Cisco ME 3400 User Manual

Cisco ME 3400 Ethernet Access Switch Software

Cisco IOS Release 12.2(46)SE

August 2008

Americas Headquarters

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

Configuration Guide

Text Part Number: OL-9639-06

THE SPECIFICATIONS AND INFORMATION REGA RDING THE P RODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE W ITH OUT NOT ICE. A LL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILIT Y FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRA NTY FO R THE A CCOMPA NYING PRODUCT A RE SET FORTH IN T HE INFORM ATION P ACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DO CUMENT FILES AND SOFTW ARE OF THESE SUPPL IERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM AL L WARRANTIES, EX PRESSED OR LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICUL AR PURPOSE AND NON INFRINGEMENT OR ARISIN G FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOS T PROFITS OR LOSS OR DAMAGE TO DATA ARISIN G OUT OF THE US E OR INABILI TY TO USE THIS MA NUAL, EVEN I F CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SU CH DAMA GES.

CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Cisco

Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQ Expertise, the iQ logo, iQ LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, P owerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx

logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0807R)

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems,

Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo,

IMPLIED, INCLUDING, WITHOUT

CONTENTS

Preface xxxix

Audience xxxix Purpose xxxix Conventions xxxix Related Publications xl Obtaining Documentation and Submitting a Service Request xli

CHAPTER

1 Overview 1-1

Features 1-1

Performance Features 1-2 Management Options 1-3 Manageability Features 1-3 Availability Features 1-5 VLAN Features 1-6 Security Features 1-6

Quality of Service and Class of Service Features 1-8 Layer 2 Virtual Private Network Services 1-8 Layer 3 Features 1-9 Layer 3 VPN Services 1-9

Monitoring Features 1-9 Default Settings After Initial Switch Configuration 1-10 Network Configuration Examples 1-13

Multidwelling or Ethernet-to-the-Subscriber Network 1-14

Layer 2 VPN Application 1-15

Multi-VRF CE Application 1-16

Subscriber Security 1-6 Switch Security 1-7 Network Security 1-7

CHAPTER

OL-9639-06

Where to Go Next 1-17

2 Using the Command-Line Interface 2-1

Understanding Command Modes 2-1 Understanding the Help System 2-3 Understanding Abbreviated Commands 2-3

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

iii

Contents

Understanding no and default Forms of Commands 2-4 Understanding CLI Error Messages 2-4 Using Command History 2-4

Changing the Command History Buffer Size 2-5 Recalling Commands 2-5 Disabling the Command History Feature 2-5

Using Editing Features 2-6

Enabling and Disabling Editing Features 2-6 Editing Commands through Keystrokes 2-6

Editing Command Lines that Wrap 2-8 Searching and Filtering Output of show and more Commands 2-8 Accessing the CLI 2-9

Accessing the CLI through a Console Connection or through Telnet 2-9

CHAPTER

3 Assigning the Switch IP Address and Default Gateway 3-1

Understanding the Boot Process 3-1 Assigning Switch Information 3-2

Default Switch Information 3-3

Understanding DHCP-Based Autoconfiguration 3-3

DHCP Client Request Process 3-3

Understanding DHCP-based Autoconfiguration and Image Update 3-4

DHCP Autoconfiguration 3-5 DHCP Auto-Image Update 3-5 Limitations and Restrictions 3-5

Configuring DHCP-Based Autoconfiguration 3-6

DHCP Server Configuration Guidelines 3-6 Configuring the TFTP Server 3-6 Configuring the DNS 3-7 Configuring the Relay Device 3-7 Obtaining Configuration Files 3-8 Example Configuration 3-9

Configuring the DHCP Auto Configuration and Image Update Features 3-10

Configuring DHCP Autoconfiguration (Only Configuration File) 3-11 Configuring DHCP Auto-Image Update (Configuration File and Image) 3-12 Configuring the Client 3-13

Manually Assigning IP Information 3-14

Checking and Saving the Running Configuration 3-14

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

OL-9639-06

Modifying the Startup Configuration 3-16

Default Boot Configuration 3-17 Automatically Downloading a Configuration File 3-17 Specifying the Filename to Read and Write the System Configuration 3-17 Booting Manually 3-18 Booting a Specific Software Image 3-18 Controlling Environment Variables 3-19

Scheduling a Reload of the Software Image 3-21

Configuring a Scheduled Reload 3-21 Displaying Scheduled Reload Information 3-22

Contents

CHAPTER

4 Configuring Cisco IOS CNS Agents 4-1

Understanding Cisco Configuration Engine Software 4-1

Configuration Service 4-2 Event Service 4-3

NameSpace Mapper 4-3

What You Should Know About the CNS IDs and Device Hostnames 4-3

ConfigID 4-3 DeviceID 4-4 Hostname and DeviceID 4-4 Using Hostname, DeviceID, and ConfigID 4-4

