Cisco IOS Release 12.2(40)EX2
April 2008
Americas Headquarters
Cisco Systems, Inc. 170 West Tasman Drive
San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000
800 553-NETS (6387) Fax: 408 527-0883
Text Part Number: OL-12189-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco StadiumVision, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn is a service mark; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0804R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide
© 2008 Cisco Systems, Inc. All rights reserved.
|
|
|
|
|
|
|
|
|
C O N T E N T S |
|
|
|
Preface |
xliii |
|
|
|
|
|
|
|
|
|
Audience |
xliii |
|
|
|
|
|
|
|
|
|
Purpose |
xliii |
|
|
|
|
|
|
|
|
|
Conventions xliv |
|
|
|
|
|
|
||
|
|
Related Publications |
xliv |
|
|
|
|
|
||
|
|
Obtaining Documentation and Submitting a Service Request xlv |
||||||||
|
|
Overview |
|
|
|
|
|
|
|
|
C H A P T E R |
1 |
1-1 |
|
|
|
|
|
|
||
|
|
Features |
1-1 |
|
|
|
|
|
|
|
|
|
Deployment Features |
1-3 |
|
|
|
|
|||
|
|
Performance Features |
1-4 |
|
|
|
|
|||
|
|
Management Options |
1-5 |
|
|
|
|
|||
|
|
Manageability Features |
1-6 |
|
|
|
|
|||
|
|
Availability and Redundancy Features |
1-7 |
|
||||||
|
|
VLAN Features |
1-8 |
|
|
|
|
|
||
|
|
Security Features |
1-9 |
|
|
|
|
|
||
|
|
QoS and CoS Features |
1-10 |
|
|
|
|
|||
|
|
Layer 3 Features |
1-12 |
|
|
|
|
|
||
|
|
Monitoring Features 1-13 |
|
|
|
|
||||
|
|
Default Settings After Initial Switch Configuration |
1-14 |
|||||||
|
|
Network Configuration Examples |
1-16 |
|
|
|
||||
|
|
Design Concepts for Using the Switch |
1-16 |
|
||||||
|
|
Small to Medium-Sized Network |
1-19 |
|
|
|||||
|
|
Where to Go Next 1-20 |
|
|
|
|
|
|||
|
|
Using the Command-Line Interface |
|
|
|
|
||||
C H A P T E R |
2 |
2-1 |
|
|
|
|||||
|
|
Understanding Command Modes |
2-1 |
|
|
|
||||
|
|
Understanding the Help System |
2-3 |
|
|
|
||||
|
|
Understanding Abbreviated Commands |
2-4 |
|
|
|||||
|
|
Understanding no and default Forms of Commands |
2-4 |
|||||||
|
|
Understanding CLI Error Messages |
2-5 |
|
|
|||||
|
|
Using Configuration Logging |
2-5 |
|
|
|
|
|
Using Command History |
2-6 |
|
|
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
|
|
|
|
|
|
|
|
||
|
OL-12189-01 |
|
|
iii |
|
|
|
|
|
Contents
|
Changing the Command History Buffer Size |
2-6 |
||||
|
Recalling Commands |
2-6 |
|
|
|
|
|
Disabling the Command History Feature |
2-7 |
|
|||
|
Using Editing Features |
2-7 |
|
|
|
|
|
Enabling and Disabling Editing Features |
2-7 |
|
|||
|
Editing Commands through Keystrokes |
2-8 |
|
|||
|
Editing Command Lines that Wrap |
2-9 |
|
|
||
|
Searching and Filtering Output of show and more Commands 2-10 |
|||||
|
Accessing the CLI 2-10 |
|
|
|
|
|
|
Accessing the CLI through a Console Connection or through Telnet 2-11 |
|||||
|
Assigning the Switch IP Address and Default Gateway 3-1 |
|||||
C H A P T E R 3 |
||||||
|
Understanding the Boot Process |
3-1 |
|
|
|
|
|
Assigning Switch Information |
3-2 |
|
|
|
|
|
Default Switch Information |
3-3 |
|
|
|
|
|
Understanding DHCP-Based Autoconfiguration 3-3 |
|||||
|
DHCP Client Request Process |
3-4 |
|
|
||
|
Configuring DHCP-Based Autoconfiguration |
3-5 |
||||
|
DHCP Server Configuration Guidelines |
3-5 |
||||
|
Configuring the TFTP Server |
3-6 |
|
|
||
|
Configuring the DNS |
3-6 |
|
|
|
|
|
Configuring the Relay Device |
3-7 |
|
|
||
|
Obtaining Configuration Files |
3-7 |
|
|
||
|
Example Configuration |
3-8 |
|
|
|
|
|
|
|
Understanding DHCP-based Autoconfiguration and Image Update |
3-10 |
|
|||
|
|
|
|
DHCP Autoconfiguration 3-10 |
|
|
|
||
|
|
|
|
DHCP Auto-Image Update |
3-10 |
|
|
|
|
|
|
|
|
Limitations and Restrictions |
3-10 |
|
|
|
|
|
|
|
|
Configuring the DHCP Auto Configuration and Image Update Features 3-11 |
|||||
|
|
|
|
Configuring DHCP Autoconfiguration (Only Configuration File) |
3-11 |
|
|||
|
|
|
|
Configuring DHCP Auto-Image Update (Configuration File and Image) 3-12 |
|||||
|
|
|
|
Configuring the Client |
3-13 |
|
|
|
|
|
|
|
|
Manually Assigning IP Information 3-14 |
|
|
|
||
|
|
|
|
Configuring Protected Mode |
3-15 |
|
|
|
|
|
|
|
|
Understanding Protected Mode |
3-15 |
|
|
|
|
|
|
|
|
Configuration Guidelines and Restrictions |
3-16 |
|
|
||
|
|
|
|
Enabling Protected Mode |
3-16 |
|
|
|
|
|
|
|
|
Checking and Saving the Running Configuration |
3-17 |
|
|
||
|
|
|
|
Modifying the Startup Configuration |
3-18 |
|
|
|
|
|
|
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
|
|
|||
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
iv |
|
|
|
|
|
|
OL-12189-01 |
|
|
|
|
|
|
|
|
|
Contents
|
|
Default Boot Configuration |
3-18 |
|
|
|
|
|||
|
|
Automatically Downloading a Configuration File |
3-18 |
|
||||||
|
|
Specifying the Filename to Read and Write the System Configuration |
3-18 |
|||||||
|
|
Booting Manually |
3-19 |
|
|
|
|
|
|
|
|
|
Booting a Specific Software Image |
3-20 |
|
|
|
||||
|
|
Controlling Environment Variables |
3-21 |
|
|
|
||||
|
|
Scheduling a Reload of the Software Image |
3-23 |
|
|
|||||
|
|
Configuring a Scheduled Reload |
3-23 |
|
|
|
||||
|
|
Displaying Scheduled Reload Information |
3-24 |
|
|
|||||
|
|
Configuring Cisco IOS CNS Agents |
|
|
|
|
|
|||
C H A P T E R |
4 |
4-1 |
|
|
|
|
||||
|
|
Understanding Cisco Configuration Engine Software |
4-1 |
|
||||||
|
|
Configuration Service 4-2 |
|
|
|
|
|
|
||
|
|
Event Service |
4-3 |
|
|
|
|
|
|
|
|
|
NameSpace Mapper |
4-3 |
|
|
|
|
|
||
|
|
What You Should Know About the CNS IDs and Device Hostnames |
4-3 |
|||||||
|
|
ConfigID |
4-3 |
|
|
|
|
|
|
|
|
|
DeviceID |
4-4 |
|
|
|
|
|
|
|
|
|
Hostname and DeviceID 4-4 |
|
|
|
|
||||
|
|
Using Hostname, DeviceID, and ConfigID |
4-4 |
|
||||||
|
|
Understanding Cisco IOS Agents |
4-5 |
|
|
|
|
|||
|
|
Initial Configuration |
4-5 |
|
|
|
|
|
|
|
|
|
Incremental (Partial) Configuration |
4-6 |
|
|
|
||||
|
|
Synchronized Configuration |
4-6 |
|
|
|
|
|||
|
|
Configuring Cisco IOS Agents |
4-6 |
|
|
|
|
|
||
|
|
Enabling Automated CNS Configuration |
4-6 |
|
|
|||||
|
|
Enabling the CNS Event Agent |
4-7 |
|
|
|
|
|||
|
|
Enabling the Cisco IOS CNS Agent |
4-9 |
|
|
|
||||
|
|
Enabling an Initial Configuration |
4-9 |
|
|
|||||
|
|
Enabling a Partial Configuration |
4-13 |
|
|
|||||
|
|
Displaying CNS Configuration |
4-14 |
|
|
|
|
|
||
|
|
Managing Switch Stacks |
|
|
|
|
|
|
|
|
C H A P T E R |
5 |
5-1 |
|
|
|
|
|
|
|
Understanding Switch Stacks |
5-1 |
|
|
|
|
Switch Stack Membership |
5-3 |
|
|
|
|
Stack Master Election and Re-Election 5-6 |
||||
|
Switch Stack Bridge ID and Router MAC Address 5-8 |
||||
|
Stack Member Numbers |
5-8 |
|
|
|
|
Stack Member Priority Values 5-9 |
||||
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
|
|
|
|
|
|
|
|
||
|
OL-12189-01 |
|
|
v |
|
|
|
|
|
Contents
Switch Stack Offline Configuration |
5-9 |
|
|
Effects of Adding a Provisioned Switch to a Switch Stack |
5-10 |
|
|
Effects of Replacing a Provisioned Switch in a Switch Stack |
5-11 |
||
Effects of Removing a Provisioned Switch from a Switch Stack |
5-11 |
||
Hardware Compatibility and SDM Mismatch Mode in Switch Stacks |
5-11 |
||
Switch Stack Software Compatibility Recommendations 5-12 |
|
|
|
Stack Protocol Version Compatibility |
5-12 |
|
|
|
Major Version Number Incompatibility Among Switches |
5-12 |
|||||||
|
Minor Version Number Incompatibility Among Switches |
5-12 |
|||||||
|
Understanding Auto-Upgrade and Auto-Advise |
5-13 |
|
|
|||||
|
Auto-Upgrade and Auto-Advise Example Messages |
5-14 |
|||||||
|
Incompatible Software and Stack Member Image Upgrades |
5-16 |
|||||||
|
Switch Stack Configuration Files |
5-16 |
|
|
|
|
|
||
|
Additional Considerations for System-Wide Configuration on Switch Stacks 5-17 |
||||||||
|
Switch Stack Management Connectivity |
5-17 |
|
|
|
|
|||
|
Connectivity to the Switch Stack Through an IP Address |
5-18 |
|||||||
|
Connectivity to the Switch Stack Through an SSH Session |
5-18 |
|||||||
|
Connectivity to the Switch Stack Through Console Ports or Ethernet Management Ports 5-18 |
||||||||
|
Connectivity to Specific Stack Members |
5-18 |
|
|
|
||||
|
Switch Stack Configuration Scenarios |
|
5-19 |
|
|
|
|
||
|
Configuring the Switch Stack |
5-21 |
|
|
|
|
|
|
|
|
Default Switch Stack Configuration |
5-21 |
|
|
|
|
|||
|
Configuration Guidelines |
5-21 |
|
|
|
|
|
|
|
|
Enabling Persistent MAC Address |
5-22 |
|
|
|
|
|||
|
Assigning Stack Member Information |
|
5-24 |
|
|
|
|
||
|
Assigning a Stack Member Number |
5-24 |
|
|
|
|
|||
|
Setting the Stack Member Priority Value |
5-25 |
|
|
|
||||
|
Provisioning a New Member for a Switch Stack |
5-25 |
|
|
|||||
|
Accessing the CLI of a Specific Stack Member 5-26 |
|
|
|
|||||
|
Displaying Switch Stack Information |
