Cisco 310, 312 User Manual

Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide

0 (0)

Configuring NTP Associations

Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide

OL-12189-01

OL-12189-01

Cisco IOS Release 12.2(40)EX2

April 2008

Americas Headquarters

Cisco Systems, Inc. 170 West Tasman Drive

San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000

800 553-NETS (6387) Fax: 408 527-0883

Text Part Number: OL-12189-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco StadiumVision, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn is a service mark; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0804R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide

									C O N T E N T S
		Preface	xliii
		Audience		xliii
		Purpose		xliii
		Conventions xliv
		Related Publications			xliv
		Obtaining Documentation and Submitting a Service Request xlv
		Overview
C H A P T E R	1	Overview	1-1
		Features		1-1
		Deployment Features				1-3
		Performance Features				1-4
		Management Options				1-5
		Manageability Features				1-6
		Availability and Redundancy Features							1-7
		VLAN Features			1-8
		Security Features			1-9
		QoS and CoS Features				1-10
		Layer 3 Features			1-12
		Monitoring Features 1-13
		Default Settings After Initial Switch Configuration								1-14
		Network Configuration Examples					1-16
		Design Concepts for Using the Switch							1-16
		Small to Medium-Sized Network						1-19
		Where to Go Next 1-20
		Using the Command-Line Interface
C H A P T E R	2	Using the Command-Line Interface					2-1
		Understanding Command Modes					2-1
		Understanding the Help System					2-3
		Understanding Abbreviated Commands						2-4
		Understanding no and default Forms of Commands								2-4
		Understanding CLI Error Messages					2-5
		Using Configuration Logging				2-5

Using Command History	2-6
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide

OL-12189-01		iii
OL-12189-01		iii

Contents

	Changing the Command History Buffer Size					2-6
	Recalling Commands	2-6
	Disabling the Command History Feature				2-7
	Using Editing Features	2-7
	Enabling and Disabling Editing Features				2-7
	Editing Commands through Keystrokes				2-8
	Editing Command Lines that Wrap			2-9
	Searching and Filtering Output of show and more Commands 2-10
	Accessing the CLI 2-10
	Accessing the CLI through a Console Connection or through Telnet 2-11
	Assigning the Switch IP Address and Default Gateway 3-1
C H A P T E R 3	Assigning the Switch IP Address and Default Gateway 3-1
	Understanding the Boot Process		3-1
	Assigning Switch Information		3-2
	Default Switch Information		3-3
	Understanding DHCP-Based Autoconfiguration 3-3
	DHCP Client Request Process			3-4
	Configuring DHCP-Based Autoconfiguration					3-5
	DHCP Server Configuration Guidelines					3-5
	Configuring the TFTP Server			3-6
	Configuring the DNS		3-6
	Configuring the Relay Device			3-7
	Obtaining Configuration Files			3-7
	Example Configuration		3-8

	Understanding DHCP-based Autoconfiguration and Image Update				3-10
	DHCP Autoconfiguration 3-10
	DHCP Auto-Image Update		3-10
	Limitations and Restrictions		3-10
	Configuring the DHCP Auto Configuration and Image Update Features 3-11
	Configuring DHCP Autoconfiguration (Only Configuration File)				3-11
	Configuring DHCP Auto-Image Update (Configuration File and Image) 3-12
	Configuring the Client	3-13
	Manually Assigning IP Information 3-14
	Configuring Protected Mode	3-15
	Understanding Protected Mode		3-15
	Configuration Guidelines and Restrictions			3-16
	Enabling Protected Mode	3-16
	Checking and Saving the Running Configuration			3-17
	Modifying the Startup Configuration		3-18
	Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide


iv					OL-12189-01
iv					OL-12189-01

Contents

		Default Boot Configuration			3-18
		Automatically Downloading a Configuration File							3-18
		Specifying the Filename to Read and Write the System Configuration								3-18
		Booting Manually		3-19
		Booting a Specific Software Image					3-20
		Controlling Environment Variables					3-21
		Scheduling a Reload of the Software Image						3-23
		Configuring a Scheduled Reload				3-23
		Displaying Scheduled Reload Information						3-24
		Configuring Cisco IOS CNS Agents
C H A P T E R	4	Configuring Cisco IOS CNS Agents				4-1
		Understanding Cisco Configuration Engine Software							4-1
		Configuration Service 4-2
		Event Service	4-3
		NameSpace Mapper			4-3
		What You Should Know About the CNS IDs and Device Hostnames								4-3
		ConfigID	4-3
		DeviceID	4-4
		Hostname and DeviceID 4-4
		Using Hostname, DeviceID, and ConfigID							4-4
		Understanding Cisco IOS Agents			4-5
		Initial Configuration		4-5
		Incremental (Partial) Configuration					4-6
		Synchronized Configuration			4-6
		Configuring Cisco IOS Agents			4-6
		Enabling Automated CNS Configuration						4-6
		Enabling the CNS Event Agent				4-7
		Enabling the Cisco IOS CNS Agent					4-9
		Enabling an Initial Configuration					4-9
		Enabling a Partial Configuration					4-13
		Displaying CNS Configuration			4-14
		Managing Switch Stacks
C H A P T E R	5	Managing Switch Stacks		5-1

Understanding Switch Stacks	5-1
Switch Stack Membership	5-3
Stack Master Election and Re-Election 5-6
Switch Stack Bridge ID and Router MAC Address 5-8
Stack Member Numbers	5-8
Stack Member Priority Values 5-9
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide

OL-12189-01		v
OL-12189-01		v

Contents

Switch Stack Offline Configuration	5-9
Effects of Adding a Provisioned Switch to a Switch Stack		5-10
Effects of Replacing a Provisioned Switch in a Switch Stack		5-11
Effects of Removing a Provisioned Switch from a Switch Stack			5-11
Hardware Compatibility and SDM Mismatch Mode in Switch Stacks			5-11
Switch Stack Software Compatibility Recommendations 5-12
Stack Protocol Version Compatibility	5-12

	Major Version Number Incompatibility Among Switches							5-12
	Minor Version Number Incompatibility Among Switches							5-12
	Understanding Auto-Upgrade and Auto-Advise						5-13
	Auto-Upgrade and Auto-Advise Example Messages							5-14
	Incompatible Software and Stack Member Image Upgrades								5-16
	Switch Stack Configuration Files		5-16
	Additional Considerations for System-Wide Configuration on Switch Stacks 5-17
	Switch Stack Management Connectivity				5-17
	Connectivity to the Switch Stack Through an IP Address								5-18
	Connectivity to the Switch Stack Through an SSH Session								5-18
	Connectivity to the Switch Stack Through Console Ports or Ethernet Management Ports 5-18
	Connectivity to Specific Stack Members					5-18
	Switch Stack Configuration Scenarios				5-19
	Configuring the Switch Stack	5-21
	Default Switch Stack Configuration			5-21
	Configuration Guidelines	5-21
	Enabling Persistent MAC Address		5-22
	Assigning Stack Member Information				5-24
	Assigning a Stack Member Number				5-24
	Setting the Stack Member Priority Value					5-25
	Provisioning a New Member for a Switch Stack						5-25
	Accessing the CLI of a Specific Stack Member 5-26
	Displaying Switch Stack Information		5-27
	Administering the Switch 6-1
C H A P T E R 6	Administering the Switch 6-1
	Managing the System Time and Date		6-1
	Understanding the System Clock		6-1
	Understanding Network Time Protocol				6-2
	Configuring NTP 6-3
	Default NTP Configuration		6-4
	Configuring NTP Authentication			6-4