Understanding Cisco IOS Agents 4-5

Initial Configuration 4-5 Incremental (Partial) Configuration 4-6 Synchronized Configuration 4-6

Configuring Cisco IOS Agents 4-6

Enabling Automated CNS Configuration 4-6 Enabling the CNS Event Agent 4-7 Enabling the Cisco IOS CNS Agent 4-8

Enabling an Initial Configuration 4-9 Enabling a Partial Configuration 4-13

Upgrading Devices with Cisco IOS Image Agent 4-14

Prerequisites for the CNS Image Agent 4-14 Restrictions for the CNS Image Agent 4-14

OL-9639-06

Displaying CNS Configuration 4-15

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

Contents

CHAPTER

5 Administering the Switch 5-1

Managing the System Time and Date 5-1

Understanding the System Clock 5-2

Understanding Network Time Protocol 5-2

Configuring NTP 5-4

Default NTP Configuration 5-4 Configuring NTP Authentication 5-4 Configuring NTP Associations 5-5 Configuring NTP Broadcast Service 5-6 Configuring NTP Access Restrictions 5-8 Configuring the Source IP Address for NTP Packets 5-10 Displaying the NTP Configuration 5-11

Configuring Time and Date Manually 5-11

Setting the System Clock 5-11 Displaying the Time and Date Configuration 5-12 Configuring the Time Zone 5-12 Configuring Summer Time (Daylight Saving Time) 5-13

Configuring a System Name and Prompt 5-14

Default System Name and Prompt Configuration 5-15

Configuring a System Name 5-15

Understanding DNS 5-15

Default DNS Configuration 5-16 Setting Up DNS 5-16 Displaying the DNS Configuration 5-17

Creating a Banner 5-17

Default Banner Configuration 5-17

Configuring a Message-of-the-Day Login Banner 5-18

Configuring a Login Banner 5-19 Suppressing the Power-Supply Alarm on an ME 3400G-12CS Switch 5-19 Managing the MAC Address Table 5-20

Building the Address Table 5-21

MAC Addresses and VLANs 5-21

Default MAC Address Table Configuration 5-22

Changing the Address Aging Time 5-22

Removing Dynamic Address Entries 5-23

Configuring MAC Address Notification Traps 5-23

Adding and Removing Static Address Entries 5-25

Configuring Unicast MAC Address Filtering 5-26

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

OL-9639-06

Disabling MAC Address Learning on a VLAN 5-27 Displaying Address Table Entries 5-28

Managing the ARP Table 5-29

Contents

CHAPTER

6 Configuring SDM Templates 6-1

Understanding the SDM Templates 6-1 Configuring the Switch SDM Template 6-2

Default SDM Template 6-2 SDM Template Configuration Guidelines 6-2 Setting the SDM Template 6-3

Displaying the SDM Templates 6-4

7 Configuring Switch-Based Authentication 7-1

Preventing Unauthorized Access to Your Switch 7-1 Protecting Access to Privileged EXEC Commands 7-2

Default Password and Privilege Level Configuration 7-2 Setting or Changing a Static Enable Password 7-3 Protecting Enable and Enable Secret Passwords with Encryption 7-3 Disabling Password Recovery 7-5 Setting a Telnet Password for a Terminal Line 7-6 Configuring Username and Password Pairs 7-6 Configuring Multiple Privilege Levels 7-7

Setting the Privilege Level for a Command 7-8 Changing the Default Privilege Level for Lines 7-9 Logging into and Exiting a Privileg e Lev e l 7-9

OL-9639-06

Controlling Switch Access with TACACS+ 7-9

Understanding TACACS+ 7-10 TACACS+ Operation 7-12 Configuring TACACS+ 7-12

Default TACACS+ Configuration 7-13 Identifying the TACACS+ Server Host and Setting the Authentication Key 7-13 Configuring TACACS+ Login Authentication 7-14 Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 7-16 Starting TACACS+ Accounting 7-17

Displaying the TACACS+ Configuration 7-17

Controlling Switch Access with RADIUS 7-17

Understanding RADIUS 7-18 RADIUS Operation 7-19

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

vii

Contents

Configuring RADIUS 7-20

Default RADIUS Configuration 7-20 Identifying the RADIUS Server Host 7-20 Configuring RADIUS Login Authentication 7-23 Defining AAA Server Groups 7-25 Configuring RADIUS Authorization for User Privileged Access and Network Services 7-27 Starting RADIUS Accounting 7-28 Configuring Settings for All RADIUS Servers 7-29 Configuring the Switch to Use Vendor-Specific RADIUS Attributes 7-29 Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 7-30

Displaying the RADIUS Configuration 7-31 Controlling Switch Access with Kerberos 7-32

Understanding Kerberos 7-32

Kerberos Operation 7-34

Authenticating to a Boundary Switch 7-34 Obtaining a TGT from a KDC 7-35 Authenticating to Network Services 7-35