5-27 |
|
|
|
|
|
||
|
Administering the Switch 6-1 |
|
|
|
|
|
|
|
|
C H A P T E R 6 |
|
|
|
|
|
|
|
|
|
|
Managing the System Time and Date |
6-1 |
|
|
|
|
|
||
|
Understanding the System Clock |
6-1 |
|
|
|
|
|
||
|
Understanding Network Time Protocol |
|
6-2 |
|
|
|
|
||
|
Configuring NTP 6-3 |
|
|
|
|
|
|
|
|
|
Default NTP Configuration |
6-4 |
|
|
|
|
|
|
|
|
Configuring NTP Authentication |
6-4 |
|
|
|
|
|
|
|
|
Configuring NTP Associations |
6-5 |
|
|
|
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
||
|
|
|
|
|||
|
|
|
|
|
|
|
|
vi |
|
|
|
OL-12189-01 |
|
|
|
|
|
|
Contents
|
|
Configuring NTP Broadcast Service |
6-6 |
|
|
|
|
|
|
||||
|
|
Configuring NTP Access Restrictions |
6-8 |
|
|
|
|
|
|||||
|
|
Configuring the Source IP Address for NTP Packets |
6-10 |
|
|
|
|||||||
|
|
Displaying the NTP Configuration |
6-11 |
|
|
|
|
|
|
||||
|
|
Configuring Time and Date Manually |
6-11 |
|
|
|
|
|
|
||||
|
|
Setting the System Clock |
6-11 |
|
|
|
|
|
|
|
|
||
|
|
Displaying the Time and Date Configuration |
6-12 |
|
|
|
|
||||||
|
|
Configuring the Time Zone |
6-12 |
|
|
|
|
|
|
|
|||
|
|
Configuring Summer Time (Daylight Saving Time) |
6-13 |
|
|
|
|||||||
|
|
Configuring a System Name and Prompt |
6-14 |
|
|
|
|
|
|
|
|||
|
|
Default System Name and Prompt Configuration |
6-15 |
|
|
|
|
||||||
|
|
Configuring a System Name |
6-15 |
|
|
|
|
|
|
|
|
||
|
|
Understanding DNS |
6-15 |
|
|
|
|
|
|
|
|
|
|
|
|
Default DNS Configuration |
6-16 |
|
|
|
|
|
|
|
|
||
|
|
Setting Up DNS |
6-16 |
|
|
|
|
|
|
|
|
|
|
|
|
Displaying the DNS Configuration |
6-17 |
|
|
|
|
|
|
||||
|
|
Creating a Banner 6-17 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Default Banner Configuration |
6-17 |
|
|
|
|
|
|
|
|
||
|
|
Configuring a Message-of-the-Day Login Banner |
6-18 |
|
|
|
|
||||||
|
|
Configuring a Login Banner |
6-18 |
|
|
|
|
|
|
|
|
|
|
|
|
Managing the MAC Address Table 6-19 |
|
|
|
|
|
|
|
|
|||
|
|
Building the Address Table |
6-20 |
|
|
|
|
|
|
|
|
|
|
|
|
MAC Addresses and VLANs |
6-20 |
|
|
|
|
|
|
|
|
||
|
|
MAC Addresses and Switch Stacks |
6-20 |
|
|
|
|
|
|
|
|||
|
|
Default MAC Address Table Configuration |
6-21 |
|
|
|
|
|
|||||
|
|
Changing the Address Aging Time |
6-21 |
|
|
|
|
|
|
|
|||
|
|
Removing Dynamic Address Entries |
6-22 |
|
|
|
|
|
|
|
|||
|
|
Configuring MAC Address Notification Traps |
6-22 |
|
|
|
|
||||||
|
|
Adding and Removing Static Address Entries |
6-24 |
|
|
|
|
||||||
|
|
Configuring Unicast MAC Address Filtering |
6-25 |
|
|
|
|
|
|||||
|
|
Displaying Address Table Entries |
6-26 |
|
|
|
|
|
|
|
|||
|
|
Managing the ARP Table |
6-26 |
|
|
|
|
|
|
|
|
|
|
|
|
Configuring Switch-Based Authentication |
|
|
|
|
|
|
|
||||
|
C H A P T E R 7 |
7-1 |
|
|
|
|
|
|
|||||
|
|
Preventing Unauthorized Access to Your Switch |
7-1 |
|
|
|
|
|
|||||
|
|
Protecting Access to Privileged EXEC Commands |
7-2 |
|
|
|
|
|
|||||
|
|
Default Password and Privilege Level Configuration |
7-2 |
|
|
|
|||||||
|
|
Setting or Changing a Static Enable Password |
7-3 |
|
|
|
|
||||||
|
|
Protecting Enable and Enable Secret Passwords with Encryption 7-3 |
|||||||||||
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
|
|
|
||||||||
|
|
|
|
|
|||||||||
|
OL-12189-01 |
|
|
|
|
|
|
|
|
|
|
vii |
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
|
|
|
|
Disabling Password Recovery 7-5 |
|
|
|
|
|
|
||
|
|
|
|
Setting a Telnet Password for a Terminal Line |
7-6 |
|
|
|||||
|
|
|
|
Configuring Username and Password Pairs |
7-6 |
|
|
|
||||
|
|
|
|
Configuring Multiple Privilege Levels |
7-7 |
|
|
|
|
|||
|
|
|
|
Setting the Privilege Level for a Command |
7-8 |
|
|
|||||
|
|
|
|
Changing the Default Privilege Level for Lines 7-9 |
|
|
||||||
|
|
|
|
Logging into and Exiting a Privilege Level |
7-9 |
|
|
|||||
|
|
|
|
Controlling Switch Access with TACACS+ |
7-10 |
|
|
|
||||
|
|
|
|
Understanding TACACS+ |
7-10 |
|
|
|
|
|
|
|
|
|
|
|
TACACS+ Operation |
7-12 |
|
|
|
|
|
|
|
|
|
|
|
Configuring TACACS+ |
7-12 |
|
|
|
|
|
|
|
|
|
|
|
Default TACACS+ Configuration |
7-13 |
|
|
|
|
|||
|
|
|
|
Identifying the TACACS+ Server Host and Setting the Authentication Key 7-13 |
|
|
||||||
|
|
|
|
Configuring TACACS+ Login Authentication |
7-14 |
|
|
|||||
|
|
|
|
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services |
7-16 |
|
||||||
|
|
|
|
Starting TACACS+ Accounting |
|
7-17 |
|
|
|
|
||
|
|
|
|
Displaying the TACACS+ Configuration 7-17 |
|
|
|
|||||
|
|
|
|
Controlling Switch Access with RADIUS |
|
7-17 |
|
|
|
|
||
|
|
|
|
Understanding RADIUS |
7-18 |
|
|
|
|
|
|
|
|
|
|
|
RADIUS Operation 7-19 |
|
|
|
|
|
|
|
|
|
|
|
|
Configuring RADIUS |
7-19 |
|
|
|
|
|
|
|
|
|
|
|
Default RADIUS Configuration |
|
7-20 |
|
|
|
|
||
|
|
|
|
Identifying the RADIUS Server Host |
7-20 |
|
|
|
||||
|
|
|
|
Configuring RADIUS Login Authentication |
7-23 |
|
|
|||||
|
|
|
|
Defining AAA Server Groups |
7-25 |
|
|
|
|
|||
|
|
|
|
Configuring RADIUS Authorization for User Privileged Access and Network Services |
7-27 |
|
||||||
|
|
|
|
Starting RADIUS Accounting |
7-28 |
|
|
|
|
|||
|
|
|
|
Configuring Settings for All RADIUS Servers |
7-29 |
|
|
|||||
|
|
|
|
Configuring the Switch to Use Vendor-Specific RADIUS Attributes 7-29 |
|
|
||||||
|
|
|
|
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 7-31 |
|
|
||||||
|
|
|
|
Displaying the RADIUS Configuration |
7-31 |
|
|
|
||||
|
|
|
|
Controlling Switch Access with Kerberos |
7-32 |
|
|
|
|
|||
|
|
|
|
Understanding Kerberos |
7-32 |
|
|
|
|
|
|
|
|
|
|
|
Kerberos Operation |
7-34 |
|
|
|
|
|
|
|
|
|
|
|
Authenticating to a Boundary Switch |
7-34 |
|
|
|
||||
|
|
|
|
Obtaining a TGT from a KDC |
7-35 |
|
|
|
|
|||
|
|
|
|
Authenticating to Network Services |
7-35 |
|
|
|
||||
|
|
|
|
Configuring Kerberos |
7-35 |
|
|
|
|
|
|
|
|
|
|
|
Configuring the Switch for Local Authentication and Authorization 7-36 |
|
|
||||||
|
|
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
|
|
||||||
|
|
|
|
|
|
|||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
viii |
|
|
|
|
|
|
|
|
OL-12189-01 |
|
|
|
|
|
|
|
|
|
|
|
|
Contents
|
|
|
Configuring the Switch for Secure Shell |
7-37 |
|
|
|
|
|
||||||
|
|
|
Understanding SSH |
7-37 |
|
|
|
|
|
|
|
|
|
||
|
|
|
SSH Servers, Integrated Clients, and Supported Versions 7-38 |
||||||||||||
|
|
|
Limitations |
7-38 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Configuring SSH |
7-39 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Configuration Guidelines |
|
7-39 |
|
|
|
|
|
|
|
|||
|
|
|
Setting Up the Switch to Run SSH |
7-39 |
|
|
|
|
|
||||||
|
|
|
Configuring the SSH Server |
7-40 |
|
|
|
|
|
|
|||||
|
|
|
Displaying the SSH Configuration and Status |
7-41 |
|
|
|
||||||||
|
|
|
Configuring the Switch for Secure Socket Layer HTTP |
7-41 |
|
|
|
||||||||
|
|
|
Understanding Secure HTTP Servers and Clients |
7-42 |
|
|
|
||||||||
|
|
|
Certificate Authority Trustpoints |
7-42 |
|
|
|
|
|
||||||
|
|
|
CipherSuites |
7-43 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Configuring Secure HTTP Servers and Clients |
7-44 |
|
|
|
||||||||
|
|
|
Default SSL Configuration |
7-44 |
|
|
|
|
|
|
|||||
|
|
|
SSL Configuration Guidelines |
7-44 |
|
|
|
|
|
|
|||||
|
|
|
Configuring a CA Trustpoint |
7-45 |
|
|
|
|
|
|
|||||
|
|
|
Configuring the Secure HTTP Server |
7-45 |
|
|
|
|
|||||||
|
|
|
Configuring the Secure HTTP Client |
7-47 |
|
|
|
|
|
||||||
|
|
|
Displaying Secure HTTP Server and Client Status |
7-48 |
|
|
|
||||||||
|
|
|
Configuring the Switch for Secure Copy Protocol |
7-48 |
|
|
|
|
|||||||
|
|
|
Information About Secure Copy |
7-48 |
|
|
|
|
|
||||||
|
|
|
Configuring SDM Templates |
|
|
|
|
|
|
|
|
|
|
||
|
C H A P T E R |
8 |
8-1 |
|
|
|
|
|
|
|
|
|
|||
|
|
|
Understanding the SDM Templates |
8-1 |
|
|
|
|
|
|
|
||||
|
|
|
Dual IPv4 and IPv6 SDM Templates |
8-2 |
|
|
|
|
|
|
|||||
|
|
|
SDM Templates and Switch Stacks |
8-3 |
|
|
|
|
|
|
|||||
|
|
|
Configuring the Switch SDM Template |
8-4 |
|
|
|
|
|
|
|||||
|
|
|
Default SDM Template |
8-4 |
|
|
|
|
|
|
|
|
|
||
|
|
|
SDM Template Configuration Guidelines |
8-4 |
|
|
|
|
|
||||||
|
|
|
Setting the SDM Template |
8-5 |
|
|
|
|
|
|
|
||||
|
|
|
Displaying the SDM Templates |
8-6 |
|
|
|
|
|
|
|
|
|||
|
|
|
Configuring IEEE 802.1x Port-Based Authentication |
|
|
|
|
||||||||
|
C H A P T E R |
9 |
9-1 |
|
|
|
|||||||||
|
|
|
Understanding IEEE 802.1x Port-Based Authentication |
9-1 |
|
|
|
||||||||
|
|
|
Device Roles |
9-2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Authentication Process |
9-3 |
|
|
|
|
|
|
|
|
|
||
|
|
|
Authentication Initiation and Message Exchange |
9-5 |
|
|
|
||||||||
|
|
|
Ports in Authorized and Unauthorized States |