Contents

	Configuring NTP Broadcast Service					6-6
	Configuring NTP Access Restrictions					6-8
	Configuring the Source IP Address for NTP Packets								6-10
	Displaying the NTP Configuration				6-11
	Configuring Time and Date Manually				6-11
	Setting the System Clock		6-11
	Displaying the Time and Date Configuration							6-12
	Configuring the Time Zone			6-12
	Configuring Summer Time (Daylight Saving Time)								6-13
	Configuring a System Name and Prompt				6-14
	Default System Name and Prompt Configuration							6-15
	Configuring a System Name		6-15
	Understanding DNS	6-15
	Default DNS Configuration			6-16
	Setting Up DNS	6-16
	Displaying the DNS Configuration				6-17
	Creating a Banner 6-17
	Default Banner Configuration		6-17
	Configuring a Message-of-the-Day Login Banner							6-18
	Configuring a Login Banner		6-18
	Managing the MAC Address Table 6-19
	Building the Address Table		6-20
	MAC Addresses and VLANs		6-20
	MAC Addresses and Switch Stacks				6-20
	Default MAC Address Table Configuration					6-21
	Changing the Address Aging Time			6-21
	Removing Dynamic Address Entries				6-22
	Configuring MAC Address Notification Traps						6-22
	Adding and Removing Static Address Entries						6-24
	Configuring Unicast MAC Address Filtering						6-25
	Displaying Address Table Entries			6-26
	Managing the ARP Table	6-26
	Configuring Switch-Based Authentication
C H A P T E R 7	Configuring Switch-Based Authentication				7-1
	Preventing Unauthorized Access to Your Switch						7-1
	Protecting Access to Privileged EXEC Commands						7-2
	Default Password and Privilege Level Configuration							7-2
	Setting or Changing a Static Enable Password						7-3
	Protecting Enable and Enable Secret Passwords with Encryption 7-3
	Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide

OL-12189-01										vii
OL-12189-01										vii

Contents

	Disabling Password Recovery 7-5
	Setting a Telnet Password for a Terminal Line						7-6
	Configuring Username and Password Pairs					7-6
	Configuring Multiple Privilege Levels				7-7
	Setting the Privilege Level for a Command						7-8
	Changing the Default Privilege Level for Lines 7-9
	Logging into and Exiting a Privilege Level						7-9
	Controlling Switch Access with TACACS+				7-10
	Understanding TACACS+		7-10
	TACACS+ Operation	7-12
	Configuring TACACS+	7-12
	Default TACACS+ Configuration				7-13
	Identifying the TACACS+ Server Host and Setting the Authentication Key 7-13
	Configuring TACACS+ Login Authentication						7-14
	Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services							7-16
	Starting TACACS+ Accounting				7-17
	Displaying the TACACS+ Configuration 7-17
	Controlling Switch Access with RADIUS				7-17
	Understanding RADIUS		7-18
	RADIUS Operation 7-19
	Configuring RADIUS	7-19
	Default RADIUS Configuration				7-20
	Identifying the RADIUS Server Host					7-20
	Configuring RADIUS Login Authentication						7-23
	Defining AAA Server Groups			7-25
	Configuring RADIUS Authorization for User Privileged Access and Network Services							7-27
	Starting RADIUS Accounting			7-28
	Configuring Settings for All RADIUS Servers						7-29
	Configuring the Switch to Use Vendor-Specific RADIUS Attributes 7-29
	Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 7-31
	Displaying the RADIUS Configuration				7-31
	Controlling Switch Access with Kerberos				7-32
	Understanding Kerberos		7-32
	Kerberos Operation	7-34
	Authenticating to a Boundary Switch					7-34
	Obtaining a TGT from a KDC			7-35
	Authenticating to Network Services					7-35
	Configuring Kerberos	7-35
	Configuring the Switch for Local Authentication and Authorization 7-36
	Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide


viii							OL-12189-01
viii							OL-12189-01

Contents

		Configuring the Switch for Secure Shell						7-37
		Understanding SSH		7-37
		SSH Servers, Integrated Clients, and Supported Versions 7-38
		Limitations	7-38
		Configuring SSH		7-39
		Configuration Guidelines					7-39
		Setting Up the Switch to Run SSH							7-39
		Configuring the SSH Server					7-40
		Displaying the SSH Configuration and Status								7-41
		Configuring the Switch for Secure Socket Layer HTTP									7-41
		Understanding Secure HTTP Servers and Clients									7-42
		Certificate Authority Trustpoints						7-42
		CipherSuites		7-43
		Configuring Secure HTTP Servers and Clients								7-44
		Default SSL Configuration					7-44
		SSL Configuration Guidelines						7-44
		Configuring a CA Trustpoint					7-45
		Configuring the Secure HTTP Server							7-45
		Configuring the Secure HTTP Client							7-47
		Displaying Secure HTTP Server and Client Status									7-48
		Configuring the Switch for Secure Copy Protocol								7-48
		Information About Secure Copy						7-48
		Configuring SDM Templates
C H A P T E R	8	Configuring SDM Templates			8-1
		Understanding the SDM Templates					8-1
		Dual IPv4 and IPv6 SDM Templates						8-2
		SDM Templates and Switch Stacks						8-3
		Configuring the Switch SDM Template						8-4
		Default SDM Template			8-4
		SDM Template Configuration Guidelines							8-4
		Setting the SDM Template				8-5
		Displaying the SDM Templates				8-6
		Configuring IEEE 802.1x Port-Based Authentication
C H A P T E R	9	Configuring IEEE 802.1x Port-Based Authentication									9-1
		Understanding IEEE 802.1x Port-Based Authentication									9-1
		Device Roles	9-2
		Authentication Process			9-3
		Authentication Initiation and Message Exchange									9-5
		Ports in Authorized and Unauthorized States								9-7
		Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide

OL-12189-01												ix
OL-12189-01												ix

Contents


IEEE 802.1x	Authentication and Switch Stacks			9-8
IEEE 802.1x	Host Mode		9-8
IEEE 802.1x	Accounting		9-9
IEEE 802.1x	Accounting Attribute-Value Pairs			9-9
Using IEEE 802.1x		Authentication with VLAN Assignment 9-10
Using IEEE 802.1x		Authentication with Per-User ACLs			9-12
Using IEEE 802.1x		Authentication with Guest VLAN			9-13