Configuring Kerberos 7-35

CHAPTER

Configuring the Switch for Local Authentication and Authorization 7-36 Configuring the Switch for Secure Shell 7-37

Understanding SSH 7-37

SSH Servers, Integrated Clients, and Supported Versions 7-37 Limitations 7-38

Configuring SSH 7-38

Configuration Guidelines 7-38 Setting Up the Switch to Run SSH 7-39 Configuring the SSH Server 7-40

Displaying the SSH Configuration and Status 7-40 Configuring the Switch for Secure Copy Protocol 7-41

Information About Secure Copy 7-41

8 Configuring IEEE 802.1x Port-Based Authentication 8-1

Understanding IEEE 802.1x Port-Based Authentication 8-1

Device Roles 8-2

Authentication Initiation and Message Exchange 8-3

Ports in Authorized and Unauthorized States 8-4

IEEE 802.1x Accounting 8-5

IEEE 802.1x Accounting Attribute-Value Pairs 8-5

IEEE 802.1x Host Mode 8-6

viii

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

OL-9639-06

Using 802.1x Readiness Check 8-7 Using IEEE 802.1x with Port Security 8-7 Using IEEE 802.1x with VLAN Assignment 8-8

Configuring IEEE 802.1x Authentication 8-9

Default IEEE 802.1x Configuration 8-10 IEEE 802.1x Configuration Guidelines 8-11

Maximum Number of Allowed Devices Per Port 8-11 Configuring 802.1x Readiness Check 8-12 Configuring IEEE 802.1x Violation Modes 8-13 Configuring IEEE 802.1x Authentication 8-13 Configuring the Switch-to-RADIUS-Server Communication 8-15 Configuring Periodic Re-Authentication 8-16 Manually Re-Authenticating a Client Connected to a Port 8-16 Changing the Quiet Period 8-17 Changing the Switch-to-Client Retransmission Time 8-17 Setting the Switch-to-Client Frame-Retransmission Number 8-18 Setting the Re-Authentication Number 8-18 Configuring the Host Mode 8-19 Resetting the IEEE 802.1x Configuration to the Default Values 8-20 Configuring IEEE 802.1x Accounting 8-20

Contents

CHAPTER

Displaying IEEE 802.1x Statistics and Status 8-21

9 Configuring Interfaces 9-1

Understanding Interface Types 9-1

UNI, NNI, and ENI Port Types 9-2 Port-Based VLANs 9-2 Switch Ports 9-3

Access Ports 9-4

Trunk Ports 9-4

Tunnel Ports 9-4 Routed Ports 9-5 Switch Virtual Interfaces 9-5 EtherChannel Port Groups 9-6 Dual-Purpose Ports 9-6 Connecting Interfaces 9-7

Using Interface Configuration Mode 9-8

Procedures for Configuring Interfaces 9-8 Configuring a Range of Interfaces 9-9 Configuring and Using Interface Range Macros 9-10

OL-9639-06

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

Contents

Configuring Ethernet Interfaces 9-12

Default Ethernet Interface Configuration 9-12 Configuring the Port Type 9-14 Configuring Interface Speed and Duplex Mode 9-15

Speed and Duplex Configuration Guidelines 9-15

Setting the Interface Speed and Duplex Parameters 9-16 Configuring a Dual-Purpose Port 9-17 Configuring IEEE 802.3x Flow Control 9-19 Configuring Auto-MDIX on an Interface 9-20 Adding a Description for an Interface 9-21

Configuring Layer 3 Interfaces 9-22 Configuring the System MTU 9-23 Monitoring and Maintaining the Interfaces 9-26

Monitoring Interface Status 9-26 Clearing and Resetting Interfaces and Counters 9-27 Shutting Down and Restarting the Interface 9-28

CHAPTER

10 Configuring Command Macros 10-1

Understanding Command Macros 10-1 Configuring Command Macros 10-1

Default Command Macro Configuration 10-2 Command Macro Configuration Guidelines 10-2 Creating Command Macros 10-3 Applying Command Macros 10-4

Displaying Command Macros 10-5

11 Configuring VLANs 11-1

Understanding VLANs 11-1

Supported VLANs 11-3 Normal-Range VLANs 11-3 Extended-Range VLANs 11-4 VLAN Port Membership Modes 11-4 UNI-ENI VLANs 11-5

Creating and Modifying VLANs 11-7

Default Ethernet VLAN Configuration 11-7 VLAN Configuration Guidelines 11-8 Creating or Modifying an Ethernet VLAN 11-9 Assigning Static-Access Ports to a VLAN 11-11 Creating an Extended-Range VLAN with an Internal VLAN ID 11-11

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

OL-9639-06

Configuring UNI-ENI VLANs 11-12

Configuration Guidelines 11-12

Configuring UNI-ENI VLANs 11-13 Displaying VLANs 11-14 Configuring VLAN Trunks 11-14