9-7 |
|
|
|
|
|||||||
|
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
|
|
|
|||||||||
|
|
|
|
|
|
||||||||||
|
OL-12189-01 |
|
|
|
|
|
|
|
|
|
|
|
ix |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
IEEE 802.1x |
Authentication and Switch Stacks |
9-8 |
|
||
IEEE 802.1x |
Host Mode |
9-8 |
|
|
|
IEEE 802.1x |
Accounting |
9-9 |
|
|
|
IEEE 802.1x |
Accounting Attribute-Value Pairs |
9-9 |
|
||
Using IEEE 802.1x |
Authentication with VLAN Assignment 9-10 |
||||
Using IEEE 802.1x |
Authentication with Per-User ACLs |
9-12 |
|||
Using IEEE 802.1x |
Authentication with Guest VLAN |
9-13 |
Using IEEE 802.1x |
Authentication with Restricted VLAN 9-14 |
Using IEEE 802.1x |
Authentication with Inaccessible Authentication Bypass 9-15 |
|
|
|
|
Using IEEE 802.1x Authentication with Voice VLAN Ports |
9-16 |
|
||||||
|
|
|
|
Using IEEE 802.1x Authentication with Port Security |
9-17 |
|
|
|||||
|
|
|
|
Using IEEE 802.1x Authentication with Wake-on-LAN |
9-18 |
|
||||||
|
|
|
|
Using IEEE 802.1x Authentication with MAC Authentication Bypass 9-18 |
||||||||
|
|
|
|
Network Admission Control Layer 2 IEEE 802.1x Validation |
9-20 |
|
||||||
|
|
|
|
Using Multidomain Authentication |
9-20 |
|
|
|
|
|
||
|
|
|
|
Using Web Authentication |
9-21 |
|
|
|
|
|
|
|
|
|
|
|
Web Authentication with Automatic MAC Check |
9-22 |
|
||||||
|
|
|
|
Configuring IEEE 802.1x Authentication |
9-22 |
|
|
|
|
|
||
|
|
|
|
Default IEEE 802.1x Authentication Configuration |
9-23 |
|
|
|||||
|
|
|
|
IEEE 802.1x Authentication Configuration Guidelines |
9-24 |
|
|
|||||
|
|
|
|
IEEE 802.1x Authentication |
9-24 |
|
|
|
|
|
||
|
|
|
|
VLAN Assignment, Guest VLAN, Restricted VLAN, and Inaccessible Authentication |
||||||||
|
|
|
|
Bypass 9-25 |
|
|
|
|
|
|
|
|
|
|
|
|
MAC Authentication Bypass |
|
9-26 |
|
|
|
|
|
|
|
|
|
|
Configuring IEEE 802.1x Authentication |
9-26 |
|
|
|
|
|||
|
|
|
|
Configuring the Switch-to-RADIUS-Server Communication |
9-28 |
|
||||||
|
|
|
|
Configuring the Host Mode |
9-29 |
|
|
|
|
|
|
|
|
|
|
|
Configuring Periodic Re-Authentication |
9-30 |
|
|
|
|
|||
|
|
|
|
Manually Re-Authenticating a Client Connected to a Port |
9-30 |
|
||||||
|
|
|
|
Changing the Quiet Period |
9-31 |
|
|
|
|
|
|
|
|
|
|
|
Changing the Switch-to-Client Retransmission Time |
9-31 |
|
|
|||||
|
|
|
|
Setting the Switch-to-Client Frame-Retransmission Number |
9-32 |
|
||||||
|
|
|
|
Setting the Re-Authentication Number |
9-32 |
|
|
|
|
|||
|
|
|
|
Configuring IEEE 802.1x Accounting |
9-33 |
|
|
|
|
|||
|
|
|
|
Configuring a Guest VLAN |
9-34 |
|
|
|
|
|
|
|
|
|
|
|
Configuring a Restricted VLAN |
9-35 |
|
|
|
|
|
||
|
|
|
|
Configuring the Inaccessible Authentication Bypass Feature |
9-37 |
|
||||||
|
|
|
|
Configuring IEEE 802.1x Authentication with WoL |
9-39 |
|
|
|||||
|
|
|
|
Configuring MAC Authentication Bypass |
9-40 |
|
|
|
|
|||
|
|
|
|
Configuring NAC Layer 2 IEEE 802.1x Validation |
9-41 |
|
|
|
||||
|
|
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
||||||||
|
|
|
|
|||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
x |
|
|
|
|
|
|
|
|
|
OL-12189-01 |
|
|
|
|
|
|
|
|
|
|
|
|
Contents
|
Configuring Web Authentication |
9-42 |
|
|
|
|
|||
|
Disabling IEEE 802.1x Authentication on the Port |
9-44 |
|
||||||
|
Resetting the IEEE 802.1x Authentication Configuration to the Default Values 9-45 |
||||||||
|
Displaying IEEE 802.1x Statistics and Status |
|
9-45 |
|
|
||||
|
Configuring Interface Characteristics |
|
|
|
|
|
|||
C H A P T E R 10 |
10-1 |
|
|
|
|
||||
|
Understanding Interface Types |
10-1 |
|
|
|
|
|
||
|
Port-Based VLANs |
10-2 |
|
|
|
|
|
|
|
|
Switch Ports |
10-2 |
|
|
|
|
|
|
|
|
Access Ports |
10-3 |
|
|
|
|
|
|
|
|
Trunk Ports |
10-3 |
|
|
|
|
|
|
|
|
Tunnel Ports |
10-4 |
|
|
|
|
|
|
|
|
Routed Ports |
10-4 |
|
|
|
|
|
|
|
|
Switch Virtual Interfaces |
10-5 |
|
|
|
|
|
||
|
EtherChannel Port Groups |
10-5 |
|
|
|
|
|
||
|
10-Gigabit Ethernet Interfaces 10-6 |
|
|
|
|
||||
|
Connecting Interfaces 10-6 |
|
|
|
|
|
|||
|
Using Interface Configuration Mode |
10-7 |
|
|
|
|
|||
|
Procedures for Configuring Interfaces |
10-8 |
|
|
|||||
|
Configuring a Range of Interfaces |
10-9 |
|
|
|
||||
|
Configuring and Using Interface Range Macros |
10-10 |
|
||||||
|
Using the Internal Ethernet Management Port |
10-12 |
|
|
|||||
|
Understanding the Internal Ethernet Management Port |
10-12 |
|||||||
|
Supported Features on the Ethernet Management Port |
10-13 |
|||||||
|
Layer 3 Routing Configuration Guidelines |
10-14 |
|
|
|||||
|
Monitoring the Ethernet Management Port 10-14 |
|
|||||||
|
Configuring Ethernet Interfaces |
10-14 |
|
|
|
|
|||
|
Default Ethernet Interface Configuration |
10-15 |
|
|
|||||
|
Configuring Interface Speed and Duplex Mode |
10-16 |
|
||||||
|
Speed and Duplex Configuration Guidelines |
10-16 |
|
||||||
|
Setting the Interface Speed and Duplex Parameters |
10-17 |
|||||||
|
Configuring IEEE 802.3x Flow Control |
10-18 |
|
|
|||||
|
Configuring Auto-MDIX on an Interface |
|
10-19 |
|
|
||||
|
Adding a Description for an Interface |
10-20 |
|
|
|||||
|
Configuring Layer 3 Interfaces |
10-20 |
|
|
|
|
|
||
|
Configuring the System MTU |
10-22 |
|
|
|
|
|
|
Monitoring and Maintaining the Interfaces 10-24 |
|
|
|
|
|
Monitoring Interface Status 10-24 |
|
|
|
|
|
Clearing and Resetting Interfaces and Counters |
10-25 |
|
|
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
|
|
|
|
|
|
|
|
||
|
OL-12189-01 |
|
|
xi |
|
|
|
|
|
Contents
|
|
Shutting Down and Restarting the Interface |
10-25 |
||||||
|
|
Configuring Smartports Macros |
|
|
|
|
|||
C H A P T E R |
11 |
11-1 |
|
|
|
||||
|
|
Understanding Smartports Macros |
11-1 |
|
|
|
|||
|
|
Configuring Smartports Macros |
11-2 |
|
|
|
|||
|
|
Default Smartports Macro Configuration |
11-2 |
||||||
|
|
Smartports Macro Configuration Guidelines |
11-3 |
||||||
|
|
Creating Smartports Macros |
|
11-4 |
|
|
|
||
|
|
Applying Smartports Macros |
|
11-5 |
|
|
|
||
|
|
Applying Cisco-Default Smartports Macros |
11-6 |
||||||
|
|
Displaying Smartports Macros |
11-8 |
|
|
|
|||
|
|
Configuring VLANs |
|
|
|
|
|
|
|
C H A P T E R |
12 |
12-1 |
|
|
|
|
|
|
|
|
|
Understanding VLANs |
12-1 |
|
|
|
|
|
|
|
|
Supported VLANs |
12-2 |
|
|
|
|
|
|
|
|
VLAN Port Membership Modes |
12-3 |
|
|
||||
|
|
Configuring Normal-Range VLANs |
12-4 |
|
|
|
|||
|
|
Token Ring VLANs |
12-6 |
|
|
|
|
|
|
|
|
Normal-Range VLAN Configuration Guidelines |
12-6 |
||||||
|
|
VLAN Configuration Mode Options |
12-7 |
|
|
||||
|
|
VLAN Configuration in config-vlan Mode |
12-7 |
||||||
|
|
VLAN Configuration in VLAN Database Configuration Mode 12-7 |
|||||||
|
|
Saving VLAN Configuration |
12-7 |
|
|
|
|||
|
|
Default Ethernet VLAN Configuration |
12-8 |
|
|||||
|
|
Creating or Modifying an Ethernet VLAN |
12-9 |
||||||
|
|
Deleting a VLAN |
12-10 |
|
|
|
|
|
|
|
|
Assigning Static-Access Ports to a VLAN |
12-11 |
||||||
|
|
Configuring Extended-Range VLANs |
12-12 |
|
|
||||
|
|
Default VLAN Configuration |
12-12 |
|
|
|
|||
|
|
Extended-Range VLAN Configuration Guidelines 12-13 |
|||||||
|
|
Creating an Extended-Range VLAN |
12-14 |
|
|
||||
|
|
Creating an Extended-Range VLAN with an Internal VLAN ID 12-15 |
|||||||
|
|
Displaying VLANs |
12-16 |
|
|
|
|
|
|
|
|
Configuring VLAN Trunks 12-16 |
|
|
|
|
|
||
|
|
Trunking Overview |
12-16 |
|
|
|
|
|
|
|
|
Encapsulation Types 12-19 |
|
|
|
||||
|
|
IEEE 802.1Q Configuration Considerations |
12-19 |
|
|
|
|
Default Layer 2 Ethernet Interface VLAN Configuration |
12-20 |
|
|
|
|
|
Configuring an Ethernet Interface as a Trunk Port 12-20 |
|
|
|
|
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
||
|
|
|
|
|||
|
|
|
|
|
|
|
|
xii |
|
|
|
OL-12189-01 |
|
|
|
|
|
|
Contents
Interaction with Other Features |
12-20 |
|
||
Configuring a Trunk Port |
12-21 |
|
|
|
Defining the Allowed VLANs on a Trunk |
12-22 |
|||
Changing the Pruning-Eligible List |
12-23 |
|||
Configuring the Native VLAN for Untagged Traffic 12-24 |
||||
Configuring Trunk Ports for Load Sharing |
12-24 |
|||
Load Sharing Using STP Port Priorities |
12-25 |
|||
Load Sharing Using STP Path Cost |
12-27 |
|||
Configuring VMPS 12-28 |
|
|
|
|
Understanding VMPS 12-28 |
|
|
|
|
Dynamic-Access Port VLAN Membership |
12-29 |
|||
Default VMPS Client Configuration |
12-30 |
|
||
VMPS Configuration Guidelines |
12-30 |
|
|
|
Configuring the VMPS Client |
12-30 |
|
|
|
Entering the IP Address of the VMPS |
12-31 |
Configuring Dynamic-Access Ports on VMPS Clients 12-31 |
|
Reconfirming VLAN Memberships 12-32 |
|
Changing the Reconfirmation Interval |
12-32 |
Changing the Retry Count 12-32 |
|
|
|
Monitoring the VMPS |
12-33 |
|
|
|
|||
|
|