Using IEEE 802.1x	Authentication with Restricted VLAN 9-14
Using IEEE 802.1x	Authentication with Inaccessible Authentication Bypass 9-15

	Using IEEE 802.1x Authentication with Voice VLAN Ports							9-16
	Using IEEE 802.1x Authentication with Port Security						9-17
	Using IEEE 802.1x Authentication with Wake-on-LAN						9-18
	Using IEEE 802.1x Authentication with MAC Authentication Bypass 9-18
	Network Admission Control Layer 2 IEEE 802.1x Validation							9-20
	Using Multidomain Authentication			9-20
	Using Web Authentication	9-21
	Web Authentication with Automatic MAC Check						9-22
	Configuring IEEE 802.1x Authentication			9-22
	Default IEEE 802.1x Authentication Configuration					9-23
	IEEE 802.1x Authentication Configuration Guidelines						9-24
	IEEE 802.1x Authentication		9-24
	VLAN Assignment, Guest VLAN, Restricted VLAN, and Inaccessible Authentication
	Bypass 9-25
	MAC Authentication Bypass			9-26
	Configuring IEEE 802.1x Authentication				9-26
	Configuring the Switch-to-RADIUS-Server Communication							9-28
	Configuring the Host Mode	9-29
	Configuring Periodic Re-Authentication				9-30
	Manually Re-Authenticating a Client Connected to a Port							9-30
	Changing the Quiet Period	9-31
	Changing the Switch-to-Client Retransmission Time						9-31
	Setting the Switch-to-Client Frame-Retransmission Number							9-32
	Setting the Re-Authentication Number				9-32
	Configuring IEEE 802.1x Accounting			9-33
	Configuring a Guest VLAN	9-34
	Configuring a Restricted VLAN		9-35
	Configuring the Inaccessible Authentication Bypass Feature							9-37
	Configuring IEEE 802.1x Authentication with WoL					9-39
	Configuring MAC Authentication Bypass				9-40
	Configuring NAC Layer 2 IEEE 802.1x Validation					9-41
	Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide


x								OL-12189-01
x								OL-12189-01

Contents


	Configuring Web Authentication				9-42
	Disabling IEEE 802.1x Authentication on the Port							9-44
	Resetting the IEEE 802.1x Authentication Configuration to the Default Values 9-45
	Displaying IEEE 802.1x Statistics and Status						9-45
	Configuring Interface Characteristics
C H A P T E R 10	Configuring Interface Characteristics				10-1
	Understanding Interface Types			10-1
	Port-Based VLANs		10-2
	Switch Ports	10-2
	Access Ports		10-3
	Trunk Ports		10-3
	Tunnel Ports		10-4
	Routed Ports	10-4
	Switch Virtual Interfaces			10-5
	EtherChannel Port Groups			10-5
	10-Gigabit Ethernet Interfaces 10-6
	Connecting Interfaces 10-6
	Using Interface Configuration Mode				10-7
	Procedures for Configuring Interfaces					10-8
	Configuring a Range of Interfaces				10-9
	Configuring and Using Interface Range Macros							10-10
	Using the Internal Ethernet Management Port						10-12
	Understanding the Internal Ethernet Management Port								10-12
	Supported Features on the Ethernet Management Port								10-13
	Layer 3 Routing Configuration Guidelines						10-14
	Monitoring the Ethernet Management Port 10-14
	Configuring Ethernet Interfaces			10-14
	Default Ethernet Interface Configuration						10-15
	Configuring Interface Speed and Duplex Mode							10-16
	Speed and Duplex Configuration Guidelines							10-16
	Setting the Interface Speed and Duplex Parameters								10-17
	Configuring IEEE 802.3x Flow Control					10-18
	Configuring Auto-MDIX on an Interface						10-19
	Adding a Description for an Interface					10-20
	Configuring Layer 3 Interfaces			10-20
	Configuring the System MTU			10-22

Monitoring and Maintaining the Interfaces 10-24
Monitoring Interface Status 10-24
Clearing and Resetting Interfaces and Counters	10-25
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide

OL-12189-01		xi
OL-12189-01		xi

Contents

		Shutting Down and Restarting the Interface							10-25
		Configuring Smartports Macros
C H A P T E R	11	Configuring Smartports Macros			11-1
		Understanding Smartports Macros				11-1
		Configuring Smartports Macros			11-2
		Default Smartports Macro Configuration						11-2
		Smartports Macro Configuration Guidelines							11-3
		Creating Smartports Macros				11-4
		Applying Smartports Macros				11-5
		Applying Cisco-Default Smartports Macros						11-6
		Displaying Smartports Macros			11-8
		Configuring VLANs
C H A P T E R	12	Configuring VLANs	12-1
		Understanding VLANs		12-1
		Supported VLANs		12-2
		VLAN Port Membership Modes				12-3
		Configuring Normal-Range VLANs				12-4
		Token Ring VLANs		12-6
		Normal-Range VLAN Configuration Guidelines							12-6
		VLAN Configuration Mode Options					12-7
		VLAN Configuration in config-vlan Mode							12-7
		VLAN Configuration in VLAN Database Configuration Mode 12-7
		Saving VLAN Configuration			12-7
		Default Ethernet VLAN Configuration					12-8
		Creating or Modifying an Ethernet VLAN						12-9
		Deleting a VLAN		12-10
		Assigning Static-Access Ports to a VLAN						12-11
		Configuring Extended-Range VLANs				12-12
		Default VLAN Configuration			12-12
		Extended-Range VLAN Configuration Guidelines 12-13
		Creating an Extended-Range VLAN					12-14
		Creating an Extended-Range VLAN with an Internal VLAN ID 12-15
		Displaying VLANs	12-16
		Configuring VLAN Trunks 12-16
		Trunking Overview		12-16
		Encapsulation Types 12-19
		IEEE 802.1Q Configuration Considerations							12-19

	Default Layer 2 Ethernet Interface VLAN Configuration	12-20
	Configuring an Ethernet Interface as a Trunk Port 12-20
	Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide


xii		OL-12189-01
xii		OL-12189-01

Contents

Interaction with Other Features		12-20
Configuring a Trunk Port	12-21
Defining the Allowed VLANs on a Trunk				12-22
Changing the Pruning-Eligible List			12-23
Configuring the Native VLAN for Untagged Traffic 12-24
Configuring Trunk Ports for Load Sharing			12-24
Load Sharing Using STP Port Priorities				12-25
Load Sharing Using STP Path Cost			12-27
Configuring VMPS 12-28
Understanding VMPS 12-28
Dynamic-Access Port VLAN Membership				12-29
Default VMPS Client Configuration		12-30
VMPS Configuration Guidelines	12-30
Configuring the VMPS Client	12-30