Trunking Overview 11-14

IEEE 802.1Q Configuration Considerations 11-15

Default Layer 2 Ethernet Interface VLAN Configuration 11-16 Configuring an Ethernet Interface as a Trunk Port 11-16

Interaction with Other Features 11-16

Configuring a Trunk Port 11-17

Defining the Allowed VLANs on a Trunk 11-17

Configuring the Native VLAN for Untagged Traffic 11-19

Configuring Trunk Ports for Load Sharing 11-19

Load Sharing Using STP Port Priorities 11-20

Load Sharing Using STP Path Cost 11-21

Contents

CHAPTER

Configuring VMPS 11-23

Understanding VMPS 11-23

Dynamic-Access Port VLAN Membership 11-24

Default VMPS Client Configuration 11-25 VMPS Configuration Guidelines 11-25 Configuring the VMPS Client 11-25

Entering the IP Address of the VMPS 11-26

Configuring Dynamic-Access Ports on VMPS Clients 11-26

Reconfirming VLAN Memberships 11-27

Changing the Reconfirmation Interval 11-27

Changing the Retry Count 11-27

Monitoring the VMPS 11-28 Troubleshooting Dynamic-Access Port VLAN Membership 11-28 VMPS Configuration Example 11-28

12 Configuring Private VLANs 12-1

Understanding Private VLANs 12-1

Types of Private VLANs and Private-VLAN Ports 12-2 IP Addressing Scheme with Private VLANs 12-4 Private VLANs across Multiple Switches 12-4 Private VLANs and Unicast, Broadcast, and Multicast Traffic 12-5 Private VLANs and SVIs 12-5

OL-9639-06

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

Contents

Configuring Private VLANs 12-6

Tasks for Configuring Private VLANs 12-6 Default Private-VLAN Configuration 12-6 Private-VLAN Configuration Guidelines 12-6

Secondary and Primary VLAN Configuration 12-7 Private-VLAN Port Configuration 12-8

Limitations with Other Features 12-9 Configuring and Associating VLANs in a Private VLAN 12-10 Configuring a Layer 2 Interface as a Private-VLAN Host Port 12-11 Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port 12-13 Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface 12-14

Monitoring Private VLANs 12-15

CHAPTER

13 Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling 13-1

Understanding IEEE 802.1Q Tunneling 13-1 Configuring IEEE 802.1Q Tunneling 13-4

Default IEEE 802.1Q Tunneling Configuration 13-4 IEEE 802.1Q Tunneling Configuration Guidelines 13-4

Native VLANs 13-4

System MTU 13-5 IEEE 802.1Q Tunneling and Other Features 13-6 Configuring an IEEE 802.1Q Tunneling Port 13-6

Understanding Layer 2 Protocol Tunneling 13-7 Configuring Layer 2 Protocol Tunneling 13-10

Default Layer 2 Protocol Tunneling Configuration 13-11 Layer 2 Protocol Tunneling Configuration Guidelines 13-11 Configuring Layer 2 Protocol Tunneling 13-12 Configuring Layer 2 Tunneling for EtherChannels 13-14

Configuring the SP Edge Switch 13-14

Configuring the Customer Switch 13-16

Monitoring and Maintaining Tunneling Status 13-18

CHAPTER

xii

14 Configuring STP 14-1

Understanding Spanning-Tree Features 14-1

STP Overview 14-2 Spanning-Tree Topology and BPDUs 14-3 Bridge ID, Switch Priority, and Extended System ID 14-4

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

OL-9639-06

Spanning-Tree Interface States 14-4

Blocking State 14-6 Listening State 14-6 Learning State 14-7 Forwarding State 14-7

Disabled State 14-7 How a Switch or Port Becomes the Root Switch or Root Port 14-7 Spanning Tree and Redundant Connectivity 14-8 Spanning-Tree Address Management 14-9 Accelerated Aging to Retain Connectivity 14-9 Spanning-Tree Modes and Protocols 14-9 Supported Spanning-Tree Instances 14-10 Spanning-Tree Interoperability and Backward Compatibility 14-10 STP and IEEE 802.1Q Trunks 14-11

Configuring Spanning-Tree Features 14-11

Default Spanning-Tree Configuration 14-11 Spanning-Tree Configuration Guidelines 14-12 Enabling Spanning Tree on an ENI 14-13 Changing the Spanning-Tree Mode. 14-14 Disabling Spanning Tree 14-15 Configuring the Root Switch 14-15 Configuring a Secondary Root Switch 14-17 Configuring Port Priority 14-17 Configuring Path Cost 14-19 Configuring the Switch Priority of a VLAN 14-20 Configuring Spanning-Tree Timers 14-21