Troubleshooting Dynamic-Access Port VLAN Membership 12-33 |
|||||||
|
|
VMPS Configuration Example |
12-34 |
|
|
|
|||
|
|
Configuring VTP |
|
|
|
|
|
|
|
|
C H A P T E R 13 |
13-1 |
|
|
|
|
|
|
|
|
|
Understanding VTP |
13-1 |
|
|
|
|
|
|
|
|
The VTP Domain |
13-2 |
|
|
|
|
||
|
|
VTP Modes |
13-3 |
|
|
|
|
|
|
|
|
VTP Advertisements |
13-3 |
|
|
|
|
||
|
|
VTP Version 2 |
13-4 |
|
|
|
|
|
|
|
|
VTP Pruning |
13-4 |
|
|
|
|
|
|
|
|
VTP and Switch Stacks |
13-6 |
|
|
|
|||
|
|
Configuring VTP |
13-6 |
|
|
|
|
|
|
|
|
Default VTP Configuration 13-7 |
|||||||
|
|
VTP Configuration Options |
13-7 |
|
|
|
|||
|
|
VTP Configuration in Global Configuration Mode 13-7 |
|||||||
|
|
VTP Configuration in VLAN Database Configuration Mode 13-8 |
|||||||
|
|
VTP Configuration Guidelines |
13-8 |
|
|
|
|||
|
|
Domain Names |
13-8 |
|
|
|
|
||
|
|
Passwords |
13-8 |
|
|
|
|
|
|
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
|
|
|
||||
|
|
|
|
|
|||||
|
OL-12189-01 |
|
|
|
|
|
|
xiii |
|
|
|
|
|
|
|
|
|
Contents
|
|
|
|
|
VTP Version 13-9 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Configuration Requirements |
13-9 |
|
|
|
||||
|
|
|
|
|
Configuring a VTP Server |
13-9 |
|
|
|
|
|
||
|
|
|
|
|
Configuring a VTP Client |
13-11 |
|
|
|
|
|
||
|
|
|
|
|
Disabling VTP (VTP Transparent Mode) |
13-12 |
|
|
|||||
|
|
|
|
|
Enabling VTP Version 2 |
13-13 |
|
|
|
|
|
||
|
|
|
|
|
Enabling VTP Pruning 13-14 |
|
|
|
|
|
|
||
|
|
|
|
|
Adding a VTP Client Switch to a VTP Domain |
13-14 |
|
|
|||||
|
|
|
|
|
Monitoring VTP 13-16 |
|
|
|
|
|
|
|
|
|
|
Configuring Voice VLAN |
|
|
|
|
|
|
|
|
|||
C H A P T E R |
14 |
14-1 |
|
|
|
|
|
|
|
||||
|
|
|
|
|
Understanding Voice VLAN |
14-1 |
|
|
|
|
|
|
|
|
|
|
|
|
Cisco IP Phone Voice Traffic |
14-2 |
|
|
|
|
|
||
|
|
|
|
|
Cisco IP Phone Data Traffic |
14-2 |
|
|
|
|
|
||
|
|
|
|
|
Configuring Voice VLAN |
14-3 |
|
|
|
|
|
|
|
|
|
|
|
|
Default Voice VLAN Configuration |
14-3 |
|
|
|
||||
|
|
|
|
|
Voice VLAN Configuration Guidelines |
14-3 |
|
|
|
||||
|
|
|
|
|
Configuring a Port Connected to a Cisco 7960 IP Phone |
14-4 |
|
||||||
|
|
|
|
|
Configuring Cisco IP Phone Voice Traffic |
14-5 |
|
|
|||||
|
|
|
|
|
Configuring the Priority of Incoming Data Frames |
14-6 |
|
||||||
|
|
|
|
|
Displaying Voice VLAN |
14-7 |
|
|
|
|
|
|
|
|
|
Configuring Private VLANs |
|
|
|
|
|
|
|
||||
C H A P T E R |
15 |
15-1 |
|
|
|
|
|
|
|||||
|
|
|
|
|
Understanding Private VLANs |
15-1 |
|
|
|
|
|
||
|
|
|
|
|
IP Addressing Scheme with Private VLANs |
15-3 |
|
|
|||||
|
|
|
|
|
Private VLANs across Multiple Switches 15-4 |
|
|
||||||
|
|
|
|
|
Private-VLAN Interaction with Other Features |
15-4 |
|
|
|||||
|
|
|
|
|
Private VLANs and Unicast, Broadcast, and Multicast Traffic 15-5 |
||||||||
|
|
|
|
|
Private VLANs and SVIs |
15-5 |
|
|
|
|
|
||
|
|
|
|
|
Private VLANs and Switch Stacks |
15-5 |
|
|
|
||||
|
|
|
|
|
Configuring Private VLANs |
15-6 |
|
|
|
|
|
|
|
|
|
|
|
|
Tasks for Configuring Private VLANs |
15-6 |
|
|
|
||||
|
|
|
|
|
Default Private-VLAN Configuration |
15-6 |
|
|
|
||||
|
|
|
|
|
Private-VLAN Configuration Guidelines |
15-7 |
|
|
|||||
|
|
|
|
|
Secondary and Primary VLAN Configuration 15-7 |
|
|
||||||
|
|
|
|
|
Private-VLAN Port Configuration |
15-8 |
|
|
|
||||
|
|
|
|
|
Limitations with Other Features |
15-9 |
|
|
|
||||
|
|
|
|
|
Configuring and Associating VLANs in a Private VLAN |
15-10 |
|
||||||
|
|
|
|
|
Configuring a Layer 2 Interface as a Private-VLAN Host Port 15-11 |
||||||||
|
|
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
|||||||||
|
|
|
|
||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
xiv |
|
|
|
|
|
|
|
|
|
|
OL-12189-01 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
|
Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port |
15-13 |
|
|
Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface |
15-14 |
|
|
Monitoring Private VLANs 15-15 |
|
|
|
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling 16-1 |
|
|
C H A P T E R 16 |
|
||
|
Understanding IEEE 802.1Q Tunneling |
16-1 |
|
|
Configuring IEEE 802.1Q Tunneling |
16-4 |
|
|
|
Default IEEE 802.1Q Tunneling Configuration 16-4 |
||||||||
|
|
IEEE 802.1Q Tunneling Configuration Guidelines |
16-4 |
|
|
|
||||
|
|
Native VLANs |
16-4 |
|
|
|
|
|
|
|
|
|
System MTU |
16-5 |
|
|
|
|
|
|
|
|
|
IEEE 802.1Q Tunneling and Other Features |
16-6 |
|
|
|
|
|||
|
|
Configuring an IEEE 802.1Q Tunneling Port |
16-6 |
|
|
|
|
|||
|
|
Understanding Layer 2 Protocol Tunneling |
|
16-7 |
|
|
|
|
|
|
|
|
Configuring Layer 2 Protocol Tunneling |
16-10 |
|
|
|
|
|
||
|
|
Default Layer 2 Protocol Tunneling Configuration |
16-11 |
|
|
|
||||
|
|
Layer 2 Protocol Tunneling Configuration Guidelines 16-12 |
||||||||
|
|
Configuring Layer 2 Protocol Tunneling |
16-13 |
|
|
|
|
|||
|
|
Configuring Layer 2 Tunneling for EtherChannels |
16-14 |
|
|
|
||||
|
|
Configuring the SP Edge Switch |
|
16-14 |
|
|
|
|
|
|
|
|
Configuring the Customer Switch |
16-16 |
|
|
|
|
|||
|
|
Monitoring and Maintaining Tunneling Status |
16-18 |
|
|
|
|
|||
|
|
Configuring STP 17-1 |
|
|
|
|
|
|
|
|
|
C H A P T E R 17 |
|
|
|
|
|
|
|
|
|
|
|
Understanding Spanning-Tree Features |
17-1 |
|
|
|
|
|
||
|
|
STP Overview 17-2 |
|
|
|
|
|
|
|
|
|
|
Spanning-Tree Topology and BPDUs |
|
17-3 |
|
|
|
|
|
|
|
|
Bridge ID, Switch Priority, and Extended System ID |
17-4 |
|
|
|
||||
|
|
Spanning-Tree Interface States 17-5 |
|
|
|
|
|
|
||
|
|
Blocking State |
17-6 |
|
|
|
|
|
|
|
|
|
Listening State |
17-7 |
|
|
|
|
|
|
|
|
|
Learning State |
17-7 |
|
|
|
|
|
|
|
|
|
Forwarding State 17-7 |
|
|
|
|
|
|
|
|
|
|
Disabled State |
17-7 |
|
|
|
|
|
|
|
|
|
How a Switch or Port Becomes the Root Switch or Root Port 17-8 |
||||||||
|
|
Spanning Tree and Redundant Connectivity |
17-8 |
|
|
|
|
|||
|
|
Spanning-Tree Address Management |
17-9 |
|
|
|
|
|||
|
|
Accelerated Aging to Retain Connectivity |
17-9 |
|
|
|
|
|||
|
|
Spanning-Tree Modes and Protocols |
|
17-10 |
|
|
|
|
|
|
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
|
|
|
|||||
|
|
|
|
|
||||||
|
OL-12189-01 |
|
|
|
|
|
|
|
xv |
|
|
|
|
|
|
|
|
|
|
Contents
Supported Spanning-Tree Instances 17-10 |
|
Spanning-Tree Interoperability and Backward Compatibility 17-11 |
|
STP and IEEE 802.1Q Trunks |
17-11 |
VLAN-Bridge Spanning Tree |
17-11 |
|
|
|
|
|
Spanning Tree and Switch Stacks |
17-12 |
|
|
|
|||||
|
|
|
|
|
Configuring Spanning-Tree Features |
17-12 |
|
|
|
|||||
|
|
|
|
|
Default Spanning-Tree Configuration |
17-13 |
|
|
||||||
|
|
|
|
|
Spanning-Tree Configuration Guidelines |
17-13 |
|
|
||||||
|
|
|
|
|
Changing the Spanning-Tree Mode. |
17-15 |
|
|
||||||
|
|
|
|
|
Disabling Spanning Tree |
17-16 |
|
|
|
|
|
|||
|
|
|
|
|
Configuring the Root Switch |
17-16 |
|
|
|
|
||||
|
|
|
|
|
Configuring a Secondary Root Switch |
17-18 |
|
|
||||||
|
|
|
|
|
Configuring Port Priority |
17-18 |
|
|
|
|
|
|||
|
|
|
|
|
Configuring Path Cost 17-20 |
|
|
|
|
|
|
|||
|
|
|
|
|
Configuring the Switch Priority of a VLAN |
17-21 |
|
|
||||||
|
|
|
|
|
Configuring Spanning-Tree Timers |
17-22 |
|
|
||||||
|
|
|
|
|
Configuring the Hello Time |
17-22 |
|
|
|
|||||
|
|
|
|
|
Configuring the Forwarding-Delay Time for a VLAN |
17-23 |
|
|||||||
|
|
|
|
|
Configuring the Maximum-Aging Time for a VLAN |
17-23 |
|
|||||||
|
|
|
|
|
Configuring the Transmit Hold-Count |
17-24 |
|
|
||||||
|
|
|
|
|
Displaying the Spanning-Tree Status |
17-24 |
|
|
|
|||||
|
Configuring MSTP |
|
|
|
|
|
|
|
|
|
||||
C H A P T E R 18 |
18-1 |
|
|
|
|
|
|
|
|
|||||
|
|
|
|
|
Understanding MSTP |
18-2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Multiple Spanning-Tree Regions |
18-2 |
|
|
|
|||||
|
|
|
|
|
IST, CIST, and CST |
18-3 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Operations Within an MST Region |
18-3 |
|
|
||||||
|
|
|
|
|
Operations Between MST Regions |
18-4 |
|
|
||||||
|
|
|
|
|
IEEE 802.1s Terminology |
18-5 |
|
|
|
|
||||
|
|
|
|
|
Hop Count |
18-5 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Boundary Ports 18-6 |
|
|
|
|
|
|
|
||
|
|
|
|
|
IEEE 802.1s Implementation |
18-6 |
|
|
|
|
||||
|
|
|
|
|
Port Role Naming Change |
18-7 |
|
|
|
|
||||
|
|
|
|
|
Interoperation Between Legacy and Standard Switches 18-7 |
|||||||||
|
|
|
|
|
Detecting Unidirectional Link Failure |
18-8 |
|
|
||||||
|
|
|
|
|
MSTP and Switch Stacks |
18-8 |
|
|
|
|
|
|||
|
|
|
|
|
Interoperability with IEEE 802.1D STP |
18-9 |
|
|
||||||
|
|
|
|
|
Understanding RSTP |
18-9 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Port Roles and the Active Topology |
18-9 |
|
|
|
|||||
|
|
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
||||||||||
|
|
|
|
|||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
xvi |
|
|
|
|
|
|
