configuration. Command set udld disable mod/port show udld port [mod[/port seconds Console> (enable) 30-4 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 605
is disabled by default and its use is recommended only for point-to-point links between Cisco switches running software release 5.4(3) or later releases. With UDLD aggressive mode enabled, when a show udld 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 30-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 606
is enabled or disabled. Message interval in seconds. Module and port number(s). Status of whether administration status is not applicable (UDLD and/or the local port has been manually disabled), shutdown (unidirectional link has been detected and the Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 607
specific events occur. An NTP server must be accessible by the client switch. NTP runs over User Datagram Protocol (UDP), which runs over IP. NTP is documented in RFC attached to a time server. NTP distributes this time across the network. NTP is extremely efficient Guide-Releases 6.3 and 6.4 31-1 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 608
Cisco's implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that you obtain the time service for your network from the public NTP servers Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 609
server, such as a router, regularly broadcasts time-of-day information on the network. To compensate for any server disabled NTP-Server Console> ( an NTP server. You can configure up to ten server addresses per server. Enable NTP client mode. Verify the NTP configuration. Command set ntp server - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 610
running NTP. When you enable the authentication feature, the client switch sends time-of-day requests to trusted NTP servers only. The authentication feature is documented in RFC 1305. You can configure up to ten authentication keys per client. Each authentication key is actually a pair of two - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 611
Broadcast client mode: disabled Broadcast delay: 3000 microseconds Client mode: enabled Authentication: enabled NTP-Server Server Key 172.16.52.65 Key Number Mode Key String Console> (enable) Setting the -02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 31-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 612
August. Console> (enable) To enable the daylight saving time clock adjustment to a nonrecurring specific date, perform this task in privileged mode: Step 1 Step 2 Task Command Enable the show summertime 31-6 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 613
the NTP servers table on the switch, perform this task in privileged mode: Step 1 Step 2 Task Specify the NTP server to clear. Verify the NTP configuration. Command clear ntp server [ip_addr | all] show ntp [noalias] 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 614
NTP This example shows how to clear an NTP server address from the NTP server table: Console> (enable) clear ntp server 172.16.64.10 NTP server 172.16.64.10 removed. Console> (enable disabled Console> (enable) 31-8 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 615
the LAN, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation or in the network configuration can cause a broadcast storm. Broadcast configured threshold. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 32-1 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 616
configure broadcast suppression on the Catalyst 6000 family switches: • Enabling Broadcast Suppression, page 32-3 • Disabling Broadcast Suppression, page 32-4 32-2 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 617
example shows how to limit the multicast and broadcast traffic to 80 percent for port 2 on module 1 and verify the configuration: Console> (enable) set port broadcast 1/2 80% multicast enable Port (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 32-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 618
disable broadcast suppression on one or more ports: Console> (enable) clear port broadcast 3/1 Port 3/1-8 broadcast traffic unlimited. Console> (enable) 32-4 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 619
implemented on the supervisor engine and does supported only on nontrunking Ethernet, Fast Ethernet, and Gigabit Ethernet ports. Trunking ports are always members of all protocol groups. To avoid compatibility issues with other networking only after packets of the specific protocol are received on - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 620
Protocol Filtering For example, if a host that supports both IP and Internetwork Packet Exchange (IPX) is host. However, if the host sends an IPX packet, the supervisor engine software detects the protocol traffic and the port is added Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 621
disable Layer 3 protocol filtering: Console> (enable) set protocolfilter disable Protocol filtering disabled on this switch. Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 33-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 622
Configuring Layer 3 Protocol Filtering Chapter 33 Configuring Layer 3 Protocol Filtering 33-4 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 623
permit list, or both lists. The bits set to one in the mask are checked for a match with the source IP address of incoming packets, while the bits set to zero are not checked. This process allows wildcard address specification. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 624
mode: Step 1 Step 2 Task Specify the IP addresses to add to the IP permit list. Verify the IP permit list configuration. Command set ip permit ip_address [mask] [telnet | snmp | ssh] show ip permit 34-2 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 625
enable either the SNMP permit list, the Telnet permit list, or both lists. If you do not specify a permit list, both the SNMP and Telnet permit lists are enabled. Caution Before enabling the IP permit list, make sure you add the IP address of your workstation or network management system to the - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 626
(enable) show snmp RMON: Disabled Extended Rmon: Extended RMON module is not present Traps Enabled: ippermit Port Traps Enabled: None String public private secret Trap-Rec-Address Console> (enable) Trap-Rec-Community Disabling the IP Permit List To disable the IP permit list on the - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 627
list. Specify the IP address to remove from the IP permit list. Verify the IP permit list shows how to clear an IP permit list entry: Console> (enable) set ip list. Console> (enable) clear ip permit 172.160.161.0 255.255.192.0 snmp 172.160.128.0 with mask 255.255.192.0 cleared from snmp permit list - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 628
Configuring the IP Permit List Chapter 34 Configuring the IP Permit List 34-6 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 629
security to filter traffic destined to or received from a specific host based on the host MAC address. This section maximum number of MAC addresses for each port depends on your network configuration. The following combinations are examples of valid allocations: • Guide-Releases 6.3 and 6.4 35-1 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 630
compared to the list of secure source addresses that were manually configured or autoconfigured link-down trap is sent to the Simple Network Management Protocol (SNMP) manager. An SNMP packets that are tagged with a specific source MAC address are discarded. Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 631
address. set port security mod/port enable [mac_addr] You can add MAC addresses to the list of secure set port security mod/port mac_addr addresses. Verify the configuration. show port [mod[/ 100 100BaseTX 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 35-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 632
38 This example shows how to enable port security on a port and manually specify the secure MAC address: Console> (enable) set port security 2/1 clears the specified number of MAC addresses and displays the list of removed addresses. To set a number of MAC Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 633
list list for port 7/7 00-11-22-33-44-66 cleared from secure address list secure address list. The valid addresses from a list of secure addresses on list of secure MAC list on port 7/7: Console> (enable) clear port security 7/7 00-11-22-33-44-55 00-11-22-33-44-55 cleared from secure address list - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 634
7/5-7: Console> (enable) clear port security 7/5-7 all All addresses cleared from secure address list for ports 7/5-7 Console> (enable) Specifying the Security Violation Action You can set the shutdown time 35-6 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 635
mac_address vlan show cam static This example shows how to create a filter that restricts traffic for a specific MAC address: Console> (enable) set cam static filter 00-02-03-04-05-06 1 Filter > (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 35-7 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 636
08 * FILTER Displaying Port Security The show port security command displays the following information: • List of secure MAC addresses for a port • Maximum number of secure addresses allowed on a > (enable) 35-8 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 637
Total global address space used (out of 1024): 0 Status: installed Module 3: Module does not support port security feature Module 6: Total ports: 48 Total MAC address(es): 48 Total global address space used (out of 1024): 0 Status: installed Module 7: Total ports: 24 Total MAC address(es): 223 Total - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 638
Configuring Port Security Chapter 35 Configuring Port Security 35-10 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 639
A P T E R This chapter describes how to configure the Simple Network Management Protocol (SNMP) on the Catalyst 6000 family switches. This chapter consists Reference publication. SNMP Terminology Table 36-1 lists the terms used in SNMP technology. Table 36-1 SNMP Terminology Term authentication - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 640
to exceed 64 characters) for each group; the view name defines the list of object identifiers (OIDs) that can be read by users belonging to the Cisco IOS supports three security models: SNMPv1, SNMPv2c, and SNMPv3. A network management protocol that provides a method to monitor and control network - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 641