Configuring the Hello Time 14-21

Configuring the Forwarding-Delay Time for a VLAN 14-22

Configuring the Maximum-Aging Time for a VLAN 14-22

Contents

CHAPTER

OL-9639-06

Displaying the Spanning-Tree Status 14-23

15 Configuring MSTP 15-1

Understanding MSTP 15-2

Multiple Spanning-Tree Regions 15-2 IST, CIST, and CST 15-3

Operations Within an MST Region 15-3

Operations Between MST Regions 15-4

IEEE 802.1s Terminology 15-5

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

xiii

Contents

Hop Count 15-5 Boundary Ports 15-6 IEEE 802.1s Implementation 15-6

Port Role Naming Change 15-7 Interoperation Between Legacy and Standard Switches 15-7 Detecting Unidirectional Link Failure 15-8

Interoperability with IEEE 802.1D STP 15-8

Understanding RSTP 15-8

Port Roles and the Active Topology 15-9 Rapid Convergence 15-10 Synchronization of Port Roles 15-11 Bridge Protocol Data Unit Format and Processing 15-12

Processing Superior BPDU Information 15-13 Processing Inferior BPDU Information 15-13

Topology Changes 15-13

Configuring MSTP Features 15-14

Default MSTP Configuration 15-14 MSTP Configuration Guidelines 15-15 Specifying the MST Region Configuration and Enabling MSTP 15-16 Configuring the Root Switch 15-17 Configuring a Secondary Root Switch 15-18 Configuring Port Priority 15-19 Configuring Path Cost 15-21 Configuring the Switch Priority 15-22 Configuring the Hello Time 15-23 Configuring the Forwarding-Delay Time 15-23 Configuring the Maximum-Aging Time 15-24 Configuring the Maximum-Hop Count 15-24 Specifying the Link Type to Ensure Rapid Transitions 15-25 Designating the Neighbor Type 15-25 Restarting the Protocol Migration Process 15-26

Displaying the MST Configuration and Status 15-27

CHAPTER

xiv

16 Configuring Optional Spanning-Tree Features 16-1

Understanding Optional Spanning-Tree Features 16-1

Understanding Port Fast 16-2 Understanding BPDU Guard 16-3 Understanding BPDU Filtering 16-3 Understanding EtherChannel Guard 16-3

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

OL-9639-06

Understanding Root Guard 16-4 Understanding Loop Guard 16-5

Configuring Optional Spanning-Tree Features 16-5

Default Optional Spanning-Tree Configuration 16-5 Optional Spanning-Tree Configuration Guidelines 16-6 Enabling Port Fast 16-6 Enabling BPDU Guard 16-7 Enabling BPDU Filtering 16-8 Enabling EtherChannel Guard 16-9 Enabling Root Guard 16-10 Enabling Loop Guard 16-10

Displaying the Spanning-Tree Status 16-11

Contents

CHAPTER

17 Configuring Resilient Ethernet Protocol 17-1

Understanding REP 17-1

Link Integrity 17-3 Fast Convergence 17-3 VLAN Load Balancing 17-4 Spanning Tree Interaction 17-5 REP Ports 17-5

Configuring REP 17-6

Default REP Configuration 17-6 REP Configuration Guidelines 17-6 Configuring the REP Administrative VLAN 17-7 Configuring REP Interfaces 17-9 Setting Manual Preemption for VLAN Load Balancing 17-11 Configuring SNMP Traps for REP 17-12

Monitoring REP 17-12

18 Configuring Flex Links and the MAC Address-Table Move Update Feature 18-1

Understanding Flex Links and the MAC Address-Table Move Update 18-1

Flex Links 18-1 VLAN Flex Link Load Balancing and Support 18-2 Flex Link Multicast Fast Convergence 18-3

Learning the Other Flex Link Port as the mrouter Port 18-3

Generating IGMP Reports 18-3

Leaking IGMP Reports 18-4 MAC Address-Table Move Update 18-6

OL-9639-06

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

Contents

Configuring Flex Links and MAC Address-Table Move Update 18-7

Default Configuration 18-7 Configuration Guidelines 18-8 Configuring Flex Links 18-8 Configuring VLAN Load Balancing on Flex Links 18-10 Configuring the MAC Address-Table Move Update Feature 18-12

Monitoring Flex Links and the MAC Address-Table Move Update 18-14

CHAPTER

19 Configuring DHCP Features and IP Source Guard 19-1

Understanding DHCP Features 19-1

DHCP Server 19-2 DHCP Relay Agent 19-2 DHCP Snooping 19-2 Option-82 Data Insertion 19-3 Cisco IOS DHCP Server Database 19-6 DHCP Snooping Binding Database 19-6