Entering the IP Address of the VMPS	12-31
Configuring Dynamic-Access Ports on VMPS Clients 12-31
Reconfirming VLAN Memberships 12-32
Changing the Reconfirmation Interval	12-32
Changing the Retry Count 12-32

	Monitoring the VMPS			12-33
	Troubleshooting Dynamic-Access Port VLAN Membership 12-33
	VMPS Configuration Example				12-34
	Configuring VTP
C H A P T E R 13	Configuring VTP	13-1
	Understanding VTP		13-1
	The VTP Domain		13-2
	VTP Modes	13-3
	VTP Advertisements			13-3
	VTP Version 2		13-4
	VTP Pruning	13-4
	VTP and Switch Stacks			13-6
	Configuring VTP	13-6
	Default VTP Configuration 13-7
	VTP Configuration Options				13-7
	VTP Configuration in Global Configuration Mode 13-7
	VTP Configuration in VLAN Database Configuration Mode 13-8
	VTP Configuration Guidelines				13-8
	Domain Names			13-8
	Passwords		13-8
	Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide

OL-12189-01						xiii
OL-12189-01						xiii

Contents

				VTP Version 13-9
				Configuration Requirements				13-9
				Configuring a VTP Server		13-9
				Configuring a VTP Client		13-11
				Disabling VTP (VTP Transparent Mode)					13-12
				Enabling VTP Version 2		13-13
				Enabling VTP Pruning 13-14
				Adding a VTP Client Switch to a VTP Domain						13-14
				Monitoring VTP 13-16
				Configuring Voice VLAN
C H A P T E R		14		Configuring Voice VLAN	14-1
				Understanding Voice VLAN		14-1
				Cisco IP Phone Voice Traffic			14-2
				Cisco IP Phone Data Traffic			14-2
				Configuring Voice VLAN	14-3
				Default Voice VLAN Configuration				14-3
				Voice VLAN Configuration Guidelines					14-3
				Configuring a Port Connected to a Cisco 7960 IP Phone							14-4
				Configuring Cisco IP Phone Voice Traffic						14-5
				Configuring the Priority of Incoming Data Frames							14-6
				Displaying Voice VLAN	14-7
				Configuring Private VLANs
C H A P T E R		15		Configuring Private VLANs	15-1
				Understanding Private VLANs		15-1
				IP Addressing Scheme with Private VLANs						15-3
				Private VLANs across Multiple Switches 15-4
				Private-VLAN Interaction with Other Features						15-4
				Private VLANs and Unicast, Broadcast, and Multicast Traffic 15-5
				Private VLANs and SVIs			15-5
				Private VLANs and Switch Stacks					15-5
				Configuring Private VLANs		15-6
				Tasks for Configuring Private VLANs					15-6
				Default Private-VLAN Configuration				15-6
				Private-VLAN Configuration Guidelines					15-7
				Secondary and Primary VLAN Configuration 15-7
				Private-VLAN Port Configuration					15-8
				Limitations with Other Features					15-9
				Configuring and Associating VLANs in a Private VLAN							15-10
				Configuring a Layer 2 Interface as a Private-VLAN Host Port 15-11
			Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide


	xiv										OL-12189-01
	xiv										OL-12189-01

Contents

	Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port		15-13
	Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface		15-14
	Monitoring Private VLANs 15-15
	Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling 16-1
C H A P T E R 16	Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling 16-1
	Understanding IEEE 802.1Q Tunneling	16-1
	Configuring IEEE 802.1Q Tunneling	16-4

	Default IEEE 802.1Q Tunneling Configuration 16-4
	IEEE 802.1Q Tunneling Configuration Guidelines					16-4
	Native VLANs	16-4
	System MTU	16-5
	IEEE 802.1Q Tunneling and Other Features				16-6
	Configuring an IEEE 802.1Q Tunneling Port				16-6
	Understanding Layer 2 Protocol Tunneling			16-7
	Configuring Layer 2 Protocol Tunneling		16-10
	Default Layer 2 Protocol Tunneling Configuration					16-11
	Layer 2 Protocol Tunneling Configuration Guidelines 16-12
	Configuring Layer 2 Protocol Tunneling			16-13
	Configuring Layer 2 Tunneling for EtherChannels					16-14
	Configuring the SP Edge Switch			16-14
	Configuring the Customer Switch			16-16
	Monitoring and Maintaining Tunneling Status				16-18
	Configuring STP 17-1
C H A P T E R 17	Configuring STP 17-1
	Understanding Spanning-Tree Features		17-1
	STP Overview 17-2
	Spanning-Tree Topology and BPDUs			17-3
	Bridge ID, Switch Priority, and Extended System ID					17-4
	Spanning-Tree Interface States 17-5
	Blocking State	17-6
	Listening State	17-7
	Learning State	17-7
	Forwarding State 17-7
	Disabled State	17-7
	How a Switch or Port Becomes the Root Switch or Root Port 17-8
	Spanning Tree and Redundant Connectivity				17-8
	Spanning-Tree Address Management			17-9
	Accelerated Aging to Retain Connectivity				17-9
	Spanning-Tree Modes and Protocols			17-10
	Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide

OL-12189-01							xv
OL-12189-01							xv

Contents

Supported Spanning-Tree Instances 17-10
Spanning-Tree Interoperability and Backward Compatibility 17-11
STP and IEEE 802.1Q Trunks	17-11
VLAN-Bridge Spanning Tree	17-11

			Spanning Tree and Switch Stacks					17-12
			Configuring Spanning-Tree Features					17-12
			Default Spanning-Tree Configuration						17-13
			Spanning-Tree Configuration Guidelines							17-13
			Changing the Spanning-Tree Mode.						17-15
			Disabling Spanning Tree			17-16
			Configuring the Root Switch				17-16
			Configuring a Secondary Root Switch						17-18
			Configuring Port Priority			17-18
			Configuring Path Cost 17-20
			Configuring the Switch Priority of a VLAN							17-21
			Configuring Spanning-Tree Timers					17-22
			Configuring the Hello Time					17-22
			Configuring the Forwarding-Delay Time for a VLAN								17-23
			Configuring the Maximum-Aging Time for a VLAN								17-23
			Configuring the Transmit Hold-Count							17-24
			Displaying the Spanning-Tree Status					17-24
			Configuring MSTP
C H A P T E R 18			Configuring MSTP	18-1
			Understanding MSTP		18-2
			Multiple Spanning-Tree Regions					18-2
			IST, CIST, and CST		18-3
			Operations Within an MST Region							18-3
			Operations Between MST Regions							18-4
			IEEE 802.1s Terminology				18-5
			Hop Count	18-5
			Boundary Ports 18-6
			IEEE 802.1s Implementation				18-6
			Port Role Naming Change				18-7
			Interoperation Between Legacy and Standard Switches 18-7
			Detecting Unidirectional Link Failure							18-8
			MSTP and Switch Stacks			18-8
			Interoperability with IEEE 802.1D STP						18-9
			Understanding RSTP		18-9
			Port Roles and the Active Topology						18-9
		Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide


	xvi										OL-12189-01
	xvi										OL-12189-01

Contents

	Rapid Convergence	18-10
	Synchronization of Port Roles					18-11
	Bridge Protocol Data Unit Format and Processing								18-12
	Processing Superior BPDU Information							18-13
	Processing Inferior BPDU Information							18-13
	Topology Changes	18-13
	Configuring MSTP Features		18-14
	Default MSTP Configuration				18-15
	MSTP Configuration Guidelines					18-15
	Specifying the MST Region Configuration and Enabling MSTP 18-16
	Configuring the Root Switch				18-17
	Configuring a Secondary Root Switch						18-19
	Configuring Port Priority		18-20
	Configuring Path Cost		18-21
	Configuring the Switch Priority					18-22
	Configuring the Hello Time				18-22
	Configuring the Forwarding-Delay Time						18-23
	Configuring the Maximum-Aging Time						18-24
	Configuring the Maximum-Hop Count						18-24
	Specifying the Link Type to Ensure Rapid Transitions 18-24
	Designating the Neighbor Type					18-25
	Restarting the Protocol Migration Process							18-26
	Displaying the MST Configuration and Status							18-26
	Configuring Optional Spanning-Tree Features
C H A P T E R 19	Configuring Optional Spanning-Tree Features							19-1
	Understanding Optional Spanning-Tree Features							19-1
	Understanding Port Fast		19-2
	Understanding BPDU Guard				19-2
	Understanding BPDU Filtering					19-3
	Understanding UplinkFast			19-3
	Understanding Cross-Stack UplinkFast						19-5
	How CSUF Works		19-6
	Events that Cause Fast Convergence							19-7
	Understanding BackboneFast					19-7
	Understanding EtherChannel Guard 19-10
	Understanding Root Guard			19-10
	Understanding Loop Guard				19-11
	Configuring Optional Spanning-Tree Features							19-11
	Default Optional Spanning-Tree Configuration								19-12
	Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide

OL-12189-01										xvii
OL-12189-01										xvii

Contents

Optional Spanning-Tree Configuration Guidelines				19-12
Enabling Port Fast	19-12
Enabling BPDU Guard		19-13
Enabling BPDU Filtering		19-14
Enabling UplinkFast for Use with Redundant Links				19-15
Enabling Cross-Stack UplinkFast			19-16
Enabling BackboneFast		19-16
Enabling EtherChannel Guard			19-17
Enabling Root Guard	19-18
Enabling Loop Guard		19-18

				Displaying the Spanning-Tree Status						19-19
				Configuring Flex Links and the MAC Address-Table Move Update Feature
C H A P T E R		20												20-1
				Understanding Flex Links and the MAC Address-Table Move Update 20-1
				Flex Links	20-1
				VLAN Flex Link Load Balancing and Support							20-2
				MAC Address-Table Move Update						20-3
				Configuring Flex Links and MAC Address-Table Move Update									20-4
				Configuration Guidelines				20-5
				Default Configuration			20-5
				Configuring Flex Links			20-6
				Configuring VLAN Load Balancing on Flex Links								20-8
				Configuring the MAC Address-Table Move Update Feature									20-9
				Monitoring Flex Links and the MAC Address-Table Move Update Information										20-11
				Configuring DHCP Features and IP Source Guard
C H A P T E R		21		Configuring DHCP Features and IP Source Guard								21-1
				Understanding DHCP Features				21-1
				DHCP Server	21-2
				DHCP Relay Agent		21-2
				DHCP Snooping		21-2
				Option-82 Data Insertion				21-3
				Cisco IOS DHCP Server Database						21-6
				DHCP Snooping Binding Database						21-6
				DHCP Snooping and Switch Stacks						21-8
				Configuring DHCP Features				21-8
				Default DHCP Configuration					21-8
				DHCP Snooping Configuration Guidelines							21-9
				Configuring the DHCP Server					21-10
				DHCP Server and Switch Stacks						21-10
			Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide


	xviii													OL-12189-01
	xviii													OL-12189-01

Contents

		Configuring the DHCP Relay Agent				21-11
		Specifying the Packet Forwarding Address						21-11
		Enabling DHCP Snooping and Option 82					21-12
		Enabling DHCP Snooping on Private VLANs						21-14
		Enabling the Cisco IOS DHCP Server Database							21-14
		Enabling the DHCP Snooping Binding Database Agent								21-14
		Displaying DHCP Snooping Information				21-15
		Understanding IP Source Guard			21-16
		Source IP Address Filtering			21-16
		Source IP and MAC Address Filtering					21-17
		Configuring IP Source Guard 21-17
		Default IP Source Guard Configuration					21-17
		IP Source Guard Configuration Guidelines						21-17
		Enabling IP Source Guard		21-18
		Displaying IP Source Guard Information				21-19
		Configuring Dynamic ARP Inspection
C H A P T E R	22	Configuring Dynamic ARP Inspection				22-1
		Understanding Dynamic ARP Inspection				22-1
		Interface Trust States and Network Security						22-3
		Rate Limiting of ARP Packets			22-4
		Relative Priority of ARP ACLs and DHCP Snooping Entries									22-4
		Logging of Dropped Packets			22-5
		Configuring Dynamic ARP Inspection				22-5
		Default Dynamic ARP Inspection Configuration							22-5
		Dynamic ARP Inspection Configuration Guidelines 22-6
		Configuring Dynamic ARP Inspection in DHCP Environments									22-7
		Configuring ARP ACLs for Non-DHCP Environments								22-8
		Limiting the Rate of Incoming ARP Packets						22-10
		Performing Validation Checks			22-11
		Configuring the Log Buffer			22-12
		Displaying Dynamic ARP Inspection Information						22-14
		Configuring IGMP Snooping and MVR
C H A P T E R	23	Configuring IGMP Snooping and MVR				23-1
		Understanding IGMP Snooping		23-2
		IGMP Versions	23-3
		Joining a Multicast Group		23-3
		Leaving a Multicast Group			23-5
		Immediate Leave	23-6

IGMP Configurable-Leave Timer	23-6
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide

OL-12189-01		xix
OL-12189-01		xix

Contents

			IGMP Report Suppression			23-6
			IGMP Snooping and Switch Stacks					23-7
			Configuring IGMP Snooping		23-7
			Default IGMP Snooping Configuration						23-7
			Enabling or Disabling IGMP Snooping						23-8
			Setting the Snooping Method 23-9
			Configuring a Multicast Router Port					23-10
			Configuring a Blade Server Statically to Join a Group								23-10
			Enabling IGMP Immediate Leave				23-11
			Configuring the IGMP Leave Timer					23-12
			Configuring TCN-Related Commands						23-12
			Controlling the Multicast Flooding Time After a TCN Event 23-13
			Recovering from Flood Mode				23-13
			Disabling Multicast Flooding During a TCN Event								23-14
			Configuring the IGMP Snooping Querier						23-14
			Disabling IGMP Report Suppression					23-16
			Displaying IGMP Snooping Information					23-16
			Understanding Multicast VLAN Registration						23-18
			Using MVR in a Multicast Television Application							23-18
			Configuring MVR	23-20
			Default MVR Configuration			23-20
			MVR Configuration Guidelines and Limitations							23-20
			Configuring MVR Global Parameters					23-21
			Configuring MVR Interfaces			23-22
			Displaying MVR Information		23-24
			Configuring IGMP Filtering and Throttling						23-24
			Default IGMP Filtering and Throttling Configuration								23-25
			Configuring IGMP Profiles			23-25
			Applying IGMP Profiles		23-27
			Setting the Maximum Number of IGMP Groups							23-27
			Configuring the IGMP Throttling Action						23-28
			Displaying IGMP Filtering and Throttling Configuration 23-29
			Configuring IPv6 MLD Snooping
C H A P T E R 24			Configuring IPv6 MLD Snooping			24-1
			Understanding MLD Snooping			24-1
			MLD Messages 24-2
			MLD Queries	24-3
			Multicast Client Aging Robustness					24-3
			Multicast Router Discovery			24-4
		Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide


	xx										OL-12189-01
	xx										OL-12189-01

Contents

MLD Reports 24-4
MLD Done Messages and Immediate-Leave	24-4
Topology Change Notification Processing	24-5
MLD Snooping in Switch Stacks 24-5

Configuring IPv6 MLD Snooping 24-5
Default MLD Snooping Configuration	24-6
MLD Snooping Configuration Guidelines 24-6
Enabling or Disabling MLD Snooping	24-7
Configuring a Static Multicast Group	24-8
Configuring a Multicast Router Port	24-9
Enabling MLD Immediate Leave 24-9

	Configuring MLD Snooping Queries				24-10
	Disabling MLD Listener Message Suppression						24-11
	Displaying MLD Snooping Information				24-12
	Configuring Port-Based Traffic Control
C H A P T E R 25	Configuring Port-Based Traffic Control				25-1
	Configuring Storm Control	25-1
	Understanding Storm Control		25-1
	Default Storm Control Configuration				25-3
	Configuring Storm Control and Threshold Levels						25-3
	Configuring Protected Ports	25-5
	Default Protected Port Configuration				25-5
	Protected Port Configuration Guidelines					25-6
	Configuring a Protected Port		25-6
	Configuring Port Blocking	25-6
	Default Port Blocking Configuration				25-7
	Blocking Flooded Traffic on an Interface					25-7
	Configuring Port Security	25-7
	Understanding Port Security		25-8
	Secure MAC Addresses		25-8
	Security Violations	25-9
	Default Port Security Configuration				25-10
	Port Security Configuration Guidelines					25-10
	Enabling and Configuring Port Security					25-12
	Enabling and Configuring Port Security Aging						25-16
	Port Security and Switch Stacks			25-17
	Port Security and Private VLANs			25-17

Displaying Port-Based Traffic Control Settings	25-18
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide

OL-12189-01		xxi
OL-12189-01		xxi

Contents

C H A P T E R		26		Configuring CDP	26-1
				Understanding CDP		26-1
				CDP and Switch Stacks				26-2
				Configuring CDP	26-2
				Default CDP Configuration					26-2
				Configuring the CDP Characteristics							26-2
				Disabling and Enabling CDP					26-3
				Disabling and Enabling CDP on an Interface									26-4
				Monitoring and Maintaining CDP					26-5
				Configuring LLDP and LLDP-MED
C H A P T E R		27		Configuring LLDP and LLDP-MED					27-1
				Understanding LLDP and LLDP-MED						27-1
				Understanding LLDP			27-1
				Understanding LLDP-MED					27-2
				Configuring LLDP and LLDP-MED					27-3
				Default LLDP Configuration					27-3
				Configuring LLDP Characteristics						27-4
				Disabling and Enabling LLDP Globally							27-4
				Disabling and Enabling LLDP on an Interface									27-5
				Configuring LLDP-MED TLVs					27-6
				Monitoring and Maintaining LLDP and LLDP-MED									27-7
				Configuring UDLD
C H A P T E R		28		Configuring UDLD	28-1
				Understanding UDLD		28-1
				Modes of Operation			28-1
				Methods to Detect Unidirectional Links								28-2
				Configuring UDLD		28-3
				Default UDLD Configuration					28-4
				Configuration Guidelines				28-4
				Enabling UDLD Globally				28-5
				Enabling UDLD on an Interface						28-6
				Resetting an Interface Disabled by UDLD								28-6
				Displaying UDLD Status			28-7
				Configuring SPAN and RSPAN
C H A P T E R		29		Configuring SPAN and RSPAN				29-1
				Understanding SPAN and RSPAN					29-1
				Local SPAN	29-2
				Remote SPAN		29-3
			Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide


	xxii												OL-12189-01
	xxii												OL-12189-01

Contents

SPAN and RSPAN Concepts and Terminology 29-4
SPAN Sessions	29-4
Monitored Traffic 29-5
Source Ports 29-6
Source VLANs	29-7
VLAN Filtering	29-7
Destination Port	29-8
RSPAN VLAN	29-9

		SPAN and RSPAN Interaction with Other Features									29-9
		SPAN and RSPAN and Switch Stacks							29-10
		Configuring SPAN and RSPAN			29-10
		Default SPAN and RSPAN Configuration							29-11
		Configuring Local SPAN			29-11
		SPAN Configuration Guidelines						29-11
		Creating a Local SPAN Session						29-12
		Creating a Local SPAN Session and Configuring Incoming Traffic 29-14
		Specifying VLANs to Filter					29-15
		Configuring RSPAN		29-16
		RSPAN Configuration Guidelines							29-16
		Configuring a VLAN as an RSPAN VLAN								29-17
		Creating an RSPAN Source Session							29-18
		Specifying VLANs to Filter					29-19
		Creating an RSPAN Destination Session								29-20
		Creating an RSPAN Destination Session and Configuring Incoming Traffic 29-21
		Displaying SPAN and RSPAN Status					29-23
		Configuring RMON
C H A P T E R	30	Configuring RMON	30-1
		Understanding RMON		30-1
		Configuring RMON	30-2
		Default RMON Configuration				30-3
		Configuring RMON Alarms and Events							30-3
		Collecting Group History Statistics on an Interface									30-5
		Collecting Group Ethernet Statistics on an Interface									30-5
		Displaying RMON Status		30-6
		Configuring System Message Logging
C H A P T E R	31	Configuring System Message Logging					31-1
		Understanding System Message Logging						31-1
		Configuring System Message Logging					31-2
		System Log Message Format				31-2
		Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide

OL-12189-01												xxiii
OL-12189-01												xxiii

Contents

				Default System Message Logging Configuration 31-4
				Disabling Message Logging			31-4
				Setting the Message Display Destination Device							31-5
				Synchronizing Log Messages			31-6
				Enabling and Disabling Time Stamps on Log Messages 31-8
				Enabling and Disabling Sequence Numbers in Log Messages 31-8
				Defining the Message Severity Level					31-9
				Limiting Syslog Messages Sent to the History Table and to SNMP 31-10
				Enabling the Configuration-Change Logger						31-11
				Configuring UNIX Syslog Servers				31-12
				Logging Messages to a UNIX Syslog Daemon							31-12
				Configuring the UNIX System Logging Facility							31-13
				Displaying the Logging Configuration				31-14
				Configuring SNMP 32-1
C H A P T E R		32		Configuring SNMP 32-1
				Understanding SNMP	32-1
				SNMP Versions	32-2
				SNMP Manager Functions			32-3
				SNMP Agent Functions 32-4
				SNMP Community Strings			32-4
				Using SNMP to Access MIB Variables					32-4
				SNMP Notifications		32-5
				SNMP ifIndex MIB Object Values				32-5
				Configuring SNMP	32-6
				Default SNMP Configuration			32-6
				SNMP Configuration Guidelines				32-6
				Disabling the SNMP Agent			32-7
				Configuring Community Strings				32-8
				Configuring SNMP Groups and Users					32-9
				Configuring SNMP Notifications				32-11
				Setting the Agent Contact and Location Information							32-15
				Limiting TFTP Servers Used Through SNMP						32-15
				SNMP Examples	32-16
				Displaying SNMP Status		32-17
				Configuring Network Security with ACLs
C H A P T E R		34		Configuring Network Security with ACLs					34-1
				Understanding ACLs	34-1
				Supported ACLs	34-2
				Port ACLs	34-3
			Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide


	xxiv										OL-12189-01
	xxiv										OL-12189-01

Contents

Router ACLs	34-4
VLAN Maps	34-5
Handling Fragmented and Unfragmented Traffic							34-5
ACLs and Switch Stacks			34-6
Configuring IPv4 ACLs	34-7
Creating Standard and Extended IPv4 ACLs						34-7
Access List Numbers			34-8
ACL Logging	34-9
Creating a Numbered Standard ACL						34-10
Creating a Numbered Extended ACL						34-11
Resequencing ACEs in an ACL					34-15
Creating Named Standard and Extended ACLs							34-15
Using Time Ranges with ACLs					34-17
Including Comments in ACLs				34-19
Applying an IPv4 ACL to a Terminal Line						34-19
Applying an IPv4 ACL to an Interface					34-20
Hardware and Software Treatment of IP ACLs 34-22
IPv4 ACL Configuration Examples				34-22
Numbered ACLs		34-24
Extended ACLs		34-24
Named ACLs	34-25
Time Range Applied to an IP ACL					34-25
Commented IP ACL Entries				34-25
ACL Logging	34-26
Creating Named MAC Extended ACLs				34-27
Applying a MAC ACL to a Layer 2 Interface						34-28
Configuring VLAN Maps		34-29
VLAN Map Configuration Guidelines					34-30
Creating a VLAN Map		34-31
Examples of ACLs and VLAN Maps 34-32
Applying a VLAN Map to a VLAN				34-34
Using VLAN Maps in Your Network					34-34
Denying Access to a Server on Another VLAN							34-34
Using VLAN Maps with Router ACLs				34-35
VLAN Maps and Router ACL Configuration Guidelines 34-35
Examples of Router ACLs and VLAN Maps Applied to VLANs 34-36
ACLs and Switched Packets				34-36
ACLs and Bridged Packets				34-37
ACLs and Routed Packets 34-38
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide

OL-12189-01								xxv
OL-12189-01								xxv

Contents

		ACLs and Multicast Packets					34-38
		Displaying IPv4 ACL Configuration				34-39
		Configuring IPv6 ACLs
C H A P T E R	35	Configuring IPv6 ACLs	35-1
		Supported IPv6 ACLs	35-2
		Understanding IPv6 ACLs		35-2
		Supported ACL Features			35-2
		IPv6 ACL Limitations		35-3
		IPv6 ACLs and Switch Stacks				35-4
		Configuring IPv6 ACLs	35-4
		Default IPv6 ACL Configuration					35-5
		Interaction with Other Features and Switches 35-5
		Creating IPv6 ACLs		35-5
		Applying an IPv6 ACL to an Interface						35-8
		Displaying IPv6 ACLs	35-9
		Configuring QoS 36-1
C H A P T E R	36	Configuring QoS 36-1
		Understanding QoS	36-2
		Basic QoS Model	36-3
		Classification 36-5
		Classification Based on QoS ACLs							36-7
		Classification Based on Class Maps and Policy Maps 36-7
		Policing and Marking		36-8
		Policing on Physical Ports					36-9
		Policing on SVIs		36-10
		Mapping Tables	36-12
		Queueing and Scheduling Overview						36-13
		Weighted Tail Drop			36-13
		SRR Shaping and Sharing					36-14
		Queueing and Scheduling on Ingress Queues								36-15
		Queueing and Scheduling on Egress Queues								36-17
		Packet Modification		36-19
		Configuring Auto-QoS	36-20
		Generated Auto-QoS Configuration						36-21
		Effects of Auto-QoS on the Configuration							36-25
		Auto-QoS Configuration Guidelines						36-25
		Enabling Auto-QoS for VoIP 36-26
		Auto-QoS Configuration Example					36-27