or remote device. defines the list of network administrators to manage network performance, find and solve network problems, and plan for network growth. There are three versions of SNMP: • Version 1 (SNMPv1)-This is the initial implementation of SNMP. Refer to RFC Guide-Releases 6.3 and 6.4 36-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 642
defines the access policy for a set of users - SNMP objects access an access policy for reading, writing, and creating - A group determines the list of notifications its users can receive - A group also defines the security model and security level for its users 36-4 Catalyst 6000 Family Software - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 643
Remote Monitoring (RMON) MIBs, which run on managed devices • SNMP network support SNMP network management with the following features: • SNMP traps (see the "Configuring SNMPv1 and SNMPv2c from the CLI" section on page 36-10) • RMON in the supervisor engine module Guide-Releases 6.3 and 6.4 36-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 644
, under the following conditions: - When a port or module goes up or down - When temperature limitations are exceeded Cisco enterprise networks and devices. CiscoWorks2000 includes Resource Manager Essentials and CWSI Campus, which allow you to deploy, configure, monitor, manage, and troubleshoot - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 645
to devices by authenticating and encrypting packets over the network. The security features provided in SNMPv3 are as Dispatcher • Message processing subsystem • Security subsystem • Access control subsystem Figure 36-1 provides an illustration of the SNMP entity Guide-Releases 6.3 and 6.4 36-7 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 646
Access Control Subsystem View-based access control model Other access control model , SNMPv2c, SNMPv3), or it may contain a number of modules, each supporting a different version of SNMP. Security Subsystem The security subsystem Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 647
of the security subsystem may support one or more distinct security model (USM) for SNMPv3, specified in RFC 2274. The USM protects SNMPv3 messages from control model, the view-based access control model (VACM), currently has been defined. With VACM, you can control Guide-Releases 6.3 and 6.4 36-9 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 648
settings for each command listed in the configuration section. CiscoWorks2000" section on page 36-6). The switch supports up to 20 trap receivers through the RMON2 rcvr_community set snmp trap enable [all | module | chassis | bridge | repeater | auth Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 649
RMON module is not present Traps Enabled: Port,Module,Chassis,Bridge the SNMP commands supported by the configuration settings for each command listed in the configuration section. Using CiscoWorks2000" section on page 36-6). The switch supports up to 20 trap receivers through the RMON2 trap - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 650
9 Step 10 Step 11 Task Command Set the SNMP-Server EngineID set snmp engineid engineid name for the local SNMP [-hex] {username} [remote {engineid}] [{authentication [md5 community table for the system default part, which maps community strings of previous Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 651
user guestuser2 security-model v3 Snmp group was set to mygroup user guestuser2 and version v3, nonvolatile. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 36-13 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 652
-v3 10.6.4.201 guestuser2 ifDescr.1 Enter Authentication password :guestuser2password Enter Privacy password :privacypasswd2 REPORT received, cannot recover: usmStatsUnsupportedSecLevels.0 = 1 36-14 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 653
systems to exchange network monitoring data. The supervisor engine software provides embedded support for these components of the RMON specification (see the "Supported RMON and RMON2 MIB Objects" section on page 37-2 for details): • The following RMON groups are defined in RFC 1757: - Statistics - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 654
is available only on a network management system (NMS) that supports RFC 1757 and RFC 2021 (see the "Using Supported RMON and RMON2 MIB Objects Table 37-1 lists the RMON and RMON2 MIB objects supported by the supervisor engine software. 37-2 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 655
Chapter 37 Configuring RMON Supported RMON and RMON2 MIB Objects Table 37-1 Supervisor Engine RMON and RMON2 Support Object Identifier (OID) and Description Source ...mib-2(1).rmon(16).statistics(1).etherStatsTable(1) RFC 1757 (RMON-MIB) Counters for packets, octets, broadcasts, errors, etc. - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 656
Supported RMON and RMON2 MIB Objects Chapter 37 Configuring RMON 37-4 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 657
describes how to configure Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) on the Catalyst 6000 family switches. page 38-8 Note To configure SPAN or RSPAN from a network management station (NMS), refer to the NMS documentation (see the Software Configuration Guide-Releases 6.3 and 6.4 38-1 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 658
By default, an active destination port disables incoming traffic (from the network to the switching bus), unless you specifically enable the port. If incoming traffic is enabled for the destination port, tree. 38-2 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 659
of the network traffic list are monitored, provided these VLANs are active for the trunk. • For VSPAN sessions with both ingress and egress SPAN configured, the system operates as follows based upon the type of supervisor engine you have: - WS-X6K-SUP1A-PFC, WS-X6K-SUP1A-MSFC, WS-X6K-SUP1A-MSFC2, WS - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 660
list becomes empty. Trunk VLAN filtering is not applicable to VSPAN sessions. SPAN Traffic All network traffic, including the multicast and bridge protocol data unit (BPDU) packets, can be monitored using SPAN (RSPAN does not support Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 661
supervisor engines support the SPAN feature. Understanding How SPAN Works SPAN selects network traffic for analysis by a network analyzer such as a SwitchProbe device or other Remote network analyzer on Ethernet port 10 receives all network E3 E10 E2 E1 Network analyzer S6884 For SPAN network - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 662
port does not support the Spanning Tree Protocol (STP) and may cause loops if you enable this option. • Learning is enabled by default. Use the inpkts keyword with the learning option to enable or disable learning for a specific port. • You can specify a Multilayer Switch Module (MSM) port as - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 663
in spanning tree for that VLAN. Use caution when using the inpkts keyword to avoid creating network loops with the SPAN destination port or assigning the SPAN destination port to an unused VLAN. inpkts enable 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 38-7 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 664
, page 38-9 • RSPAN Configuration Guidelines, page 38-10 • Configuring RSPAN, page 38-11 • RSPAN Configuration Examples, page 38-14 38-8 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 665
Switch Feature Card (MSFC): WS-X6K-SUP1A-MSFC - Supervisor Engine 1, PFC, and MSFC2: WS-X6K-S1A-MSFC2 - Supervisor Engine 2 and PFC2: WS-X6K-S2-PFC2 - Supervisor Engine 2, PFC2, and MSFC2: WS-X6K-S1A-MSFC2 • For destination or intermediate switches-Any Cisco switch supporting RSPAN VLAN No third - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 666
network for use as RSPAN VLANs; do not assign access ports to these VLANs. Tip You can apply an output access control list (ACL) to RSPAN traffic to selectively filter specific traffic is forwarded to remote switches in the RSPAN does not support monitoring of BPDU packets quality of service (QoS) - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 667
). When you configure a remote ingress or bidirectional SPAN session special properties of RSPAN VLANs are supported in all the switches to avoid With VTP enabled in the network, you can create the RSPAN flow of RSPAN traffic, or manually delete the RSPAN VLAN from all Guide-Releases 6.3 and 6.4 38-11 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 668
: 500 Admin Source : VLAN 200 Oper Source : None Direction : receive Incoming Packets: - Learning : - Multicast : enabled Filter : - Console> (enable) 38-12 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 669
This command will disable all remote span source session(s). Do you want source(s) on the switch for remote span. Console> (enable) This remote span destination session(s). Do you want to continue (y/n) [n]? y Disabled monitoring of remote Disabled monitoring of remote span traffic on port - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 670
on all the switches using the set vlan vlan rspan command. With VTP enabled in the network, you can create the RSPAN VLAN in one switch and VTP propagates it to the other switches rspan destination 1/2 901 38-14 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 671
set rspan source 3/1-3 901 No RSPAN CLI command needed set rspan source 2/1-2 901 set rspan destination 1/2 901 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 38-15 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 672
RSPAN VLANs in each of the switches for the respective RSPAN sessions. With VTP enabled in the network, you can create the RSPAN VLAN in one switch and VTP propagates it to the other switches source 4/1-3 902 38-16 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 673
SPAN and RSPAN Configuring RSPAN Adding Multiple Network Analyzers to an RSPAN Session You can attach multiple network analyzers (probes) to the same RSPAN 4/2 4/3 Source switch(es) (access) Switch F 27393 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 38-17 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 674
Configuring RSPAN Chapter 38 Configuring SPAN and RSPAN 38-18 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 675
switch. Note The Switch TopN Reports utility cannot be used to generate reports on Multilayer Switch Module (MSM) or Multilayer Switch Feature Card (MSFC and MSFC2) ports. Note When calculating port duplex. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 39-1 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 676
are completed. For reports that are not completed, the system displays a short description of the Switch TopN process information. 39-2 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 677