Configuring DHCP Features 19-7

Default DHCP Configuration 19-8 DHCP Snooping Configuration Guidelines 19-8 Configuring the DHCP Server 19-10 Configuring the DHCP Relay Agent 19-10 Specifying the Packet Forwarding Address 19-10 Enabling DHCP Snooping and Option 82 19-11 Enabling DHCP Snooping on Private VLANs 19-13 Enabling the Cisco IOS DHCP Server Database 19-13 Enabling the DHCP Snooping Binding Database Agent 19-14

xvi

Displaying DHCP Snooping Information 19-15 Understanding IP Source Guard 19-15

Source IP Address Filtering 19-16 Source IP and MAC Address Filtering 19-16

Configuring IP Source Guard 19-16

Default IP Source Guard Configuration 19-16 IP Source Guard Configuration Guidelines 19-17

Enabling IP Source Guard 19-17 Displaying IP Source Guard Information 19-19 Understanding DHCP Server Port-Based Address Allocation 19-19

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

OL-9639-06

Configuring DHCP Server Port-Based Address Allocation 19-19

Default Port-Based Address Allocation Configuration 19-19 Port-Based Address Allocation Configuration Guidelines 19-20 Enabling DHCP Server Port-Based Address Allocation 19-20

Displaying DHCP Server Port-Based Address Allocation 19-22

Contents

CHAPTER

20 Configuring Dynamic ARP Inspection 20-1

Understanding Dynamic ARP Inspection 20-1

Interface Trust States and Network Security 20-3 Rate Limiting of ARP Packets 20-4 Relative Priority of ARP ACLs and DHCP Snooping Entries 20-4 Logging of Dropped Packets 20-4

Configuring Dynamic ARP Inspection 20-5

Default Dynamic ARP Inspection Configuration 20-5 Dynamic ARP Inspection Configuration Guidelines 20-6 Configuring Dynamic ARP Inspection in DHCP Environments 20-7 Configuring ARP ACLs for Non-DHCP Environments 20-8 Limiting the Rate of Incoming ARP Packets 20-10 Performing Validation Checks 20-12 Configuring the Log Buffer 20-12

Displaying Dynamic ARP Inspection Information 20-14

21 Configuring IGMP Snooping and MVR 21-1

Understanding IGMP Snooping 21-1

IGMP Versions 21-2 Joining a Multicast Group 21-3 Leaving a Multicast Group 21-5 Immediate Leave 21-5 IGMP Configurable-Leave Timer 21-5 IGMP Report Suppression 21-5

OL-9639-06

Configuring IGMP Snooping 21-6

Default IGMP Snooping Configuration 21-6 Enabling or Disabling IGMP Snooping 21-7 Configuring a Multicast Router Port 21-7 Configuring a Host Statically to Join a Group 21-8 Enabling IGMP Immediate Leave 21-9 Configuring the IGMP Leave Timer 21-9

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

xvii

Contents

Configuring TCN-Related Commands 21-10

Controlling the Multicast Flooding Time After a TCN Event 21-10 Recovering from Flood Mode 21-11

Disabling Multicast Flooding During a TCN Event 21-11 Configuring the IGMP Snooping Querier 21-12 Disabling IGMP Report Suppression 21-14

Displaying IGMP Snooping Information 21-14 Understanding Multicast VLAN Registration 21-15

Using MVR in a Multicast Television Application 21-16

Configuring MVR 21-18

Default MVR Configuration 21-18 MVR Configuration Guidelines and Limitations 21-18 Configuring MVR Global Parameters 21-19 Configuring MVR on Access Ports 21-20 Configuring MVR on Trunk Ports 21-22

CHAPTER

Displaying MVR Information 21-23 Configuring IGMP Filtering and Throttling 21-23

Default IGMP Filtering and Throttling Configuration 21-24 Configuring IGMP Profiles 21-25 Applying IGMP Profiles 21-26 Setting the Maximum Number of IGMP Groups 21-26 Configuring the IGMP Throttling Action 21-27

Displaying IGMP Filtering and Throttling Configuration 21-29

22 Configuring Port-Based Traffic Control 22-1

Configuring Storm Control 22-1

Understanding Storm Control 22-1 Default Storm Control Configuration 22-3 Configuring Storm Control and Threshold Levels 22-3 Configuring Small-Frame Arrival Rate 22-5

Configuring Protected Ports 22-6

Default Protected Port Configuration 22-6 Protected Port Configuration Guidelines 22-7 Configuring a Protected Port 22-7

xviii

Configuring Port Blocking 22-7

Default Port Blocking Configuration 22-8 Blocking Flooded Traffic on an Interface 22-8

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

OL-9639-06

Configuring Port Security 22-9

Understanding Port Security 22-9

Secure MAC Addresses 22-9

Security Violations 22-10 Default Port Security Configuration 22-11 Port Security Configuration Guidelines 22-11 Enabling and Configuring Port Security 22-12 Enabling and Configuring Port Security Aging 22-16 Port Security and Private VLANs 22-17