|
|
|
|
|
OL-12189-01 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
|
|
Rapid Convergence |
18-10 |
|
|
|
|
|
|
|
|
|
|
|
|
Synchronization of Port Roles |
|
18-11 |
|
|
|
|
|
|
|||
|
|
Bridge Protocol Data Unit Format and Processing |
18-12 |
|
|
|
|||||||
|
|
Processing Superior BPDU Information |
18-13 |
|
|
|
|||||||
|
|
Processing Inferior BPDU Information |
18-13 |
|
|
|
|||||||
|
|
Topology Changes |
18-13 |
|
|
|
|
|
|
|
|
|
|
|
|
Configuring MSTP Features |
18-14 |
|
|
|
|
|
|
|
|||
|
|
Default MSTP Configuration |
|
18-15 |
|
|
|
|
|
|
|||
|
|
MSTP Configuration Guidelines |
18-15 |
|
|
|
|
|
|
||||
|
|
Specifying the MST Region Configuration and Enabling MSTP 18-16 |
|||||||||||
|
|
Configuring the Root Switch |
|
18-17 |
|
|
|
|
|
|
|||
|
|
Configuring a Secondary Root Switch |
18-19 |
|
|
|
|
||||||
|
|
Configuring Port Priority |
18-20 |
|
|
|
|
|
|
||||
|
|
Configuring Path Cost |
18-21 |
|
|
|
|
|
|
|
|
||
|
|
Configuring the Switch Priority |
18-22 |
|
|
|
|
|
|
||||
|
|
Configuring the Hello Time |
|
18-22 |
|
|
|
|
|
|
|||
|
|
Configuring the Forwarding-Delay Time |
18-23 |
|
|
|
|
||||||
|
|
Configuring the Maximum-Aging Time |
18-24 |
|
|
|
|
||||||
|
|
Configuring the Maximum-Hop Count |
18-24 |
|
|
|
|
||||||
|
|
Specifying the Link Type to Ensure Rapid Transitions 18-24 |
|||||||||||
|
|
Designating the Neighbor Type |
18-25 |
|
|
|
|
|
|
||||
|
|
Restarting the Protocol Migration Process |
18-26 |
|
|
|
|||||||
|
|
Displaying the MST Configuration and Status |
18-26 |
|
|
|
|
||||||
|
|
Configuring Optional Spanning-Tree Features |
|
|
|
|
|
||||||
|
C H A P T E R 19 |
19-1 |
|
|
|
|
|||||||
|
|
Understanding Optional Spanning-Tree Features |
19-1 |
|
|
|
|||||||
|
|
Understanding Port Fast |
19-2 |
|
|
|
|
|
|
|
|||
|
|
Understanding BPDU Guard |
|
19-2 |
|
|
|
|
|
|
|||
|
|
Understanding BPDU Filtering |
|
19-3 |
|
|
|
|
|
|
|||
|
|
Understanding UplinkFast |
19-3 |
|
|
|
|
|
|
||||
|
|
Understanding Cross-Stack UplinkFast |
19-5 |
|
|
|
|
||||||
|
|
How CSUF Works |
19-6 |
|
|
|
|
|
|
|
|
||
|
|
Events that Cause Fast Convergence |
19-7 |
|
|
|
|
||||||
|
|
Understanding BackboneFast |
|
19-7 |
|
|
|
|
|
|
|||
|
|
Understanding EtherChannel Guard 19-10 |
|
|
|
|
|
||||||
|
|
Understanding Root Guard |
19-10 |
|
|
|
|
|
|
||||
|
|
Understanding Loop Guard |
|
19-11 |
|
|
|
|
|
|
|||
|
|
Configuring Optional Spanning-Tree Features |
19-11 |
|
|
|
|
||||||
|
|
Default Optional Spanning-Tree Configuration |
19-12 |
|
|
|
|||||||
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
|
|
|
||||||||
|
|
|
|
|
|||||||||
|
OL-12189-01 |
|
|
|
|
|
|
|
|
|
|
xvii |
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
Optional Spanning-Tree Configuration Guidelines |
19-12 |
|||
Enabling Port Fast |
19-12 |
|
|
|
Enabling BPDU Guard |
19-13 |
|
|
|
Enabling BPDU Filtering |
19-14 |
|
|
|
Enabling UplinkFast for Use with Redundant Links |
19-15 |
|||
Enabling Cross-Stack UplinkFast |
19-16 |
|
||
Enabling BackboneFast |
19-16 |
|
|
|
Enabling EtherChannel Guard |
19-17 |
|
||
Enabling Root Guard |
19-18 |
|
|
|
Enabling Loop Guard |
|
19-18 |
|
|
|
|
|
|
|
Displaying the Spanning-Tree Status |
19-19 |
|
|
|
|
|
|||||
|
|
Configuring Flex Links and the MAC Address-Table Move Update Feature |
|
|
||||||||||||
C H A P T E R |
20 |
20-1 |
|
|||||||||||||
|
|
|
|
|
Understanding Flex Links and the MAC Address-Table Move Update 20-1 |
|
|
|||||||||
|
|
|
|
|
Flex Links |
20-1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
VLAN Flex Link Load Balancing and Support |
20-2 |
|
|
|
|||||||
|
|
|
|
|
MAC Address-Table Move Update |
20-3 |
|
|
|
|
|
|||||
|
|
|
|
|
Configuring Flex Links and MAC Address-Table Move Update |
20-4 |
|
|
||||||||
|
|
|
|
|
Configuration Guidelines |
20-5 |
|
|
|
|
|
|
||||
|
|
|
|
|
Default Configuration |
20-5 |
|
|
|
|
|
|
|
|||
|
|
|
|
|
Configuring Flex Links |
20-6 |
|
|
|
|
|
|
|
|||
|
|
|
|
|
Configuring VLAN Load Balancing on Flex Links |
20-8 |
|
|
|
|||||||
|
|
|
|
|
Configuring the MAC Address-Table Move Update Feature |
20-9 |
|
|
||||||||
|
|
|
|
|
Monitoring Flex Links and the MAC Address-Table Move Update Information |
20-11 |
|
|||||||||
|
|
Configuring DHCP Features and IP Source Guard |
|
|
|
|
||||||||||
C H A P T E R |
21 |
21-1 |
|
|
|
|||||||||||
|
|
|
|
|
Understanding DHCP Features |
21-1 |
|
|
|
|
|
|
||||
|
|
|
|
|
DHCP Server |
21-2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
DHCP Relay Agent |
21-2 |
|
|
|
|
|
|
|
|
||
|
|
|
|
|
DHCP Snooping |
21-2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Option-82 Data Insertion |
|
21-3 |
|
|
|
|
|
|
|||
|
|
|
|
|
Cisco IOS DHCP Server Database |
21-6 |
|
|
|
|
|
|||||
|
|
|
|
|
DHCP Snooping Binding Database |
21-6 |
|
|
|
|
|
|||||
|
|
|
|
|
DHCP Snooping and Switch Stacks |
21-8 |
|
|
|
|
|
|||||
|
|
|
|
|
Configuring DHCP Features |
|
21-8 |
|
|
|
|
|
|
|
||
|
|
|
|
|
Default DHCP Configuration |
21-8 |
|
|
|
|
|
|
||||
|
|
|
|
|
DHCP Snooping Configuration Guidelines |
21-9 |
|
|
|
|
||||||
|
|
|
|
|
Configuring the DHCP Server |
21-10 |
|
|
|
|
|
|||||
|
|
|
|
|
DHCP Server and Switch Stacks |
21-10 |
|
|
|
|
|
|||||
|
|
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
|
|
||||||||||
|
|
|
|
|
|
|||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
xviii |
|
|
|
|
|
|
|
|
|
|
|
|
|
OL-12189-01 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
|
|
Configuring the DHCP Relay Agent |
21-11 |
|
|
|
|
||||
|
|
Specifying the Packet Forwarding Address |
21-11 |
|
|
||||||
|
|
Enabling DHCP Snooping and Option 82 |
21-12 |
|
|
|
|||||
|
|
Enabling DHCP Snooping on Private VLANs |
21-14 |
|
|
||||||
|
|
Enabling the Cisco IOS DHCP Server Database |
21-14 |
|
|||||||
|
|
Enabling the DHCP Snooping Binding Database Agent |
21-14 |
||||||||
|
|
Displaying DHCP Snooping Information |
21-15 |
|
|
|
|
||||
|
|
Understanding IP Source Guard |
|
21-16 |
|
|
|
|
|
|
|
|
|
Source IP Address Filtering |
|
21-16 |
|
|
|
|
|
|
|
|
|
Source IP and MAC Address Filtering |
21-17 |
|
|
|
|||||
|
|
Configuring IP Source Guard 21-17 |
|
|
|
|
|
|
|||
|
|
Default IP Source Guard Configuration |
21-17 |
|
|
|
|||||
|
|
IP Source Guard Configuration Guidelines |
21-17 |
|
|
|
|||||
|
|
Enabling IP Source Guard |
21-18 |
|
|
|
|
|
|
||
|
|
Displaying IP Source Guard Information |
21-19 |
|
|
|
|
||||
|
|
Configuring Dynamic ARP Inspection |
|
|
|
|
|
|
|||
C H A P T E R |
22 |
22-1 |
|
|
|
|
|
||||
|
|
Understanding Dynamic ARP Inspection |
22-1 |
|
|
|
|
||||
|
|
Interface Trust States and Network Security |
22-3 |
|
|
||||||
|
|
Rate Limiting of ARP Packets |
22-4 |
|
|
|
|
|
|||
|
|
Relative Priority of ARP ACLs and DHCP Snooping Entries |
22-4 |
||||||||
|
|
Logging of Dropped Packets |
|
22-5 |
|
|
|
|
|
|
|
|
|
Configuring Dynamic ARP Inspection |
22-5 |
|
|
|
|
|
|||
|
|
Default Dynamic ARP Inspection Configuration |
22-5 |
|
|
||||||
|
|
Dynamic ARP Inspection Configuration Guidelines 22-6 |
|
||||||||
|
|
Configuring Dynamic ARP Inspection in DHCP Environments |
22-7 |
||||||||
|
|
Configuring ARP ACLs for Non-DHCP Environments |
22-8 |
|
|||||||
|
|
Limiting the Rate of Incoming ARP Packets |
22-10 |
|
|
||||||
|
|
Performing Validation Checks |
22-11 |
|
|
|
|
|
|||
|
|
Configuring the Log Buffer |
|
22-12 |
|
|
|
|
|
|
|
|
|
Displaying Dynamic ARP Inspection Information |
22-14 |
|
|
||||||
|
|
Configuring IGMP Snooping and MVR |
|
|
|
|
|
|
|||
C H A P T E R |
23 |
23-1 |
|
|
|
|
|
||||
|
|
Understanding IGMP Snooping |
23-2 |
|
|
|
|
|
|
||
|
|
IGMP Versions |
23-3 |
|
|
|
|
|
|
|
|
|
|
Joining a Multicast Group |
23-3 |
|
|
|
|
|
|
||
|
|
Leaving a Multicast Group |
|
23-5 |
|
|
|
|
|
|
|
|
|
Immediate Leave |
23-6 |
|
|
|
|
|
|
|
|
|
IGMP Configurable-Leave Timer |
23-6 |
|
|
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
|
|
|
|
|
|
|
|
||
|
OL-12189-01 |
|
|
xix |
|
|
|
|
|
Contents
|
|
|
|
|
IGMP Report Suppression |
|
23-6 |
|
|
|
|
|
|
|
|
|
|
|
|
IGMP Snooping and Switch Stacks |
|
23-7 |
|
|
|
||||
|
|
|
|
|
Configuring IGMP Snooping |
23-7 |
|
|
|
|
|
|
||
|
|
|
|
|
Default IGMP Snooping Configuration |
23-7 |
|
|
|
|||||
|
|
|
|
|
Enabling or Disabling IGMP Snooping |
23-8 |
|
|
|
|||||
|
|
|
|
|
Setting the Snooping Method 23-9 |
|
|
|
|
|
||||
|
|
|
|
|
Configuring a Multicast Router Port |
|
23-10 |
|
|
|
||||
|
|
|
|
|
Configuring a Blade Server Statically to Join a Group |
23-10 |
|
|||||||
|
|
|
|
|
Enabling IGMP Immediate Leave |
23-11 |
|
|
|
|||||
|
|
|
|
|
Configuring the IGMP Leave Timer |
|
23-12 |
|
|
|
||||
|
|
|
|
|
Configuring TCN-Related Commands |
|
23-12 |
|
|
|
||||
|
|
|
|
|
Controlling the Multicast Flooding Time After a TCN Event 23-13 |