All Switch TopN processes (both with and without the background option) are shown in the list. This example shows how to run the Switch TopN Reports utility with the background option: Console ] [port_type] 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 39-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 678
stored and pending reports, do not specify a report_num. This example shows how to display a specific report and how to display all stored and pending reports: Console> (enable) show top report report_num} 39-4 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 679
pending reports. Only the reports that have completed are cleared. This example shows how to remove a specific report and how to remove all stored reports: Console> (enable) clear top 4 Console> (enable enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 39-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 680
Running and Viewing Switch TopN Reports Chapter 39 Using Switch TopN Reports 39-6 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 681
E R Configuring Multicast Services This chapter describes how to Catalyst 6000 family switches: • Multicasting and Multicast Services Overview, page 40-2 • Understanding How IGMP Forwarding Multicast Fast Drop, page 40-5 • Enabling Installation of Directly Connected Subnets, page 40-6 78-13315- - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 682
Supervisor Engine 1, Supervisor Engine 1A, and Supervisor Engine 2). A PFC is not required to enable IGMP snooping. Cisco Group Management Protocol (CGMP) is not supported on the Catalyst 6000 family switches, although CGMP server is supported on the MSFC. To support control to the port list of this - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 683
Services switch CPU. The switch installs a new group entry for to the outgoing interface list (OIL) for the this is an IGMP control packet and redirects it network, join and leave suppression does not occur. In a network in traffic for the specific multicast group. If Guide-Releases 6.3 and 6.4 40-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 684
Services When the router receives the IGMP leave, it sends several IGMP group-specific interface from the port list of a forwarding- leave is supported with IGMP and on the host. (Cisco is not a source for 's Layer 3 IGMP control packets. The switch receives both the Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 685
Services Understanding to work. Only PIM sparse mode is currently supported. All routers on the network must be RGMP-capable. RGMP-capable routers to the router by the switch unless an RGMP join is specifically sent for a group. When RGMP feature is disabled on the Guide-Releases 6.3 and 6.4 40-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 686
the PIM assert mechanism, the PFC leaks a percentage of the non-RFP flow packets to the MSFC. Non-RPF MFD is enabled on the switch by default. Non-RPF MFD is supported with Supervisor Engine 2 only. Enabling Installation of Directly Connected Subnets In PIM sparse mode, a first-hop router that - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 687
Services Configuring IGMP Snooping • Disabling IGMP Fast-Leave Processing, page 40-12 • Disabling IGMP Snooping, page 40-12 Default IGMP Snooping Configuration Table 40-2 shows the default IGMP snooping configuration. Note IGMP snooping is enabled by default in supervisor Group Specific Queries - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 688
Services Specifying IGMP Snooping Mode IGMP snooping runs in teither IGMP-only mode or IGMP-CGMP mode. The switch dynamically chooses either IGMP-only or IGMP-CGMP mode, depending on the traffic present on the network of the multicast control packets (such as Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 689
Chapter 40 Configuring Multicast Services Configuring IGMP Snooping This example pkts rcvd: Total invalid pkts recvd General Queries recvd Group Specific Queries recvd MAC-Based General Queries recvd Leaves recvd Reports recvd 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 40-9 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 690
Services To display the dynamically learned multicast router information, perform these tasks in privileged mode: Task Command Display information on dynamically learned and show multicast router [mod/port] [vlan_id] manually Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 691
40 Configuring Multicast Services Configuring IGMP Snooping pkts rcvd: Total invalid pkts recvd General Queries recvd Group Specific Queries recvd MAC-Based General Queries recvd Leaves recvd Reports 10 0 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 40-11 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 692
Configuring GMRP Chapter 40 Configuring Multicast Services Disabling IGMP Fast-Leave Processing To disable IGMP fast-leave processing, perform this task in • Disabling GMRP Globally on the Switch, page 40-19 40-12 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 693
Services Configuring GMRP Note For an overview of GMRP operation, see the "Understanding How GMRP Works" section on page 40-4. GMRP Software Requirements GMRP requires supervisor = 600 LeaveAll = 10000 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 40-13 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 694
Configuring GMRP Chapter 40 Configuring Multicast Services Port based GMRP Configuration: Port GMRP Status Registration ForwardAll 1/1-2,3/1,6/1-48,7/1-24 Enabled this task in privileged mode: 40-14 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 695
Services router that needs to receive any multicasts (routers do not support GMRP and so cannot send GMRP join mesages). The forward-all to forward all registered multicast traffic to a port with a network analyzer or probe attached. To enable the GMRP forward-all Guide-Releases 6.3 and 6.4 40-15 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 696
GMRP Chapter 40 Configuring Multicast Services This example shows how to A port in fixed registration mode continues to register multicast groups that are specific to the port. You must return the port to normal registration mode Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 697
Chapter 40 Configuring Multicast Services Configuring GMRP Console> (enable) set gmrp registration fixed 2/10 GMRP Registration is set fixed on port 2/10. Console timer. The aliases may be used if desired. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 40-17 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 698
Configuring GMRP Chapter 40 Configuring Multicast Services Note Modifying the GARP timer values affects the behavior of all GARP applications running Join 300 Leave 650 LeaveAll 12000 Console> (enable) 40-18 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 699
Chapter 40 Configuring Multicast Services Configuring GMRP Displaying GMRP Statistics To display GMRP statistics on the switch, perform this task in globally on the switch. Command set gmrp disable 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 40-19 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 700
Ports and Group Entries Chapter 40 Configuring Multicast Services This example shows how to disable GMRP globally 3/1 indicates that the entry was configured manually): Console> (enable) set multicast router 3/1 Port 3/1 added to multicast router port list. Console> (enable) show multicast router - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 701
specific, manually configured multicast router ports. Clear all manually manually configured multicast router port entry: Console> (enable) clear multicast router 2/12 Port 2/12 cleared from multicast router port list. Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 702
Chapter 40 Configuring Multicast Services Clearing Multicast Group Entries To clear manually configured multicast group entries, on the MSFC, page 40-25 Configuring RGMP on the Supervisor Engine These sections describe the commands for configuring RGMP: • Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 703
Chapter 40 Configuring Multicast Services Configuring RGMP Task Enable RGMP. Disable RGMP. Command set rgmp enable set rgmp disable This example shows a given VLAN, perform this task in privileged mode: 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 40-23 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 704
Configuring RGMP Chapter 40 Configuring Multicast Services Task Display the RGMP statistics for a specified VLAN. Command show Number of Entries = 3 '*' - Configured '+' - RGMP-capable Console> (enable) 40-24 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 705
Chapter 40 Configuring Multicast Services Displaying Multicast Protocol Status Clearing RGMP Statistics This command clears stored RGMP statistics. To clear status. Command show multicast protocols status 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 40-25 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 706
40 Configuring Multicast Services This example shows how to display the multicast protocol status: Console> (enable) show multicast protocols status IGMP disabled IGMP fastleave enabled RGMP enabled GMRP disabled 40-26 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 707
required to support Common Open Policy Service (COPS) COPS protocol • RSVP null service template and receiver proxy functionality Supervisor Engine 1 and Supervisor Engine 2 provide policing only for ingress traffic. Typically, networks switches selects network traffic, prioritizes network makes network - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 708
network Layer 2 class of service (CoS) values range a 2-byte Tag Control Information field that specification defines the three most significant bits of the 1-byte Type of Service 3 differentiated services code point a DSCP value. QoS supports the use of either Marking, according to RFC 2475, is the - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 709
specifically differentiated, Layer 3 switching engine refers to either: - Supervisor Engine 2 with Layer 3 Switching Engine II (Policy Feature Card 2 or PFC2) - Supervisor Engine 1 with Layer 3 Switching Engine WS Card (MSFC) FlexWAN Module interfaces ATM-LANE egress Guide-Releases 6.3 and 6.4 41-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 710
port (tail-drop thresholds) Strict priority queue 100% for CoS 5 Standard queue 100% for CoS 0, 1, 2, 3, 4, 6, 7 To switching engine 49393 41-4 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 711
CoS-to-DSCP map 4 From DSCP markdown map 5 From DSCP-to-CoS map To egress interface 25041 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 712