Displaying Port-Based Traffic Control Settings 22-18

Contents

CHAPTER

23 Configuring CDP 23-1

Understanding CDP 23-1 Configuring CDP 23-2

Default CDP Configuration 23-2 Configuring the CDP Characteristics 23-2 Disabling and Enabling CDP 23-3 Disabling and Enabling CDP on an Interface 23-4

Monitoring and Maintaining CDP 23-5

24 Configuring LLDP and LLDP-MED 24-1

Understanding LLDP and LLDP-MED 24-1

Understanding LLDP 24-1 Understanding LLDP-MED 24-2

Configuring LLDP and LLDP-MED 24-3

Default LLDP Configuration 24-3 Configuring LLDP Characteristics 24-4 Disabling and Enabling LLDP Globally 24-5 Disabling and Enabling LLDP on an Interface 24-5 Configuring LLDP-MED TLVs 24-6

CHAPTER

OL-9639-06

Monitoring and Maintaining LLDP and LLDP-MED 24-7

25 Configuring UDLD 25-1

Understanding UDLD 25-1

Modes of Operation 25-1 Methods to Detect Unidirectional Links 25-2

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

xix

Contents

Configuring UDLD 25-3

Default UDLD Configuration 25-4 Configuration Guidelines 25-4 Enabling UDLD Globally 25-5 Enabling UDLD on an Interface 25-5 Resetting an Interface Disabled by UDLD 25-6

Displaying UDLD Status 25-6

CHAPTER

26 Configuring SPAN and RSPAN 26-1

Understanding SPAN and RSPAN 26-1

Local SPAN 26-2 Remote SPAN 26-2 SPAN and RSPAN Concepts and Terminology 26-3

SPAN Sessions 26-3 Monitored Traffic 26-4 Source Ports 26-5 Source VLANs 26-6 VLAN Filtering 26-6 Destination Port 26-6 RSPAN VLAN 26-7

SPAN and RSPAN Interaction with Other Features 26-8

Configuring SPAN and RSPAN 26-9

Default SPAN and RSPAN Configuration 26-9 Configuring Local SPAN 26-10

SPAN Configuration Guidelines 26-10 Creating a Local SPAN Session 26-11 Creating a Local SPAN Session and Configuring Ingress Traffic 26-13 Specifying VLANs to Filter 26-15

Configuring RSPAN 26-16

RSPAN Configuration Guidelines 26-16 Configuring a VLAN as an RSPAN VLAN 26-17 Creating an RSPAN Source Session 26-17 Creating an RSPAN Destination Session 26-19 Creating an RSPAN Destination Session and Configuring Ingress Traffic 26-20 Specifying VLANs to Filter 26-21

Displaying SPAN and RSPAN Status 26-22

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

OL-9639-06

Contents

CHAPTER

27 Configuring RMON 27-1

Understanding RMON 27-1 Configuring RMON 27-2

Default RMON Configuration 27-3 Configuring RMON Alarms and Events 27-3 Collecting Group History Statistics on an Interface 27-5 Collecting Group Ethernet Statistics on an Interface 27-5

Displaying RMON Status 27-6

28 Configuring System Message Logging 28-1

Understanding System Message Logging 28-1 Configuring System Message Logging 28-2

System Log Message Format 28-2 Default System Message Logging Configuration 28-3 Disabling Message Logging 28-4 Setting the Message Display Destination Device 28-5 Synchronizing Log Messages 28-6 Enabling and Disabling Time Stamps on Log Messages 28-7 Enabling and Disabling Sequence Numbers in Log Messages 28-8 Defining the Message Severity Level 28-8 Limiting Syslog Messages Sent to the History Table and to SNMP 28-10 Enabling the Configuration-Change Logger 28-10 Configuring UNIX Syslog Servers 28-12

Logging Messages to a UNIX Syslog Daemon 28-12

Configuring the UNIX System Logging Facility 28-12

CHAPTER

OL-9639-06

Displaying the Logging Configuration 28-13

29 Configuring SNMP 29-1

Understanding SNMP 29-1

SNMP Versions 29-2 SNMP Manager Functions 29-3 SNMP Agent Functions 29-4 SNMP Community Strings 29-4 Using SNMP to Access MIB Variables 29-4 SNMP Notifications 29-5 SNMP ifIndex MIB Object Values 29-5 MIB Data Collection and Transfer 29-6

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

xxi

Contents

Configuring SNMP 29-6

Default SNMP Configuration 29-7 SNMP Configuration Guidelines 29-7 Disabling the SNMP Agent 29-8 Configuring Community Strings 29-8 Configuring SNMP Groups and Users 29-10 Configuring SNMP Notifications 29-12 Setting the Agent Contact and Location Information 29-16 Limiting TFTP Servers Used Through SNMP 29-16 Configuring MIB Data Collection and Transfer 29-17 Configuring the Cisco Process MIB CPU Threshold Table 29-20 SNMP Examples 29-20