|||||||||
|
|
|
|
|
Recovering from Flood Mode |
23-13 |
|
|
|
|||||
|
|
|
|
|
Disabling Multicast Flooding During a TCN Event |
23-14 |
|
|||||||
|
|
|
|
|
Configuring the IGMP Snooping Querier |
23-14 |
|
|
|
|||||
|
|
|
|
|
Disabling IGMP Report Suppression |
23-16 |
|
|
|
|||||
|
|
|
|
|
Displaying IGMP Snooping Information |
|
23-16 |
|
|
|
||||
|
|
|
|
|
Understanding Multicast VLAN Registration |
23-18 |
|
|
|
|||||
|
|
|
|
|
Using MVR in a Multicast Television Application |
23-18 |
|
|||||||
|
|
|
|
|
Configuring MVR |
23-20 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Default MVR Configuration |
23-20 |
|
|
|
|
|
|
||
|
|
|
|
|
MVR Configuration Guidelines and Limitations |
23-20 |
|
|
||||||
|
|
|
|
|
Configuring MVR Global Parameters |
23-21 |
|
|
|
|||||
|
|
|
|
|
Configuring MVR Interfaces |
23-22 |
|
|
|
|
|
|
||
|
|
|
|
|
Displaying MVR Information |
23-24 |
|
|
|
|
|
|
||
|
|
|
|
|
Configuring IGMP Filtering and Throttling |
|
23-24 |
|
|
|
||||
|
|
|
|
|
Default IGMP Filtering and Throttling Configuration |
23-25 |
|
|||||||
|
|
|
|
|
Configuring IGMP Profiles |
|
23-25 |
|
|
|
|
|
|
|
|
|
|
|
|
Applying IGMP Profiles |
23-27 |
|
|
|
|
|
|
||
|
|
|
|
|
Setting the Maximum Number of IGMP Groups |
23-27 |
|
|||||||
|
|
|
|
|
Configuring the IGMP Throttling Action |
23-28 |
|
|
|
|||||
|
|
|
|
|
Displaying IGMP Filtering and Throttling Configuration 23-29 |
|||||||||
|
Configuring IPv6 MLD Snooping |
|
|
|
|
|
|
|
||||||
C H A P T E R 24 |
24-1 |
|
|
|
|
|
|
|||||||
|
|
|
|
|
Understanding MLD Snooping |
|
24-1 |
|
|
|
|
|
|
|
|
|
|
|
|
MLD Messages 24-2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
MLD Queries |
24-3 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Multicast Client Aging Robustness |
|
24-3 |
|
|
|
||||
|
|
|
|
|
Multicast Router Discovery |
24-4 |
|
|
|
|
|
|
||
|
|
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
||||||||||
|
|
|
|
|||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
xx |
|
|
|
|
|
|
|
|
|
|
|
OL-12189-01 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
MLD Reports 24-4 |
|
MLD Done Messages and Immediate-Leave |
24-4 |
Topology Change Notification Processing |
24-5 |
MLD Snooping in Switch Stacks 24-5 |
|
Configuring IPv6 MLD Snooping 24-5 |
|
Default MLD Snooping Configuration |
24-6 |
MLD Snooping Configuration Guidelines 24-6 |
|
Enabling or Disabling MLD Snooping |
24-7 |
Configuring a Static Multicast Group |
24-8 |
Configuring a Multicast Router Port |
24-9 |
Enabling MLD Immediate Leave 24-9 |
|
Configuring MLD Snooping Queries |
24-10 |
|
||||
|
Disabling MLD Listener Message Suppression |
24-11 |
|||||
|
Displaying MLD Snooping Information |
|
24-12 |
|
|||
|
Configuring Port-Based Traffic Control |
|
|
|
|
||
C H A P T E R 25 |
|
25-1 |
|
|
|||
|
Configuring Storm Control |
25-1 |
|
|
|
|
|
|
Understanding Storm Control |
25-1 |
|
|
|
||
|
Default Storm Control Configuration |
25-3 |
|
||||
|
Configuring Storm Control and Threshold Levels |
25-3 |
|||||
|
Configuring Protected Ports |
25-5 |
|
|
|
|
|
|
Default Protected Port Configuration |
25-5 |
|
||||
|
Protected Port Configuration Guidelines |
25-6 |
|
||||
|
Configuring a Protected Port |
25-6 |
|
|
|
||
|
Configuring Port Blocking |
25-6 |
|
|
|
|
|
|
Default Port Blocking Configuration |
25-7 |
|
||||
|
Blocking Flooded Traffic on an Interface |
25-7 |
|
||||
|
Configuring Port Security |
25-7 |
|
|
|
|
|
|
Understanding Port Security |
25-8 |
|
|
|
|
|
|
Secure MAC Addresses |
25-8 |
|
|
|
||
|
Security Violations |
25-9 |
|
|
|
|
|
|
Default Port Security Configuration |
|
25-10 |
|
|||
|
Port Security Configuration Guidelines |
25-10 |
|
||||
|
Enabling and Configuring Port Security |
25-12 |
|
||||
|
Enabling and Configuring Port Security Aging |
25-16 |
|||||
|
Port Security and Switch Stacks |
25-17 |
|
|
|||
|
Port Security and Private VLANs |
25-17 |
|
|
|
Displaying Port-Based Traffic Control Settings |
25-18 |
|
|
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
|
|
|
|
|
|
|
|
||
|
OL-12189-01 |
|
|
xxi |
|
|
|
|
|
Contents
C H A P T E R |
26 |
Configuring CDP |
26-1 |
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
Understanding CDP |
26-1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
CDP and Switch Stacks |
26-2 |
|
|
|
|
|
||||
|
|
|
|
|
Configuring CDP |
26-2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Default CDP Configuration |
|
26-2 |
|
|
|
|
|
|||
|
|
|
|
|
Configuring the CDP Characteristics |
26-2 |
|
|
|||||||
|
|
|
|
|
Disabling and Enabling CDP |
26-3 |
|
|
|
|
|||||
|
|
|
|
|
Disabling and Enabling CDP on an Interface |
26-4 |
|
||||||||
|
|
|
|
|
Monitoring and Maintaining CDP |
26-5 |
|
|
|
|
|||||
|
|
Configuring LLDP and LLDP-MED |
|
|
|
|
|
||||||||
C H A P T E R |
27 |
27-1 |
|
|
|
|
|||||||||
|
|
|
|
|
Understanding LLDP and LLDP-MED |
27-1 |
|
|
|
|
|||||
|
|
|
|
|
Understanding LLDP |
27-1 |
|
|
|
|
|
|
|||
|
|
|
|
|
Understanding LLDP-MED |
|
27-2 |
|
|
|
|
|
|||
|
|
|
|
|
Configuring LLDP and LLDP-MED |
27-3 |
|
|
|
|
|||||
|
|
|
|
|
Default LLDP Configuration |
27-3 |
|
|
|
|
|||||
|
|
|
|
|
Configuring LLDP Characteristics |
27-4 |
|
|
|
||||||
|
|
|
|
|
Disabling and Enabling LLDP Globally |
27-4 |
|
|
|||||||
|
|
|
|
|
Disabling and Enabling LLDP on an Interface |
27-5 |
|
||||||||
|
|
|
|
|
Configuring LLDP-MED TLVs |
27-6 |
|
|
|
|
|||||
|
|
|
|
|
Monitoring and Maintaining LLDP and LLDP-MED |
27-7 |
|
||||||||
|
|
Configuring UDLD |
|
|
|
|
|
|
|
|
|
||||
C H A P T E R |
28 |
28-1 |
|
|
|
|
|
|
|
|
|||||
|
|
|
|
|
Understanding UDLD |
28-1 |
|
|
|
|
|
|
|
||
|
|
|
|
|
Modes of Operation |
28-1 |
|
|
|
|
|
|
|||
|
|
|
|
|
Methods to Detect Unidirectional Links |
28-2 |
|
|
|||||||
|
|
|
|
|
Configuring UDLD |
28-3 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Default UDLD Configuration |
28-4 |
|
|
|
|
|||||
|
|
|
|
|
Configuration Guidelines |
28-4 |
|
|
|
|
|
||||
|
|
|
|
|
Enabling UDLD Globally |
28-5 |
|
|
|
|
|
||||
|
|
|
|
|
Enabling UDLD on an Interface |
28-6 |
|
|
|
|
|||||
|
|
|
|
|
Resetting an Interface Disabled by UDLD |
28-6 |
|
||||||||
|
|
|
|
|
Displaying UDLD Status |
28-7 |
|
|
|
|
|
|
|
||
|
|
Configuring SPAN and RSPAN |
|
|
|
|
|
|
|||||||
C H A P T E R |
29 |
29-1 |
|
|
|
|
|
||||||||
|
|
|
|
|
Understanding SPAN and RSPAN |
29-1 |
|
|
|
|
|||||
|
|
|
|
|
Local SPAN |
29-2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Remote SPAN |
29-3 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
|||||||||||
|
|
|
|
||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
xxii |
|
|
|
|
|
|
|
|
|
|
|
|
OL-12189-01 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
SPAN and RSPAN Concepts and Terminology 29-4 |
|
SPAN Sessions |
29-4 |
Monitored Traffic 29-5 |
|
Source Ports 29-6 |
|
Source VLANs |
29-7 |
VLAN Filtering |
29-7 |
Destination Port |
29-8 |
RSPAN VLAN |
29-9 |
|
|
|
SPAN and RSPAN Interaction with Other Features |
29-9 |
|
|
|
||||||||
|
|
|
SPAN and RSPAN and Switch Stacks |
|
29-10 |
|
|
|
|
|
|||||
|
|
|
Configuring SPAN and RSPAN |
29-10 |
|
|
|
|
|
|
|
|
|||
|
|
|
Default SPAN and RSPAN Configuration |
29-11 |
|
|
|
|
|||||||
|
|
|
Configuring Local SPAN |
29-11 |
|
|
|
|
|
|
|
|
|
||
|
|
|
SPAN Configuration Guidelines |
29-11 |
|
|
|
|
|
||||||
|
|
|
Creating a Local SPAN Session |
29-12 |
|
|
|
|
|
||||||
|
|
|
Creating a Local SPAN Session and Configuring Incoming Traffic 29-14 |
||||||||||||
|
|
|
Specifying VLANs to Filter |
|
29-15 |
|
|
|
|
|
|
|
|||
|
|
|
Configuring RSPAN |
29-16 |
|
|
|
|
|
|
|
|
|
||
|
|
|
RSPAN Configuration Guidelines |
|
29-16 |
|
|
|
|
|
|||||
|
|
|
Configuring a VLAN as an RSPAN VLAN |
29-17 |
|
|
|
|
|||||||
|
|
|
Creating an RSPAN Source Session |
29-18 |
|
|
|
|
|||||||
|
|
|
Specifying VLANs to Filter |
|
29-19 |
|
|
|
|
|
|
|
|||
|
|
|
Creating an RSPAN Destination Session |
29-20 |
|
|
|
|
|||||||
|
|
|
Creating an RSPAN Destination Session and Configuring Incoming Traffic 29-21 |
||||||||||||
|
|
|
Displaying SPAN and RSPAN Status |
|
29-23 |
|
|
|
|
|
|
||||
|
|
|
Configuring RMON |
|
|
|
|
|
|
|
|
|
|
|
|
|
C H A P T E R |
30 |
30-1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Understanding RMON |
30-1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Configuring RMON |
30-2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Default RMON Configuration |
30-3 |
|
|
|
|
|
|
|
||||
|
|
|
Configuring RMON Alarms and Events |
|
30-3 |
|
|
|
|
|
|||||
|
|
|
Collecting Group History Statistics on an Interface |
30-5 |
|
|
|
||||||||
|
|
|
Collecting Group Ethernet Statistics on an Interface |
30-5 |
|
|
|
||||||||
|
|
|
Displaying RMON Status |
30-6 |
|
|
|
|
|
|
|
|
|
||
|
|
|
Configuring System Message Logging |