PFC? No Write ToS byte into packet Route traffic 27107 CoS = 0 for all traffic (not configurable) To egress port 41-6 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 713
priority 100% for CoS 2, 3 and 4 Low priority 100% for CoS 0 and 1 (Default values shown) Transmit frame 49380 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-7 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 714
show module command for the supervisor engine to display your switching engine configuration. The display shows the "Sub-Type" to be one of the following: • Supervisor Engine 2 (WS-X6K-SUP2-2GE) with Layer 3 Switching Engine II (WS-F6K-PFC2-Policy Feature Card 2 or PFC2) • Supervisor Engine 1 (WS - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 715
supports classification, marking, and policing using IP, IPX, and Media Access Control (MAC) access control lists (ACLs). ACLs contain access control transmitted to a single-port ATM OC-12 switching module with Layer 3 DSCP values. Multilayer Switch Feature Card Guide-Releases 6.3 and 6.4 41-9 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 716
• 1q4t ports (except Gigabit Ethernet) do not support the trust-ipprec and trust-dscp port keywords. You Port" section on page 41-32. In addition to the port configuration keywords listed above, with a Layer 3 switching engine, QoS uses trust-ipprec, trust-dscp Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 717
If QoS detects traffic in the strict-priority queue, it suspends its service of the standard queue and completes service of all traffic in the strict-priority queue before returning to the received traffic. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-11 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 718
-threshold configuration. Figure 41-8 shows the drop thresholds for a 1q4t port. Drop thresholds in other configurations function similarly. 41-12 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 719
The trust-ipprec and trust-dscp keywords are supported only with a Layer 3 switching engine and are not supported on 1q4t ports except Gigabit Ethernet. On 1q4t contain the dscp ACE keyword. Table 41-1 lists the per-port classifications and the marking rules that they invoke. 78- - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 720
2, 3, and 4 values. Marking with a Layer 3 switching engine uses Layer 2 CoS values and Layer 3 IP precedence or DSCP values. 41-14 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 721
traffic of each type (IP, IPX, and MAC) only to the corresponding ACL type (see Table 41-2). 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-15 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 722
IPX. QoS supports user-created named ACLs, each containing an ordered list of ACEs, You can create IP ACEs that match traffic with specific Layer 3 values by including these Layer 3 Network (IP precedence 7) - Internet (IP precedence 6) 41-16 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 723
. IP ACE Layer 4 TCP Classification Criteria You can create Transmission Control Protocol (TCP) ACEs that match traffic for specific TCP ports by including TCP source and/or destination port parameters (for . 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-17 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 724
Control Management Protocol (ICMP) ACEs that match traffic containing specific network-unknown 3 10 no-room-for-option 3 9 option-missing 8 0 packet-too-big 0 0 parameter-problem 10 0 4 0 3 5 41-18 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 725
match traffic containing specific IGMP messages by network, IPX ACEs support the following optional parameters: an IPX destination network mask (-1 matches any network number), an IPX destination node, and an IPX destination node mask 78-13315-02 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 726
and destination addresses and masks, entered as specific values or with the any keyword or list: - 0x809B (or ethertalk) - 0x80F3 (or aarp) - 0x6001 (or dec-mop-dump) - 0x6002 (or dec-mop-remote-console any traffic with a supported ethertype field value that Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 727
section on page 41-15). • trust-ipprec (IP ACLs only)-Instructs QoS to set internal and egress DSCP from received IP precedence values. in the default ACLs contains the dscp ACE keyword, which supports per-port classification of traffic. With the default values, the Guide-Releases 6.3 and 6.4 41-21 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 728
not retain their original priority, they are not counted as part of the bandwidth consumed by in-profile packets. For all values. To enable markdown, configure the table appropriately for your network. You give each policing rule a unique name when you create Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 729
. You cannot include a microflow policing rule in IPX or MAC ACEs. IPX and MAC ACEs support only aggregate policing rules. • By default, microflow policing rules do not affect bridged traffic. To and VLAN. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-23 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 730
41-25 • Transmit Queues, page 41-25 • Scheduling and Congestion Avoidance, page 41-25 • Marking, page 41-27 41-24 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 731
the switch detects traffic in the strict-priority queue, it suspends its service of the standard queue and completes service of all traffic in the strict-priority queue before returning to the standard . 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-25 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 732
-priority standard transmit queue (queue 1). • Frames with CoS 2, 3, or 4 go to the medium-priority standard transmit queue (queue 2). 41-26 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 733
completely separate from TopN and NetFlow Data Export and does not interact with either of these features. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-27 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 734
7 Marked-down DSCP from DSCP map Marked-down DSCP value equals original DSCP value (no markdown) Policing rules None Named ACLs None Default ACLs COPS1 support Supports per-port classification and marking, sets DSCP to 0 in traffic from untrusted ports, no policing Disabled RSVP - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 735
low-priority/high-priority ratio 4:255 Standard transmit-queue size ratio • Low priority: 80% • High priority: 20% 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-29 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 736
threshold 1 and transmit-queue 1/drop threshold 1: CoS 0-7 1. COPS=Common Open Policy Service 2. QoS implements receive-queue drop thresholds only on ports configured with the trust-cos port Rules, page 41-36 41-30 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 737
QoS Defaults, page 41-60 • Disabling QoS, page 41-60 • Configuring COPS Support, page 41-60 • Configuring RSVP Support, page 41-66 • Configuring QoS Statistics Data Export, page 41-70 Note enable | disable} 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-31 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 738
41 Configuring QoS Enabling Port-Based or VLAN-Based QoS Note The commands in this section are not supported with a Layer 2 Switching Engine. By default, QoS uses ACLs attached to ports. On a trust state. 41-32 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 739
traffic is ISL or 802.1Q frames carrying CoS values that you know to be consistent with network policy or to trust a configured port CoS value. Configuring the CoS Value for a Port cleared. Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-33 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 740
Creating Policing Rules Note The commands in this section are not supported with a Layer 2 Switching Engine. To create a policing rule names must start with an alphabetic character (not a digit) and must be unique across all microflow and aggregate policing Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 741
Note QoS programs the hardware with values that are multiples of 32K (32,768), not with the specific value entered. Enter either the drop keyword to cause all out-of-profile packets to be dropped . 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-35 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 742
policing rule named my_micro: Console> (enable) clear qos policer microflow my_micro my_micro QoS microflow policer cleared. Console> (enable) 41-36 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 743
QoS Configuring QoS Creating or Modifying ACLs Note The commands in this section are not supported with a Layer 2 Switching Engine. These sections describe ACL creation and modification: • ACL filtering. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-37 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 744
where you want wildcards. Use any of the following formats for the address and mask: • Four-part dotted-decimal 32-bit values • The keyword any as an abbreviation for a wildcard address and wildcard 41-16. 41-38 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 745
aggregate my-agg udp any any my_IPacl editbuffer modified. Use 'commit' command to apply changes. Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-39 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 746
to apply changes. Console> (enable) IP ACEs for IGMP Traffic Note QoS does not support IGMP traffic when IGMP snooping is enabled. To create or modify an IP ACE for IGMP all} editbuffer [editbuffer_index] 41-40 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 747
[precedence precedence | dscp-field dscp] [before editbuffer_index | modify editbuffer_index] show qos acl info {acl_name | all} editbuffer [editbuffer_index] 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-41 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 748
: any, ncp (17), netbios (20), rip (1), sap (4), or spx (5). The src_net and dest_net parameters are IPX network numbers, entered as up to 8 hexadecimal digits in the range 1 to FFFFFFFE (-1 matches any network number). You do not need to enter leading zeros. 41-42 Catalyst 6000 Family Software - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 749
destination network, IPX ACEs support the following optional parameters: • An IPX destination network mask, entered as up to 8 hexadecimal digits in the range 1 to FFFFFFFE (-1 matches any network number IPX. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-43 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 750