Contents

Configuring Standard QoS 36-29
Default Standard QoS Configuration			36-30
Default Ingress Queue Configuration				36-30
Default Egress Queue Configuration				36-31
Default Mapping Table Configuration					36-32
Standard QoS Configuration Guidelines				36-32
QoS ACL Guidelines	36-32
Applying QoS on Interfaces		36-32
Policing Guidelines	36-33
General QoS Guidelines 36-33
Enabling QoS Globally	36-34
Enabling VLAN-Based QoS on Physical Ports					36-34
Configuring Classification Using Port Trust States						36-35
Configuring the Trust State on Ports within the QoS Domain 36-35
Configuring the CoS Value for an Interface 36-37
Configuring a Trusted Boundary to Ensure Port Security 36-38
Enabling DSCP Transparency Mode				36-39
Configuring the DSCP Trust State on a Port Bordering Another QoS Domain 36-40
Configuring a QoS Policy	36-42
Classifying Traffic by Using ACLs			36-43
Classifying Traffic by Using Class Maps					36-46
Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps									36-48
Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps 36-52
Classifying, Policing, and Marking Traffic by Using Aggregate Policers								36-58
Configuring DSCP Maps	36-60
Configuring the CoS-to-DSCP Map				36-60
Configuring the IP-Precedence-to-DSCP Map						36-61
Configuring the Policed-DSCP Map				36-62
Configuring the DSCP-to-CoS Map				36-63
Configuring the DSCP-to-DSCP-Mutation Map						36-64
Configuring Ingress Queue Characteristics					36-66
Mapping DSCP or CoS Values to an Ingress Queue and Setting WTD Thresholds									36-67
Allocating Buffer Space Between the Ingress Queues							36-68
Allocating Bandwidth Between the Ingress Queues							36-68
Configuring the Ingress Priority Queue					36-69
Configuring Egress Queue Characteristics					36-70
Configuration Guidelines		36-71
Allocating Buffer Space to and Setting WTD Thresholds for an Egress Queue-Set									36-71
Mapping DSCP or CoS Values to an Egress Queue and to a Threshold ID								36-73
Configuring SRR Shaped Weights on Egress Queues							36-75
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide

OL-12189-01										xxvii
OL-12189-01										xxvii

Contents

	Configuring SRR Shared Weights on Egress Queues 36-76
	Configuring the Egress Expedite Queue 36-76
	Limiting the Bandwidth on an Egress Interface		36-77
	Displaying Standard QoS Information 36-78
	Configuring EtherChannels and Link-State Tracking
C H A P T E R 37	Configuring EtherChannels and Link-State Tracking		37-1
	Understanding EtherChannels	37-1
	EtherChannel Overview	37-2
	Port-Channel Interfaces	37-4
	Port Aggregation Protocol	37-5

PAgP Modes	37-5
PAgP Interaction with Other Features						37-6
Link Aggregation Control Protocol				37-6
LACP Modes	37-6
LACP Interaction with Other Features						37-7
EtherChannel On Mode		37-7
Load-Balancing and Forwarding Methods						37-7
EtherChannel and Switch Stacks				37-9
Configuring EtherChannels		37-10
Default EtherChannel Configuration					37-10
EtherChannel Configuration Guidelines						37-11
Configuring Layer 2 EtherChannels					37-12
Configuring Layer 3 EtherChannels				37-14
Creating Port-Channel Logical Interfaces							37-14
Configuring the Physical Interfaces						37-15
Configuring EtherChannel Load-Balancing						37-17
Configuring the PAgP Learn Method and Priority 37-18
Configuring LACP Hot-Standby Ports					37-19
Configuring the LACP System Priority						37-20
Configuring the LACP Port Priority					37-21
Displaying EtherChannel, PAgP, and LACP Status							37-22
Understanding Link-State Tracking			37-22
Configuring Link-State Tracking			37-24
Default Link-State Tracking Configuration						37-24
Link-State Tracking Configuration Guidelines							37-24
Configuring Link-State Tracking				37-25
Displaying Link-State Tracking Status					37-26

	Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide
xxviii	OL-12189-01

Contents

C H A P T E R 38	Configuring IP Unicast Routing		38-1
	Supported IPv4 Features	38-2
	Understanding IP Routing	38-3
	Types of Routing 38-3
	IP Routing and Switch Stacks 38-4
	Steps for Configuring Routing		38-6
	Configuring IP Addressing	38-6

Default Addressing Configuration		38-7
Assigning IP Addresses to Network Interfaces				38-8
Use of Subnet Zero	38-8
Classless Routing	38-9
Configuring Address Resolution Methods			38-10
Define a Static ARP Cache		38-11
Set ARP Encapsulation 38-12
Enable Proxy ARP	38-13
Routing Assistance When IP Routing is Disabled				38-13
Proxy ARP 38-13
Default Gateway	38-13
ICMP Router Discovery Protocol (IRDP)			38-14

Configuring Broadcast Packet Handling 38-15

Enabling Directed Broadcast-to-Physical Broadcast Translation 38-16

Forwarding UDP Broadcast Packets and Protocols 38-17

Establishing an IP Broadcast Address				38-17
Flooding IP Broadcasts		38-18
Monitoring and Maintaining IP Addressing				38-19
Enabling IP Unicast Routing	38-20
Configuring RIP 38-21
Default RIP Configuration	38-22
Configuring Basic RIP Parameters			38-22
Configuring RIP Authentication			38-24
Configuring Summary Addresses and Split Horizon					38-24
Configuring Split Horizon	38-26
Configuring Stub Routing 38-26
Understanding PIM Stub Routing			38-26
Configuring PIM Stub Routing		38-27
PIM Stub Routing Configuration Guidelines					38-28
Enabling PIM Stub Routing			38-28
Understanding EIGRP Stub Routing 38-29
Configuring EIGRP Stub Routing			38-30
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide

OL-12189-01						xxix
OL-12189-01						xxix

Contents

	Configuring OSPF	38-31
	Default OSPF Configuration				38-32
	OSPF Nonstop Forwarding					38-33
	Configuring Basic OSPF Parameters						38-35
	Configuring OSPF Interfaces				38-35
	Configuring OSPF Area Parameters						38-36
	Configuring Other OSPF Parameters							38-38
	Changing LSA Group Pacing				38-39
	Configuring a Loopback Interface						38-40
	Monitoring OSPF		38-40
	Configuring EIGRP	38-41
	Default EIGRP Configuration				38-43
	EIGRP Nonstop Forwarding					38-44
	Configuring Basic EIGRP Parameters							38-45
	Configuring EIGRP Interfaces				38-46
	Configuring EIGRP Route Authentication								38-47
	Monitoring and Maintaining EIGRP						38-48
	Configuring BGP	38-49
	Default BGP Configuration 38-51
	Nonstop Forwarding Awareness							38-53
	Enabling BGP Routing			38-53
	Managing Routing Policy Changes						38-56
	Configuring BGP Decision Attributes							38-57
	Configuring BGP Filtering with Route Maps									38-59
	Configuring BGP Filtering by Neighbor							38-60
	Configuring Prefix Lists for BGP Filtering								38-61
	Configuring BGP Community Filtering							38-62
	Configuring BGP Neighbors and Peer Groups									38-64
	Configuring Aggregate Addresses						38-66
	Configuring Routing Domain Confederations									38-66
	Configuring BGP Route Reflectors						38-67
	Configuring Route Dampening				38-68
	Monitoring and Maintaining BGP						38-69
	Configuring Multi-VRF CE			38-70
	Understanding Multi-VRF CE				38-71
	Default Multi-VRF CE Configuration						38-73
	Multi-VRF CE Configuration Guidelines							38-73
	Configuring VRFs		38-74
	Configuring VRF-Aware Services						38-75
	Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide


xxx										OL-12189-01
xxx										OL-12189-01

+ 1186 hidden pages