|
|
|
|
|
|
|
|||||
|
C H A P T E R |
31 |
31-1 |
|
|
|
|
|
|
||||||
|
|
|
Understanding System Message Logging |
31-1 |
|
|
|
|
|
||||||
|
|
|
Configuring System Message Logging |
31-2 |
|
|
|
|
|
|
|||||
|
|
|
System Log Message Format |
31-2 |
|
|
|
|
|
|
|
||||
|
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
|
|
|
|||||||||
|
|
|
|
|
|
||||||||||
|
OL-12189-01 |
|
|
|
|
|
|
|
|
|
|
|
xxiii |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
|
|
|
|
|
Default System Message Logging Configuration 31-4 |
||||||||
|
|
|
|
|
Disabling Message Logging |
31-4 |
|
|
|
|
|||
|
|
|
|
|
Setting the Message Display Destination Device |
31-5 |
|
||||||
|
|
|
|
|
Synchronizing Log Messages |
31-6 |
|
|
|
|
|||
|
|
|
|
|
Enabling and Disabling Time Stamps on Log Messages 31-8 |
||||||||
|
|
|
|
|
Enabling and Disabling Sequence Numbers in Log Messages 31-8 |
||||||||
|
|
|
|
|
Defining the Message Severity Level |
31-9 |
|
|
|
||||
|
|
|
|
|
Limiting Syslog Messages Sent to the History Table and to SNMP 31-10 |
||||||||
|
|
|
|
|
Enabling the Configuration-Change Logger |
31-11 |
|
|
|||||
|
|
|
|
|
Configuring UNIX Syslog Servers |
31-12 |
|
|
|
||||
|
|
|
|
|
Logging Messages to a UNIX Syslog Daemon |
31-12 |
|
||||||
|
|
|
|
|
Configuring the UNIX System Logging Facility |
31-13 |
|
||||||
|
|
|
|
|
Displaying the Logging Configuration |
31-14 |
|
|
|
||||
|
|
Configuring SNMP 32-1 |
|
|
|
|
|
|
|
||||
C H A P T E R |
32 |
|
|
|
|
|
|
|
|||||
|
|
|
|
|
Understanding SNMP |
32-1 |
|
|
|
|
|
|
|
|
|
|
|
|
SNMP Versions |
32-2 |
|
|
|
|
|
|
|
|
|
|
|
|
SNMP Manager Functions |
32-3 |
|
|
|
|
|
||
|
|
|
|
|
SNMP Agent Functions 32-4 |
|
|
|
|
|
|||
|
|
|
|
|
SNMP Community Strings |
32-4 |
|
|
|
|
|
||
|
|
|
|
|
Using SNMP to Access MIB Variables |
32-4 |
|
|
|
||||
|
|
|
|
|
SNMP Notifications |
32-5 |
|
|
|
|
|
|
|
|
|
|
|
|
SNMP ifIndex MIB Object Values |
32-5 |
|
|
|
||||
|
|
|
|
|
Configuring SNMP |
32-6 |
|
|
|
|
|
|
|
|
|
|
|
|
Default SNMP Configuration |
32-6 |
|
|
|
|
|||
|
|
|
|
|
SNMP Configuration Guidelines |
32-6 |
|
|
|
|
|||
|
|
|
|
|
Disabling the SNMP Agent |
32-7 |
|
|
|
|
|
||
|
|
|
|
|
Configuring Community Strings |
32-8 |
|
|
|
|
|||
|
|
|
|
|
Configuring SNMP Groups and Users |
32-9 |
|
|
|
||||
|
|
|
|
|
Configuring SNMP Notifications |
32-11 |
|
|
|
||||
|
|
|
|
|
Setting the Agent Contact and Location Information |
32-15 |
|
||||||
|
|
|
|
|
Limiting TFTP Servers Used Through SNMP |
32-15 |
|
|
|||||
|
|
|
|
|
SNMP Examples |
32-16 |
|
|
|
|
|
|
|
|
|
|
|
|
Displaying SNMP Status |
32-17 |
|
|
|
|
|
|
|
|
|
Configuring Network Security with ACLs |
|
|
|
|
|||||||
C H A P T E R |
34 |
34-1 |
|
|
|
||||||||
|
|
|
|
|
Understanding ACLs |
34-1 |
|
|
|
|
|
|
|
|
|
|
|
|
Supported ACLs |
34-2 |
|
|
|
|
|
|
|
|
|
|
|
|
Port ACLs |
34-3 |
|
|
|
|
|
|
|
|
|
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
|||||||||
|
|
|
|
||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
xxiv |
|
|
|
|
|
|
|
|
|
|
OL-12189-01 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
|
Router ACLs |
34-4 |
|
|
|
|
|
|
|
|
|
|
VLAN Maps |
34-5 |
|
|
|
|
|
|
|
|
|
|
Handling Fragmented and Unfragmented Traffic |
34-5 |
|
|
|
||||||
|
ACLs and Switch Stacks |
34-6 |
|
|
|
|
|
|
|
||
|
Configuring IPv4 ACLs |
34-7 |
|
|
|
|
|
|
|
|
|
|
Creating Standard and Extended IPv4 ACLs |
34-7 |
|
|
|
|
|||||
|
Access List Numbers |
34-8 |
|
|
|
|
|
|
|
||
|
ACL Logging |
34-9 |
|
|
|
|
|
|
|
|
|
|
Creating a Numbered Standard ACL |
34-10 |
|
|
|
|
|||||
|
Creating a Numbered Extended ACL |
34-11 |
|
|
|
|
|||||
|
Resequencing ACEs in an ACL |
34-15 |
|
|
|
|
|
||||
|
Creating Named Standard and Extended ACLs |
34-15 |
|
|
|
||||||
|
Using Time Ranges with ACLs |
34-17 |
|
|
|
|
|
||||
|
Including Comments in ACLs |
34-19 |
|
|
|
|
|
||||
|
Applying an IPv4 ACL to a Terminal Line |
34-19 |
|
|
|
|
|||||
|
Applying an IPv4 ACL to an Interface |
34-20 |
|
|
|
|
|||||
|
Hardware and Software Treatment of IP ACLs 34-22 |
||||||||||
|
IPv4 ACL Configuration Examples |
34-22 |
|
|
|
|
|
||||
|
Numbered ACLs |
34-24 |
|
|
|
|
|
|
|
||
|
Extended ACLs |
|
34-24 |
|
|
|
|
|
|
|
|
|
Named ACLs |
34-25 |
|
|
|
|
|
|
|
|
|
|
Time Range Applied to an IP ACL |
34-25 |
|
|
|
|
|||||
|
Commented IP ACL Entries |
34-25 |
|
|
|
|
|
||||
|
ACL Logging |
34-26 |
|
|
|
|
|
|
|
|
|
|
Creating Named MAC Extended ACLs |
34-27 |
|
|
|
|
|
||||
|
Applying a MAC ACL to a Layer 2 Interface |
34-28 |
|
|
|
|
|||||
|
Configuring VLAN Maps |
|
34-29 |
|
|
|
|
|
|
|
|
|
VLAN Map Configuration Guidelines |
34-30 |
|
|
|
|
|||||
|
Creating a VLAN Map |
34-31 |
|
|
|
|
|
|
|
||
|
Examples of ACLs and VLAN Maps 34-32 |
|
|
|
|
||||||
|
Applying a VLAN Map to a VLAN |
34-34 |
|
|
|
|
|
||||
|
Using VLAN Maps in Your Network |
34-34 |
|
|
|
|
|||||
|
Denying Access to a Server on Another VLAN |
34-34 |
|
|
|
||||||
|
Using VLAN Maps with Router ACLs |
34-35 |
|
|
|
|
|
||||
|
VLAN Maps and Router ACL Configuration Guidelines 34-35 |
||||||||||
|
Examples of Router ACLs and VLAN Maps Applied to VLANs 34-36 |
||||||||||
|
ACLs and Switched Packets |
34-36 |
|
|
|
|
|
||||
|
ACLs and Bridged Packets |
34-37 |
|
|
|
|
|
||||
|
ACLs and Routed Packets 34-38 |
|
|
|
|
|
|||||
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
|
|
|
|||||||
|
|
|
|
||||||||
|
OL-12189-01 |
|
|
|
|
|
|
|
|
xxv |
|
|
|
|
|
|
|
|
|
|
|
Contents
|
|
ACLs and Multicast Packets |
34-38 |
|
|
|||||
|
|
Displaying IPv4 ACL Configuration |
34-39 |
|
|
|
||||
|
|
Configuring IPv6 ACLs |
|
|
|
|
|
|
|
|
C H A P T E R |
35 |
35-1 |
|
|
|
|
|
|
||
|
|
Supported IPv6 ACLs |
35-2 |
|
|
|
|
|
|
|
|
|
Understanding IPv6 ACLs |
35-2 |
|
|
|
|
|
||
|
|
Supported ACL Features |
35-2 |
|
|
|
|
|
||
|
|
IPv6 ACL Limitations |
35-3 |
|
|
|
|
|
||
|
|
IPv6 ACLs and Switch Stacks |
35-4 |
|
|
|
||||
|
|
Configuring IPv6 ACLs |
35-4 |
|
|
|
|
|
|
|
|
|
Default IPv6 ACL Configuration |
|
35-5 |
|
|
|
|||
|
|
Interaction with Other Features and Switches 35-5 |
||||||||
|
|
Creating IPv6 ACLs |
35-5 |
|
|
|
|
|
|
|
|
|
Applying an IPv6 ACL to an Interface |
35-8 |
|
||||||
|
|
Displaying IPv6 ACLs |
35-9 |
|
|
|
|
|
|
|
|
|
Configuring QoS 36-1 |
|
|
|
|
|
|
|
|
C H A P T E R |
36 |
|
|
|
|
|
|
|
|
|
|
|
Understanding QoS |
36-2 |
|
|
|
|
|
|
|
|
|
Basic QoS Model |
36-3 |
|
|
|
|
|
|
|
|
|
Classification 36-5 |
|
|
|
|
|
|
|
|
|
|
Classification Based on QoS ACLs |
36-7 |
|
||||||
|
|
Classification Based on Class Maps and Policy Maps 36-7 |
||||||||
|
|
Policing and Marking |
36-8 |
|
|
|
|
|
||
|
|
Policing on Physical Ports |
|
36-9 |
|
|
|
|||
|
|
Policing on SVIs |
36-10 |
|
|
|
|
|
||
|
|
Mapping Tables |
36-12 |
|
|
|
|
|
|
|
|
|
Queueing and Scheduling Overview |
36-13 |
|
||||||
|
|
Weighted Tail Drop |
36-13 |
|
|
|
|
|
||
|
|
SRR Shaping and Sharing |
|
36-14 |
|
|
|
|||
|
|
Queueing and Scheduling on Ingress Queues |
36-15 |
|||||||
|
|
Queueing and Scheduling on Egress Queues |
36-17 |
|||||||
|
|
Packet Modification |
36-19 |
|
|
|
|
|
||
|
|
Configuring Auto-QoS |
36-20 |
|
|
|
|
|
|
|
|
|
Generated Auto-QoS Configuration |
36-21 |
|
||||||
|
|
Effects of Auto-QoS on the Configuration |
36-25 |
|
||||||
|
|
Auto-QoS Configuration Guidelines |
36-25 |
|
||||||
|
|
Enabling Auto-QoS for VoIP 36-26 |
|
|
|
|||||
|
|
Auto-QoS Configuration Example |
36-27 |
|
|
|
|
|
|
Displaying Auto-QoS Information |
36-29 |
|
|
|
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
||
|
|
|
|
|||
|
|
|
|
|
|
|
|
xxvi |
|
|
|
OL-12189-01 |
|
|
|
|
|
|
Contents
|
Configuring Standard QoS 36-29 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Default Standard QoS Configuration |
36-30 |
|
|
|
|
|
|
|
|
|||
|
Default Ingress Queue Configuration |
36-30 |
|
|
|
|
|
|
|
||||
|
Default Egress Queue Configuration |
36-31 |
|
|
|
|
|
|
|
||||
|
Default Mapping Table Configuration |
|
36-32 |
|
|
|
|
|
|
|
|||
|
Standard QoS Configuration Guidelines |
36-32 |
|
|
|
|
|
|
|
||||
|
QoS ACL Guidelines |
36-32 |
|
|
|
|
|
|
|
|
|
|
|
|
Applying QoS on Interfaces |
36-32 |
|
|
|
|
|
|
|
|
|
||
|
Policing Guidelines |
36-33 |
|
|
|
|
|
|
|
|
|
|
|
|
General QoS Guidelines 36-33 |
|
|
|
|
|
|
|
|
|
|
||
|
Enabling QoS Globally |
36-34 |
|
|
|
|
|
|
|
|
|
|
|
|
Enabling VLAN-Based QoS on Physical Ports |
36-34 |
|
|
|
|
|
|
|
||||
|
Configuring Classification Using Port Trust States |
36-35 |
|
|
|
|
|
|
|||||
|
Configuring the Trust State on Ports within the QoS Domain 36-35 |
|
|
|
|
|
|||||||
|
Configuring the CoS Value for an Interface 36-37 |
|
|
|
|
|
|
||||||
|
Configuring a Trusted Boundary to Ensure Port Security 36-38 |
|
|
|
|
|
|||||||
|
Enabling DSCP Transparency Mode |
36-39 |
|
|
|
|
|
|
|
||||