for IPX ACL is set successfully. Console> (enable) Note IPX and MAC ACLs do not support microflow policing rules. Deleting Named ACLs To delete a named ACL, perform this task in privileged mac | all} 41-44 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 751
ACLs in Flash Memory" section on page 16-42 for information about where QoS ACLs are stored. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-45 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 752
be attached to any interfaces. Detaching ACLs from Interfaces Note The commands in this section are not supported with a Layer 2 Switching Engine. To detach an ACL from a port or a VLAN, perform | vlan | all} 41-46 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 753
> (enable) Deleting a CoS Value to a Host Destination MAC Address/VLAN Pair Note QoS only supports this command with a Layer 2 Switching Engine. To delete a host destination MAC address and VLAN ] | all} 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-47 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 754
or Disabling Microflow Policing of Bridged Traffic Note The commands in this section are not supported with a Layer 2 Switching Engine. By default, microflow policing rules affect only Layer on page 41-11. 41-48 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 755
the tail-drop thresholds in 1p3q1t transmit queues. Configuring Standard Transmit-Queue WRED-Drop Thresholds 1p2q2t and 1p3q1t ports have weighted early random detection (WRED)-drop thresholds in their standard transmit queues. Note 1p3q1t ports also have nonconfigurable tail-drop thresholds - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 756
maintains separate configurations for each port type. This command configures only the standard queues; the strict-priority queue requires no configuration. The valid values for weight range from 1-255. 41-50 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 757
1p1q0t ports, estimate the mix of standard-priority and strict-priority traffic on your network (for example, 85 percent standard-priority traffic and 15 percent strict-priority traffic). . Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-51 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 758
rx q# thr# cos coslist show qos info config {1p1q4t rx | 1p1q0t rx | 1p2q2t tx | 2q2t tx | 1p3q1t tx} 41-52 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 759
-queue 2: Console> (enable) set qos map 1p1q0t rx 2 cos 7 QoS queue mapped to cos successfully. Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-53 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 760
revert to QoS map defaults: Console> (enable) clear qos map 1p3q1t tx Qos map setting cleared. Console> (enable) 41-54 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 761
QoS Configuring QoS Configuring DSCP Value Maps Note The commands in this section are not supported with a Layer 2 Switching Engine. These sections describe how DSCP values are mapped to Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-55 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 762
page 41-15 and the "Ethernet Egress Port Scheduling, Congestion Avoidance, and Marking" section on page 41-24. 41-56 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 763
For more information, see the "Policing Rules" section on page 41-22. Enter up to 64 DSCP-value-list/DSCP-value pairs. This example shows how to map DSCP markdown values: Console> (enable) set qos policed- ) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-57 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 764
Threshold CoS 1 1 0 1 1 2 2 3 2 1 4 5 2 2 6 7 Rx drop thresholds: Rx drop thresholds are disabled for untrusted ports. Queue # Thresholds - percentage (abs values ) 41-58 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 765
(abs values ) 1 40% 100% 2 40% 100% Tx WRED thresholds: WRED feature is not supported for this port_type. Queue Sizes: Queue # Sizes - percentage (abs values ) 1 80% 2 20% 20 5 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-59 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 766
set qos {enable | disable} Configuring COPS Support Note The commands in this section are not supported with a Layer 2 Switching Engine. Note COPS to configure QoS for all other traffic. These sections describe configuring COPS support: • Port ASICs, page 41-61 • Understanding QoS Policy, page - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 767
Point Servers, page 41-64 • Deleting PDP Server Configuration support features affect all ports controlled by a port ASIC. The following sections use the term "per-ASIC" to identify features that configure all ports on the same port ASIC: • The port ASICs on Gigabit Ethernet switching modules control - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 768
and aggregate policing rules • CoS to queue assignments • Threshold configuration • WRR weight and buffer configuration • Default port CoS and ACL-to-interface attachments Selecting Locally . show port qos 41-62 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 769
the capability of ports (for example, access or mod2_1-4). QoS supports 64 roles per switch. You can assign more than one role This example shows how to assign two new roles to the ASIC controlling port 2/1: Console> (enable) set port cops 2/1 roles mod2ports1-12 Guide-Releases 6.3 and 6.4 41-63 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 770
perform this task in privileged mode: Task Step 1 Delete PDP server configuration. Step 2 Verify the PDP server configuration. Command clear cops server {all | ip_address [diff-serv | rsvp]} show cops info 41-64 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 771
privileged mode: Step 1 Step 2 Task Configure the parameters COPS uses to communicate with the PDP server. Verify the configuration. Command set cops retry-interval initial increment maximum show cops info 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-65 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 772
server: Console> (enable) set cops retry-interval 15 1 30 Connection retry intervals set. Console> (enable) Configuring RSVP Support Note The commands in this section are not supported with a Layer 2 Switching Engine. These sections describe configuring RSVP null service enable RSVP support: Console - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 773
qos rsvp info This example shows how to disable RSVP support: Console> (enable) set qos rsvp disable RSVP disabled The DSBM is not reelected when additional RSVP devices join the network. To control which device is the DSBM, disable election participation in all Guide-Releases 6.3 and 6.4 41-67 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 774
only the RSVP address. This example shows how to delete PDP server configuration: Console> (enable) clear cops server all All COPS diff-serv servers cleared. All COPS rsvp servers cleared. Console> (enable) 41-68 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 775
RSVP messages to a newly elected DSBM on the segment. When there is no communication with the PDP server, the switch does not participate in election of the DSBM. To configure the time that the switch PDP. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-69 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 776
LOG_LOCAL6 (176), severity LOG_DE BUG (7) Aggregate policer export is not supported Console> (enable) show qos statistics export info Statistics export status 5/4 disabled Console> (enable) 41-70 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 777
of ingress packets • Number of ingress bytes • Number of egress packets • Number of egress bytes • Time stamp 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-71 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 778
take effect. This example shows how to enable QoS statistics data export for a specific aggregate policer and verify the configuration: Console> (enable) set qos statistics export aggregate PIR • Time stamp 41-72 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 779
9996. Console> (enable) show qos statistics export info Statistics export status and configuration information Export status: enabled 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 41-73 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 780
-policer statistics: Aggregate Policer Packet Count Packets exceed Packets exceed normal rate excess rate test 1000 20 5 Console> 41-74 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 781
Supervisor Engine 1 with Layer 3 switching engine (Policy Feature Card or PFC). ASLB is not supported on Supervisor Configuration Example, page 42-21 • Troubleshooting the ASLB Configuration, page 42-25 Hardware 416, 420, or 430 - Interface Modules-ASLB configuration requires two 10/100BASE-X - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 782
ASLB. With earlier supervisor engine software releases participating router. - Multilayer Switch Module (MSM)-If the Catalyst Cisco LocalDirector Installation and Configuration Guide, server VLAN. The LocalDirector supports directed mode and dispatched mode. Only the dispatched mode can be supported - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 783
specify up to 1024 server virtual-IP addresses and entries for the router VLAN and the server VLAN. In the CAM table, the router associated with a port index, and the server VLAN has entries for the router MAC addresses the server VLAN (VLAN 20), not on the router VLAN - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 784
servers. Table 42-2 lists the sequence of events, and Table 42-3 lists the Layer 3 table entries. These sections describe the client-to-server that of the appropriate server. When this frame that of the appropriate server. This redirected frame server has been terminated, and by - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 785
Server ASLB Packet Flow Path Number 1 VLAN 10 2 20 MAC Destination Address LocalDirector MAC1 Server N + 2... 20 Server MAC Router MAC1 VIP address of the server that the LocalDirector Client to Server ASLB Layer server that the LocalDirector selected. VLAN 20 MAC Destination Address Server - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 786
data is forwarded from the servers to the clients. Table 42-4 lists the sequence of events, and Table 42-5 lists the Layer 3 table entries. The traffic from the servers to the router or client 1 redirect Path 2 42-6 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 787
Check your connections to the servers attached to the switch. The servers must be either directly attached to configure the switch. Configuring ASLB This section lists the tasks necessary to configure ASLB: • Configuring to the Cisco LocalDirector Installation and Configuration Guide, Version 3.2, - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 788
on page 42-19. If you run into problems during your configuration, see the "Troubleshooting the ASLB Configuration" section on page 42-25. Routers Follow these router configuration guidelines: • The router must be the default gateway for the servers being load balanced and its MAC address must be - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 789
Alias 10.1.1.2 Servers1 10.1.1.x (real IP address) Loopback alias to 171.1.1.200 1. The default router on each server is 10.1.1.1. Supervisor Engine Follow these supervisor engine configuration guidelines: • Up to 32 router MAC addresses are supported. • Up to 1024 virtual-IP/TCP port pairs are - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 790
• With supervisor engine software server VLAN). You cannot configure any security IOS access control lists (ACLs) or VLAN access control lists (VACLs) on these VLANs. • Dedicate the router VLAN and server VLAN for ASLB use only. Do not connect other network port that is part of an EtherChannel, - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 791
add the switch ports to the correct VLANs (router VLAN and server VLAN). Note that the port speed and duplex type for the ports are set to autonegotiate as the default. If you have a problem with autonegotiation, configure the port speed and duplex type as follows: Guide-Releases 6.3 and 6.4 42-11 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 792
Note You can use a zero (0) as a wildcard (don't care) digit for the destination_tcp_port. To specify server virtual-IP addresses and TCP ports for acceleration, perform this task in privileged -address}... 42-12 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 793
ports for the backup LocalDirector. If this is not done, failover will not work because the supervisor engine will not send any traffic to the intended backup LocalDirector. To specify the VLAN the (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 42-13 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 794
not done, failover will not work because the supervisor engine will not send any traffic to the intended backup LocalDirector. To specify the VLAN the server is on and the LocalDirector port on the bootup. 42-14 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 795
-22-33-55-66 LD Router Side Router and LD are on VLAN 110 LD is connected to switch port 4/26 on VLAN 110 LD Server Side Server(s) and LD are on VLAN 105 LD is connected to switch port 4/40 on VLAN 105 Console> (enable) 78-13315-02 Catalyst 6000 Family - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 796
00-33-66-99-22-44 105 ARPA ARPA - 4/25 0 0 00:00:05 00:00:08 Console> (enable) 42-16 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 797
active shortcuts: 20 Console> (enable) This example shows how to display the statistics for a specific destination IP address: Console> (enable) show lda mls statistics entry destination 172.20.22. (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 42-17 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 798
{all | router_mac_address} This example shows how to clear the MLS entry at a specific destination address: Console> (enable) clear lda mls destination 172.20.26.22 MLS address. Console> (enable) This example shows how to clear a specific ASLB router MAC address: Console> (enable) clear lda mac - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 799
a typical ASLB network configuration. Figure 42-4 shows the example network; the configuration specifications are as follows: b6-00-4b-04. • The server farm IP addresses are 192.255.201.3 through 192.255.201.11. • The servers have been configured to ignore ARP Guide-Releases 6.3 and 6.4 42-19 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 800
LD Router Side Router and LD are on VLAN 7 LD is connected to switch port 5/7 on VLAN 7 LD Server Side Server(s) and LD are on VLAN 5 LD is connected to switch port 5/5 on VLAN 5 Console (enable) The ttl 60 42-20 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 801
network. The LocalDirectors and Catalyst 6000 family switches are configured to accelerate HTTP and Telnet for server VIP address 13.13.13.13. Caution Router 1 and router 2 are running Hot each router. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 42-21 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 802
2, f2 IP address: 5.0.0.101 (network 5) • HSRP IP address: 5.0.0.2 for network 5 • LocalDirector IP address: 5.0.0.1 • Server IP address: 5.100.100.100 • VIP address for servers: 13.13.13.13 Servers 33440 42-22 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 803
are as follows: • HSRP MAC address for network 7: 00-00-0c-07-ac-00 • HSRP MAC address for network 5: 00-00-0c-07-ac-01 • Router e0-b6-00-47-ec set lda router 9 3/27 3/23 set lda server 5 3/28 3/23 commit lda Router 1 Configuration The router 1 configuration is Guide-Releases 6.3 and 6.4 42-23 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 804
:0:tcp is predictor 13.13.13.13:80:0:tcp roundrobin predictor 13.13.13.13:23:0:tcp roundrobin 42-24 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 805
13.13.13.13:23:0:tcp 5.100.100.100:23:0:tcp Troubleshooting the ASLB Configuration Table 42-6 lists the possible problem symptoms and recommended actions to troubleshoot the ASLB configuration. Table 42-6 Troubleshooting the ASLB Configuration Symptom Recommended Action LocalDirector does not - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 806
42 Configuring ASLB Table 42-6 Troubleshooting the ASLB Configuration (continued) the Catalyst 6000 port. Ensure that the port speed and duplex settings are compatible on both ends of the link between the LocalDirector and the switch. Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 807
Catalyst 6500 6-and 9-slot chassis only. The WS-X6500-SFM 2 is supported in the Catalyst 6500 6-slot, 9-slot, 13-slot, and 6509-NEB chassis. Understanding How the Switch Fabric Module Works Note The Switch Fabric Module is supported only with Supervisor Engine 2 in the Catalyst 6500 series switch - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 808
but supports a number of show commands for monitoring purposes. A fully automated startup sequence brings the module online and runs the connectivity diagnostics on the ports. From the supervisor engine, you can reset the module using the reset module command, disable and enable the module using - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 809
you can manually specify which switching mode the system uses. If you have one or more nonfabric-enabled modules installed in only fabric-enabled modules installed, configure the switch to use compact mode. Note Nonfabric-enabled modules do not support compact mode. Guide-Releases 6.3 and 6.4 43-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 810
-enabled modules installed, perform module information: Console> (enable) show module Mod Slot Ports Module-Type Model Sub Status 11 2 1000BaseX Supervisor WS-X6K-SUP2-2GE yes ok 4 4 24 100BaseFX MM Ethernet WS-X6224-MM-MT no ok 43-4 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 811
Modules Configuring and Monitoring the Switch Fabric Module 55 0 Switch Fabric Module WS-C6500-SFM no ok Mod Module Sub-Hw 1 L3 Switching Engine II WS-F6K-PFC2 SAD04110B5S 0.305 Console> (enable channel counters module This example Global switching mode:truncated Module Num Fab Chan - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 812
Compact mode Note See the "Understanding How the Switch Fabric Module Works" section on page 43-1 for definitions for the 0% 0% 7 0% 0% 8 0% 0% 9 0% 0% 10 0% 0% 11 0% 0% 12 0% 0% 13 0% 0% 43-6 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 813
Fabric Modules Configuring and Monitoring the Switch Fabric Module 14 :02:52 20 min PS1-Type PS2-Type WS-CAC-1000W none Modem Baud Backplane-Traffic Peak Peak 0% 0% 10 0% 0% 11 0% 0% 12 0% 0% 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 43-7 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 814
Configuring and Monitoring the Switch Fabric Module Chapter 43 Configuring the Switch Fabric Modules 13 0% 0% 14 0% 0% 15 0% 0% 16 0% 0% 17 0% 0% Configuring the LCD Banner You can modify the LCD banner from the supervisor engine by entering the set banner lcd command to include the - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 815
supervisor engine • System contact After the LCD banner content is modified, this information is sent to the Switch Fabric Modules installed banner This example shows how to modify the LCD banner for the Switch Fabric Module: Console> (enable) set banner lcd &HelloWorld!& LCD banner set Console> ( - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 816
Configuring and Monitoring the Switch Fabric Module Chapter 43 Configuring the Switch Fabric Modules 43-10 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 817
network on the Catalyst 6000 family switches. Note While this chapter introduces a number of Cisco networking How a VoIP Network Works, page 44 Cisco CallManager are as follows: • Catalyst 4000, 5000, and 6000 switches running supervisor engine software release 6.1(1) or later releases. • Cisco - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 818
PBX System Cisco CallManager IP cloud Analog Trunk Gateway PSTN or PBX PSTN or PBX Voice Gateway 200 Analog stations (phone, fax, modem) Digital Trunk Gateway (WS-X6608-T1/E1) Analog Station Gateway (WS-X6624-FXS) 10/100BASE-TX Module * 10/100BASE-TX Module (WS-X6348-RJ45V) WS-PWR-PNL Analog - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 819
Network Works The IP phone can be powered by the following sources: • External power source-Optional transformer and power cord for connecting to a standard wall receptacle. • WS-X6348-RJ45V 10/100 switching module-Provides inline power to the IP phone. • WS Cisco Guide-Releases 6.3 and 6.4 44-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 820
for Cisco CallManager Release 3.0, and the Cisco CallManager v3.0 Remote Serviceability Users Guide publications. Access Gateways Access gateways allow the IP PBX system to talk to existing PSTN or PBX systems. Access gateways consist of analog station gateways, analog trunk gateways, digital trunk - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 821
How a VoIP Network Works The 24-port FXS analog interface module features are listed in Table 44-1. To configure the analog station interfaces, see the "Configuring VoIP on a Switch" section on page 44-9. Table 44-1 24-Port FXS Analog Interface Module Features Digital Signal Processing Per - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 822