|
Configuring the DSCP Trust State on a Port Bordering Another QoS Domain 36-40 |
|
|
|
|
||||||||
|
Configuring a QoS Policy |
36-42 |
|
|
|
|
|
|
|
|
|
|
|
|
Classifying Traffic by Using ACLs |
36-43 |
|
|
|
|
|
|
|
||||
|
Classifying Traffic by Using Class Maps |
36-46 |
|
|
|
|
|
|
|
||||
|
Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps |
36-48 |
|
||||||||||
|
Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps 36-52 |
||||||||||||
|
Classifying, Policing, and Marking Traffic by Using Aggregate Policers |
36-58 |
|
|
|
|
|||||||
|
Configuring DSCP Maps |
36-60 |
|
|
|
|
|
|
|
|
|
|
|
|
Configuring the CoS-to-DSCP Map |
|
36-60 |
|
|
|
|
|
|
|
|||
|
Configuring the IP-Precedence-to-DSCP Map |
36-61 |
|
|
|
|
|
|
|||||
|
Configuring the Policed-DSCP Map |
36-62 |
|
|
|
|
|
|
|
||||
|
Configuring the DSCP-to-CoS Map |
|
36-63 |
|
|
|
|
|
|
|
|||
|
Configuring the DSCP-to-DSCP-Mutation Map |
36-64 |
|
|
|
|
|
|
|||||
|
Configuring Ingress Queue Characteristics |
36-66 |
|
|
|
|
|
|
|
||||
|
Mapping DSCP or CoS Values to an Ingress Queue and Setting WTD Thresholds |
36-67 |
|
||||||||||
|
Allocating Buffer Space Between the Ingress Queues |
36-68 |
|
|
|
|
|
||||||
|
Allocating Bandwidth Between the Ingress Queues |
36-68 |
|
|
|
|
|
||||||
|
Configuring the Ingress Priority Queue |
36-69 |
|
|
|
|
|
|
|
||||
|
Configuring Egress Queue Characteristics |
|
36-70 |
|
|
|
|
|
|
|
|||
|
Configuration Guidelines |
36-71 |
|
|
|
|
|
|
|
|
|
|
|
|
Allocating Buffer Space to and Setting WTD Thresholds for an Egress Queue-Set |
36-71 |
|
||||||||||
|
Mapping DSCP or CoS Values to an Egress Queue and to a Threshold ID |
36-73 |
|
|
|
|
|||||||
|
Configuring SRR Shaped Weights on Egress Queues |
36-75 |
|
|
|
|
|
||||||
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
|
|
|
|
||||||||
|
|
|
|
|
|||||||||
|
OL-12189-01 |
|
|
|
|
|
|
|
|
|
|
xxvii |
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
|
Configuring SRR Shared Weights on Egress Queues 36-76 |
||
|
Configuring the Egress Expedite Queue 36-76 |
|
|
|
Limiting the Bandwidth on an Egress Interface |
36-77 |
|
|
Displaying Standard QoS Information 36-78 |
|
|
|
Configuring EtherChannels and Link-State Tracking |
|
|
C H A P T E R 37 |
37-1 |
||
|
Understanding EtherChannels |
37-1 |
|
|
EtherChannel Overview |
37-2 |
|
|
Port-Channel Interfaces |
37-4 |
|
|
Port Aggregation Protocol |
37-5 |
|
PAgP Modes |
37-5 |
|
|
|
|
|
|
PAgP Interaction with Other Features |
37-6 |
||||||
Link Aggregation Control Protocol |
37-6 |
|
|
||||
LACP Modes |
37-6 |
|
|
|
|
|
|
LACP Interaction with Other Features |
37-7 |
||||||
EtherChannel On Mode |
37-7 |
|
|
|
|
||
Load-Balancing and Forwarding Methods |
37-7 |
||||||
EtherChannel and Switch Stacks |
37-9 |
|
|
||||
Configuring EtherChannels |
37-10 |
|
|
|
|
|
|
Default EtherChannel Configuration |
37-10 |
|
|||||
EtherChannel Configuration Guidelines |
37-11 |
|
|||||
Configuring Layer 2 EtherChannels |
|
37-12 |
|
||||
Configuring Layer 3 EtherChannels |
37-14 |
|
|||||
Creating Port-Channel Logical Interfaces |
37-14 |
||||||
Configuring the Physical Interfaces |
37-15 |
|
|||||
Configuring EtherChannel Load-Balancing |
37-17 |
||||||
Configuring the PAgP Learn Method and Priority 37-18 |
|||||||
Configuring LACP Hot-Standby Ports |
37-19 |
|
|||||
Configuring the LACP System Priority |
37-20 |
||||||
Configuring the LACP Port Priority |
37-21 |
|
|||||
Displaying EtherChannel, PAgP, and LACP Status |
37-22 |
||||||
Understanding Link-State Tracking |
37-22 |
|
|
|
|||
Configuring Link-State Tracking |
37-24 |
|
|
|
|||
Default Link-State Tracking Configuration |
37-24 |
||||||
Link-State Tracking Configuration Guidelines |
37-24 |
||||||
Configuring Link-State Tracking |
37-25 |
|
|
||||
Displaying Link-State Tracking Status |
37-26 |
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
xxviii |
OL-12189-01 |
Contents
C H A P T E R 38 |
Configuring IP Unicast Routing |
38-1 |
|
|
Supported IPv4 Features |
38-2 |
|
|
Understanding IP Routing |
38-3 |
|
|
Types of Routing 38-3 |
|
|
|
IP Routing and Switch Stacks 38-4 |
||
|
Steps for Configuring Routing |
38-6 |
|
|
Configuring IP Addressing |
38-6 |
Default Addressing Configuration |
38-7 |
|
|
|
Assigning IP Addresses to Network Interfaces |
38-8 |
|||
Use of Subnet Zero |
38-8 |
|
|
|
Classless Routing |
38-9 |
|
|
|
Configuring Address Resolution Methods |
38-10 |
|
||
Define a Static ARP Cache |
38-11 |
|
|
|
Set ARP Encapsulation 38-12 |
|
|
||
Enable Proxy ARP |
38-13 |
|
|
|
Routing Assistance When IP Routing is Disabled |
38-13 |
|||
Proxy ARP 38-13 |
|
|
|
|
Default Gateway |
38-13 |
|
|
|
ICMP Router Discovery Protocol (IRDP) |
38-14 |
Configuring Broadcast Packet Handling 38-15
Enabling Directed Broadcast-to-Physical Broadcast Translation 38-16
Forwarding UDP Broadcast Packets and Protocols 38-17
|
Establishing an IP Broadcast Address |
38-17 |
|
|
|
|
|||
|
Flooding IP Broadcasts |
38-18 |
|
|
|
|
|
||
|
Monitoring and Maintaining IP Addressing |
38-19 |
|
|
|
|
|||
|
Enabling IP Unicast Routing |
38-20 |
|
|
|
|
|
|
|
|
Configuring RIP 38-21 |
|
|
|
|
|
|
|
|
|
Default RIP Configuration |
38-22 |
|
|
|
|
|
|
|
|
Configuring Basic RIP Parameters |
38-22 |
|
|
|
|
|
||
|
Configuring RIP Authentication |
38-24 |
|
|
|
|
|
||
|
Configuring Summary Addresses and Split Horizon |
38-24 |
|
|
|
||||
|
Configuring Split Horizon |
38-26 |
|
|
|
|
|
|
|
|
Configuring Stub Routing 38-26 |
|
|
|
|
|
|
|
|
|
Understanding PIM Stub Routing |
38-26 |
|
|
|
|
|
||
|
Configuring PIM Stub Routing |
38-27 |
|
|
|
|
|
||
|
PIM Stub Routing Configuration Guidelines |
38-28 |
|
|
|
||||
|
Enabling PIM Stub Routing |
38-28 |
|
|
|
|
|
||
|
Understanding EIGRP Stub Routing 38-29 |
|
|
|
|
|
|||
|
Configuring EIGRP Stub Routing |
38-30 |
|
|
|
|
|
||
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
|
|
|
|||||
|
|
|
|
||||||
|
OL-12189-01 |
|
|
|
|
|
|
xxix |
|
|
|
|
|
|
|
|
|
Contents
|
|
|
|
Configuring OSPF |
38-31 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Default OSPF Configuration |
38-32 |
|
|
|
|
|
||||
|
|
|
|
OSPF Nonstop Forwarding |
38-33 |
|
|
|
|
|||||
|
|
|
|
Configuring Basic OSPF Parameters |
38-35 |
|
|
|||||||
|
|
|
|
Configuring OSPF Interfaces |
38-35 |
|
|
|
|
|||||
|
|
|
|
Configuring OSPF Area Parameters |
38-36 |
|
|
|
||||||
|
|
|
|
Configuring Other OSPF Parameters |
|
38-38 |
|
|
||||||
|
|
|
|
Changing LSA Group Pacing |
38-39 |
|
|
|
|
|||||
|
|
|
|
Configuring a Loopback Interface |
|
38-40 |
|
|
|
|||||
|
|
|
|
Monitoring OSPF |
38-40 |
|
|
|
|
|
|
|
||
|
|
|
|
Configuring EIGRP |
38-41 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Default EIGRP Configuration |
38-43 |
|
|
|
|
|||||
|
|
|
|
EIGRP Nonstop Forwarding |
38-44 |
|
|
|
||||||
|
|
|
|
Configuring Basic EIGRP Parameters |
38-45 |
|
|
|||||||
|
|
|
|
Configuring EIGRP Interfaces |
38-46 |
|
|
|
|
|||||
|
|
|
|
Configuring EIGRP Route Authentication |
38-47 |
|
||||||||
|
|
|
|
Monitoring and Maintaining EIGRP |
38-48 |
|
|
|
||||||
|
|
|
|
Configuring BGP |
38-49 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Default BGP Configuration 38-51 |
|
|
|
|
|
|||||
|
|
|
|
Nonstop Forwarding Awareness |
38-53 |
|
|
|||||||
|
|
|
|
Enabling BGP Routing |
38-53 |
|
|
|
|
|
|
|
||
|
|
|
|
Managing Routing Policy Changes |
38-56 |
|
|
|
||||||
|
|
|
|
Configuring BGP Decision Attributes |
38-57 |
|
|
|||||||
|
|
|
|
Configuring BGP Filtering with Route Maps |
|
38-59 |
|
|||||||
|
|
|
|
Configuring BGP Filtering by Neighbor |
38-60 |
|
|
|||||||
|
|
|
|
Configuring Prefix Lists for BGP Filtering |
38-61 |
|
||||||||
|
|
|
|
Configuring BGP Community Filtering |
38-62 |
|
|
|||||||
|
|
|
|
Configuring BGP Neighbors and Peer Groups |
38-64 |
|
||||||||
|
|
|
|
Configuring Aggregate Addresses |
|
38-66 |
|
|
|
|||||
|
|
|
|
Configuring Routing Domain Confederations |
38-66 |
|
||||||||
|
|
|
|
Configuring BGP Route Reflectors |
|
38-67 |
|
|
|
|||||
|
|
|
|
Configuring Route Dampening |
38-68 |
|
|
|
|
|||||
|
|
|
|
Monitoring and Maintaining BGP |
|
38-69 |
|
|
|
|||||
|
|
|
|
Configuring Multi-VRF CE |
38-70 |
|
|
|
|
|
|
|
||
|
|
|
|
Understanding Multi-VRF CE |
38-71 |
|
|
|
|
|||||
|
|
|
|
Default Multi-VRF CE Configuration |
38-73 |
|
|
|||||||
|
|
|
|
Multi-VRF CE Configuration Guidelines |
38-73 |
|
||||||||
|
|
|
|
Configuring VRFs |
38-74 |
|
|
|
|
|
|
|
||
|
|
|
|
Configuring VRF-Aware Services |
|
38-75 |
|
|
|
|||||
|
|
|
|
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide |
||||||||||
|
|
|
|
|||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
xxx |
|
|
|
|
|
|
|
|
|
|
|
OL-12189-01 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|