a VoIP Network Digital Trunk Gateway The Catalyst 6000 family 8-port T1/E1 PSTN interface module is a high-density, eight port, T1/E1 VoIP module that can support both digital T1/E1 connectivity to the PSTN or transcoding and conferencing. The module requires an IP address, is registered with Cisco - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 823
the phone, Cisco CallManager instructs the called control channel. If a call is made to a number outside of the IP PBX network, Cisco CallManager routes the call to an analog or digital trunk gateway which in turn routes it to the PSTN. 78-13315-02 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 824
Network 11, "Configuring VLANs." Figure 44-3 shows how a Cisco IP Phone 7960 can be connected to a Catalyst 6000 Cisco IP Phone 7960" section on page 44-2). Introducing IP-based phones into existing switch-based networks supporting phones might reduce the quality of VoIP traffic. 44-8 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 825
power management details, and quality of service (QoS) configuration information. Voice-Related CLI Commands Table 44-3 lists the CLI commands described in the configuration procedures. Table 44-3 Voice-Related CLI Command Module and Platform Support CLI Commands Inline-power related commands - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 826
phones connected to other Catalyst 10/100BASE-TX switching modules, refer to the Catalyst Family Inline-Power Patch Panel Installation Note publication. For each IP phone connected to the WS-X6348-RJ45V module, the supervisor engine software allocates part of the available system power to power up - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 827
-X6348-RJ45V-enhanced 10/100BASE-TX switching module with voice daughter card When you enter the show module command, the WS-X6348 modules both display as WS-X6348-RJ-45 in the "Model" field. To determine if the module has a voice daughter card installed, look at the "Sub" field. For example, in the - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 828
)PAN WS-F6K-PFC2 SAD04440HVU Hw : 1.0 Console> Power Management Modes Each port is configured through the CLI, SNMP, or a configuration file to be in one of the following modes (configured through the set port inlinepower CLI command): • Auto-The supervisor engine directs the switching module to - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 829
up. If the link does not come up within 4 seconds, the supervisor engine instructs the switching module to turn power off. The entire cycle is repeated, and the switching module performs discovery and reports to the supervisor engine if a device is present on the port. Power Requirements IP Phones - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 830
Network Powering Off the Phone The supervisor engine can turn off power to a specific port by sending a message to the switching module. Support To support high availability during a failover from the active supervisor engine to the standby supervisor Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 831
is not supported. However, the supervisor engine detects the phone and powers it up. 10/100 module Network device Phone is inserted but has not booted, then phone is removed. A network device is plugged in. Inline power might damage the network device. 10/100 module Network device Cisco phone - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 832
The switching module detects if there is a problem providing inline power to the device and reports this problem to the supervisor engine. module. Power Supply Configured from Redundant to Nonredundant Once a module that was powered down due to lack of power is powered up and comes online, the module - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 833
Network Configuring VoIP on a Switch For modules that are already powered on, but have devices connected that are power denied, the supervisor Modules and Individual Ports To display the power status for modules 42V) Total inline power drawn by module 3: 0 Watt Port InlinePowered PowerAllocated - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 834
modules and individual ports: Console> (enable) show environment power 5 Feature not supported on module 5. Console> (enable) show environment power 9 Module module 9: 0 Watt Slot power Requirement/Usage : Slot Card Type PowerRequested PowerAllocated CardStatus Watts A @42V Watts A @42V 9 WS - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 835
Network WS-X6K-SUP1-2GE 3 WS-X6348-RJ-45 5 WS-X6348-RJ-45 6 Unknown 7 WS-X6248-RJ-45 9 WS module ports are inline powered but not all the ports on the module that instruct an attached Cisco IP VLAN ID). - Reset the Cisco IP Phone 7960 if the The Cisco IP Phone 7960 always - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 836
Configuring VoIP on a Switch Chapter 44 Configuring a VoIP Network Auxiliary VLAN Configuration Guidelines Follow these guidelines when configuring auxiliary VLANs: • An information. Console> (enable) 44-20 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 837
from the TFTP server. When disabling DHCP on a port, you must specify some mandatory parameters as follows: • If you do not specify DNS parameters, the software uses the system DNS configuration on the supervisor engine to configure the port. • 8-port T1/E1 PSTN interface module only: You cannot - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 838
interface configuration (this display is from the 24-port FXS analog interface module): Console> show port voice interface 5 Port DHCP MAC-Address IP- DHCP-Server TFTP-Server Gateway 5/1-24 10.6.15.155 - 10.6.15.155 - Port DNS-Server(s) Domain 5/1-24 12.2.2.1* cisco.cisco.com - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 839
Chapter 44 Configuring a VoIP Network Configuring VoIP on a Switch Displaying FDL Statistics Note FDL is a link management protocol used to help diagnose problems and gather statistics. To detected. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 44-23 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 840
the T1 module. The E1 module display would be the same except the port speed for the E1 module would be online) 7/8 enable 00-10-7b-00-0a-5f (Port host processor not online) Port Call-Manager(s) DHCP-Server TFTP-Sever Gateway 7/1 172.20.34.207* 172.20.34.207 172.20.34.207 - callm.cisco - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 841
a VoIP Network Configuring VoIP on a Switch Port DNS-Server(s) Domain 7/1 172.20.34.207 cisco.com 7/2 172.20.34.207* int.cisco.com 171.69.45.34 172.78.111.132 7/3 172.20.34.207 - 7/4 172.20.34.207 - 7/5 172.20.34.207 - 7/6 172.20.34.207 - 7/7 (Port host processor not online - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 842
a VoIP Network 7/4 enable 0f 10.6.15.172 255.255.255.0 Port Call-Manager(s) DHCP-Server TFTP-Server Gateway 7/1 10.6.15.155 10.6.15.155 10.6.15.155 - Console> (enable) 24-Port FXS Analog Interface Module In this example all ports should have a Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 843
207 172.20.34.207 172.20.34.207 - Port DNS-Server(s) Domain 3/1-24 172.20.34.207* cisco.com 172.34.23.111 Port CallManagerState DSP-Type 3/1-24 registered per port for the 8-port T1/E1 PSTN interface module but only one call per port for the 24-port FXS analog station interface - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 844
Configuring a VoIP Network To display active module only, this example shows detailed call information for all ports on the module): Console> show port voice active 3/2 Port 3/2: Channel #1: Remote IP address Remote Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 845
ms : 2342342332423 : 23423423402384 : 23472377 : 94540 This example shows how to display a specific call at a specified IP address: Console> show port voice active 3/2 171.69.67.91 Remote IP address : 171.69.67.91 Remote UDP port : 125 Call state : Ringing Codec Type : G.711 Coder Type - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 846
Configuring VoIP on a Switch Chapter 44 Configuring a VoIP Network Understanding How QoS Works in the Cisco IP Phone 7960 Note The Cisco IP Phone 7960 always sets Layer 3 IP precedence and Layer 2 CoS to 5 in voice traffic generated by the phone. The Layer 3 IP precedence and Layer 2 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 847
Chapter 44 Configuring a VoIP Network Configuring VoIP on a Switch Setting the Phone Access Port Trust Mode To set the Truncated...> Port Ext-Trust Ext-Cos 3/4 untrusted 0 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 44-31 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 848
Configuring VoIP on a Switch Chapter 44 Configuring a VoIP Network 44-32 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 849
42 manual reauthentication 42 transport layer packets setting retransmission time 45 8-port T1/E1 PSTN interface module configuring 25 description 6 A abbreviating commands 9 Accelerated Server Load Balancing See ASLB access control entries See IOS ACLs See QoS ACE See VACLs access control lists - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 850
63 overview 56 specifying RADIUS servers 58 suppressing accounting 59 updating the server 59 ACE See IOS ACLs See QoS ACE See VACLs ACL See IOS ACLs See QoS ACL See 7 displaying configuration 6 overview 5 IN-2 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 851
2 on ports 3 displaying neighbor information 5 enabling globally 2 on ports 3 holdtime, setting 4 message interval, setting 4 overview 1 CEF 1 adjacency table 6 aging 10 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 IN-3 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 852
multicast 14 MSFC2 14 supervisor engine 12 displaying Cisco CallManager, overview 4 Cisco Discovery Protocol See CDP Cisco Group Management Protocol See CGMP Cisco IP Phone 7960 2 Cisco mode 9 getting list of commands 9 global configuration mode 9 interface configuration mode (IOS) 9 levels - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 853
33 COPS communications parameters 65 configuring 60 domain name 65 deleting 65 PDP server configuration deleting 64 port ASICs 61 QoS policy source 61 roles 63 deleting 64 example configuration file 9 date, setting 4 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 IN-5 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 854
lease 10 differentiated services codepoint See QoS DSCP disabling MLS on MSFC interfaces 14 on the supervisor engine (note) 17 DISL See DTP dispatcher SNMP entity 7 DNS default configuration 1 disabling 3 domain name clearing 3 setting 2 enabling 2 overview 1 server clearing 3 specifying 2 setting - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 855
distribution 3 IDs 2 maximum number of channels supported 1, 4 modes 3 overview 1 PAgP and 2 port aggregation protocol 2 port VLAN cost 6 Ethernet autonegotiation, speed 5 checking connectivity 13 configuring 1 default configuration 3 flow control keywords (table) 6 overview 1 port duplex, setting - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 856
listing 3 restoring 7 setting default 2 formatting device 8 overview 1 setting configuration modes 2 Flash memory storing ACLs 42 Flash PC cards, formatting 8 Flash synchronization examples 14 overview 3 flowcharts, QoS 3 flow control Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 857
7 H high availability configuring 11 downloading different image on standby supervisor engine 13 overview 8 supported features 9 versioning overview 10 history, switch CLI 7 Hot Standby Routing Protocol See HSRP HSRP ACLs IOS ACL configuration 22 reflexive and dynamic ACLs (note) 22 configuration - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 858
1 IOS bringing up interface 11 viewing and saving configuration 11 IOS ACLs 3 common uses for 9 features supported in PFC 10 supported in PFC IP addresses adding to IP permit list 2 aliases, creating 6 IN-10 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 859
assignment 2 BOOTP 9 clearing from IP permit list 4 designating 6 DHCP 9 in-band (sc0) interface 5 obtaining from DHCP, BOOTP or RARP 9 RARP 9 setting on supervisor 5 SLIP (sl0) interface 9 IP aliases forwarding 37 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 IN-11 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 860
realm to host name 34 non-kerberized login procedure 7 overview 4 realm, defining 33 servers, specifying 33 SRVTAB files 34 SRVTAB files, copying 34 Telnet connection (figure) 6 6 port security and 1 IN-12 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 861
30 default configuration 23 enabling an instance 28 mapping VLANs to 29 MIST-PVST+ 22 port cost 26 port instance cost 27 port instance priority 27 port priority 26 unmapping VLANs from 30 MLS access lists, flow masks and 6 aging-time 17 cache clearing entries 26 displaying all entries 22 displaying - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 862
14 entries (note) 18 examples 8 fast aging-time 19 flow masks access lists and 6 destination 6 full flow 6 IP MLS entries and 7 minimum 19 MMLS See MLS modules checking status 1 designating on command-line 5 downloading software images 4, 10 status, checking 1 supervisor engine configuring 1 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 863
interfaces 29 session command and 4 switch console command and 4 MSFC2 Catalyst 5000 support 1 configuring IP multicast 14 unicast Layer 3 switching 14 enabling IP multicast routing 1 specifying collectors 4 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 IN-15 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 864
Network Time Protocol See NTP NMS SPAN, configuring 1 normal-range VLANs See VLANs NTP authentication 4 broadcast-client mode configuring 3 disabling 8 client mode configuring 3 disabling 8 daylight saving time adjustment disabling 7 enabling 5 default configuration 2 disabling 8 overview 1 server - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 865
Flash PC card PDP server See COPS or RSVP permit list See IP permit list PFC IGMP snooping and 9 displaying for NetFlow table entries 26 phones, Cisco IP Phone 7960 2 PIM 5 78-13315-02 port bundling, EtherChannel 1 port cost aggregate links 5 calculating and Guide-Releases 6.3 and 6.4 IN-17 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 866
overview 1 reconfirming 7 troubleshooting 8 errdisable timeout, modules up or down 13 voice 15, 10 private 3 overview 1 protocol support 2 pruning, VTP cost mode 18 disabling 20 port cost 17 port priority 18 port VLAN priority 20 Q QoS (note) 2 IN-18 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 867
Layer 4 UDP 18 IPX ACE 19 MAC ACE Layer 2 20 QoS configuring 30 QoS configuring on Cisco IP Phone 7960 29 QoS congestion avoidance definition 3 dual transmit queue ports 25 receive queue 11 QoS QoS destination-based 47 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 IN-19 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 868
10 QoS receive queue 11 drop thresholds 11, 54 drop thresholds (figure) 13 tail-drop thresholds, configuring 48 IN-20 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 869
specifying 24 servers, clearing 29 servers, specifying 24 timeout, setting 27 RADIUS authorization disabling 55 enabling 55 RARP in-band (SC0) interface and 3 rate limiting for IGMP 8 rcp downloading configuration files 7 downloading supervisor engine images 10 downloading switching module images 10 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 870
Remote Switched Port Analyzer See RSPAN reserved-range VLANs See VLANs reset scheduling absolute date and time 10 within a specific timeframe 10 scheduling system reset 9 retransmission time authenticator-to-supplicant 44 back-end authenticator-to-authentication-server overview 1 supported MIB - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 871
list 1 passwords, configuring 14, 15 security ACL, removing VACL to VLAN mapping 37 See also RADIUS accounting, TACACS+ accounting Serial Control mls statistics protocol command 27 show module command 12, 13 show spantree conflicts command 30 Simple Network Management Protocol, see SNMP single router - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 872
control subsystem 7 definition 7 dispatcher 7 message processing subsystem 7, 8 software images downloading example, multiple module 7, 13 example, single module 6, 13 example, supervisor 5, 11 overview 2 preparation 2, 9 supervisor 3, 10 switching module 4, 10 uploading preparation 8, 15 rcp server - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 873
routes 7 switchover 6 uploading software images 9, 15 Supervisor Engine 1 environmental monitoring 16 supplicant automatic reauthentication 42 manual reauthentication 42 switch administration modules, checking status 1 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 IN-25 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 874
switching modules See modules switch management interfaces See supervisor engine, management interfaces switchover See supervisor engine server, configuring 7 session settings, setting 5 syslog daemon, configuring 7 syslog server configuring 7 IN-26 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 875
9 absolute date and time 10 within a specific timeframe 10 system status report 17 T TACACS 49 primary options and fallback options 50 servers, clearing 22 servers, specifying 17 timeout interval 19 TACACS+ module 7, 13 example, single module 6 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 876
Index example, supervisor 5, 11 supervisor engine 3, 10 switching modules 4, 10 uploading TrCRF See VLANS, Token Ring Trivial File Transfer Protocol See TFTP troubleshooting system message logging and 1 VMPS 8 trunks 802.1Q configuring Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 877
15 rcp server 15 supervisor 9, 15 supervisor engine 9 specific server port figure 24 procedure 23 restricting ARP traffic 26 restricting the DHCP response for a specific server figure 25 procedure 24 storing in Flash memory 42 supported features 4 Catalyst 6000 Family Software Configuration Guide - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 878
1 reconfirming membership 7 troubleshooting 8 voice-over-IP network analog station gateway, 24-port FXS analog interface module 4 analog trunk gateway, description 5 auxiliary VLANs, configuring 19 Cisco CallManager 4 IN-30 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 879
IP Phone 7960 2 CLI commands 9 configuring access gateways 21 converged voice gateway, Cisco VG200 7 digital trunk gateway, 8-port T1/E1 PSTN interface module 6 display active call information 27 how a call is made 7 overview 1 QoS, configuring 29 software and hardware requirements 1 VLAN overview - Cisco WS-X6K-SUP1A-PFC= | Software Guide - Page 880
Index IN-32 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
-
486
-
487
-
488
-
489
-
490
-
491
-
492
-
493
-
494
-
495
-
496
-
497
-
498
-
499
-
500
-
501
-
502
-
503
-
504
-
505
-
506
-
507
-
508
-
509
-
510
-
511
-
512
-
513
-
514
-
515
-
516
-
517
-
518
-
519
-
520
-
521
-
522
-
523
-
524
-
525
-
526
-
527
-
528
-
529
-
530
-
531
-
532
-
533
-
534
-
535
-
536
-
537
-
538
-
539
-
540
-
541
-
542
-
543
-
544
-
545
-
546
-
547
-
548
-
549
-
550
-
551
-
552
-
553
-
554
-
555
-
556
-
557
-
558
-
559
-
560
-
561
-
562
-
563
-
564
-
565
-
566
-
567
-
568
-
569
-
570
-
571
-
572
-
573
-
574
-
575
-
576
-
577
-
578
-
579
-
580
-
581
-
582
-
583
-
584
-
585
-
586
-
587
-
588
-
589
-
590
-
591
-
592
-
593
-
594
-
595
-
596
-
597
-
598
-
599
-
600
-
601
-
602
-
603
-
604
-
605
-
606
-
607
-
608
-
609
-
610
-
611
-
612
-
613
-
614
-
615
-
616
-
617
-
618
-
619
-
620
-
621
-
622
-
623
-
624
-
625
-
626
-
627
-
628
-
629
-
630
-
631
-
632
-
633
-
634
-
635
-
636
-
637
-
638
-
639
-
640
-
641
-
642
-
643
-
644
-
645
-
646
-
647
-
648
-
649
-
650
-
651
-
652
-
653
-
654
-
655
-
656
-
657
-
658
-
659
-
660
-
661
-
662
-
663
-
664
-
665
-
666
-
667
-
668
-
669
-
670
-
671
-
672
-
673
-
674
-
675
-
676
-
677
-
678
-
679
-
680
-
681
-
682
-
683
-
684
-
685
-
686
-
687
-
688
-
689
-
690
-
691
-
692
-
693
-
694
-
695
-
696
-
697
-
698
-
699
-
700
-
701
-
702
-
703
-
704
-
705
-
706
-
707
-
708
-
709
-
710
-
711
-
712
-
713
-
714
-
715
-
716
-
717
-
718
-
719
-
720
-
721
-
722
-
723
-
724
-
725
-
726
-
727
-
728
-
729
-
730
-
731
-
732
-
733
-
734
-
735
-
736
-
737
-
738
-
739
-
740
-
741
-
742
-
743
-
744
-
745
-
746
-
747
-
748
-
749
-
750
-
751
-
752
-
753
-
754
-
755
-
756
-
757
-
758
-
759
-
760
-
761
-
762
-
763
-
764
-
765
-
766
-
767
-
768
-
769
-
770
-
771
-
772
-
773
-
774
-
775
-
776
-
777
-
778
-
779
-
780
-
781
-
782
-
783
-
784
-
785
-
786
-
787
-
788
-
789
-
790
-
791
-
792
-
793
-
794
-
795
-
796
-
797
-
798
-
799
-
800
-
801
-
802
-
803
-
804
-
805
-
806
-
807
-
808
-
809
-
810
-
811
-
812
-
813
-
814
-
815
-
816
-
817
-
818
-
819
-
820
-
821
-
822
-
823
-
824
-
825
-
826
-
827
-
828
-
829
-
830
-
831
-
832
-
833
-
834
-
835
-
836
-
837
-
838
-
839
-
840
-
841
-
842
-
843
-
844
-
845
-
846
-
847
-
848
-
849
-
850
-
851
-
852
-
853
-
854
-
855
-
856
-
857
-
858
-
859
-
860
-
861
-
862
-
863
-
864
-
865
-
866
-
867
-
868
-
869
-
870
-
871
-
872
-
873
-
874
-
875
-
876
-
877
-
878
-
879
-
880
 |
 |
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Catalyst 6000 Family
Software Configuration Guide
Software Releases 6.3 and 6.4
Customer Order Number: DOC-7813315=
Text Part Number: 78-13315-02