Displaying SNMP Status 29-22

CHAPTER

30 Configuring Embedded Event Manager 30-1

Understanding Embedded Event Manager 30-1

Event Detectors 30-2 Embedded Event Manager Actions 30-4 Embedded Event Manager Policies 30-4 Embedded Event Manager Environment Variables 30-4

Configuring Embedded Event Manager 30-5

Registering and Defining an Embedded Event Manager Applet 30-5 Registering and Defining an Embedded Event Manager TCL Script 30-6

Displaying Embedded Event Manager Information 30-7

31 Configuring Network Security with ACLs 31-1

Understanding ACLs 31-1

Supported ACLs 31-2

Port ACLs 31-3 Router ACLs 31-4 VLAN Maps 31-5

Handling Fragmented and Unfragmented Traffic 31-5

xxii

Configuring IPv4 ACLs 31-6

Creating Standard and Extended IPv4 ACLs 31-7

IPv4 Access List Numbers 31-8 ACL Logging 31-8 Creating a Numbered Standard ACL 31-9 Creating a Numbered Extended ACL 31-10 Resequencing ACEs in an ACL 31-14

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

OL-9639-06

Creating Named Standard and Extended ACLs 31-14

Using Time Ranges with ACLs 31-16

Including Comments in ACLs 31-18 Applying an IPv4 ACL to a Terminal Line 31-18 Applying an IPv4 ACL to an Interface 31-19 Hardware and Software Treatment of IP ACLs 31-20 IPv4 ACL Configuration Examples 31-21

Numbered ACLs 31-23

Extended ACLs 31-23

Named ACLs 31-23

Time Range Applied to an IP ACL 31-24

Commented IP ACL Entries 31-24

ACL Logging 31-25

Creating Named MAC Extended ACLs 31-26

Applying a MAC ACL to a Layer 2 Interface 31-27

Contents

CHAPTER

Configuring VLAN Maps 31-28

VLAN Map Configuration Guidelines 31-29 Creating a VLAN Map 31-30

Examples of ACLs and VLAN Maps 31-31 Applying a VLAN Map to a VLAN 31-33 Using VLAN Maps in Your Network 31-33

Wiring Closet Configuration 31-33

Denying Access to a Server on Another VLAN 31-34

Using VLAN Maps with Router ACLs 31-35

VLAN Maps and Router ACL Configuration Guidelines 31-36 Examples of Router ACLs and VLAN Maps Applied to VLANs 31-37

ACLs and Switched Packets 31-37

ACLs and Routed Packets 31-37

ACLs and Multicast Packets 31-38

Displaying IPv4 ACL Configuration 31-39

32 Configuring Control-Plane Security 32-1

Understanding Control-Plane Security 32-1

OL-9639-06

Configuring Control-Plane Security 32-5 Monitoring Control-Plane Security 32-6

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

xxiii

Contents

CHAPTER

33 Configuring QoS 33-1

Understanding QoS 33-1

Modular QoS CLI 33-3 Input and Output Policies 33-4

Input Policy Maps 33-4 Output Policy Maps 33-5

Classification 33-5

Class Maps 33-6 The match Command 33-7 Classification Based on Layer 2 CoS 33-7 Classification Based on IP Precedence 33-8 Classification Based on IP DSCP 33-8 Classification Comparisons 33-9 Classification Based on QoS ACLs 33-10 Classification Based on QoS Groups 33-10

Classification Based on VLAN IDs 33-11 Table Maps 33-13 Policing 33-14

Individual Policing 33-15

Aggregate Policing 33-16

Unconditional Priority Policing 33-18 Marking 33-19

Marking and Queuing CPU-Generated Traffic 33-20 Congestion Management and Scheduling 33-20

Traffic Shaping 33-21

Class-Based Weighted Fair Queuing 33-23

Priority Queuing 33-24 Congestion Avoidance and Queuing 33-26

xxiv

Configuring QoS 33-29

Default QoS Configuration 33-29 QoS Configuration Guidelines 33-29 Using ACLs to Classify Traffic 33-30

Creating IP Standard ACLs 33-30

Creating IP Extended ACLs 33-32

Creating Layer 2 MAC ACLs 33-33 Using Class Maps to Define a Traffic Class 33-34 Configuring Table Maps 33-36 Attaching a Traffic Policy to an Interface 33-37

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

OL-9639-06

Configuring Input Policy Maps 33-38

Configuring Input Policy Maps with Individual Policing 33-39 Configuring Input Policy Maps with Aggregate Policing 33-43 Configuring Input Policy Maps with Marking 33-45 Configuring Per-Port Per-VLAN QoS with Hierarchical Input Policy Maps 33-47

Configuring Output Policy Maps 33-51

Configuring Output Policy Maps with Class-Based-Weighted-Queu ing 33-53 Configuring Output Policy Maps with Class-Based Shaping 33-54 Configuring Output Policy Maps with Port Shaping 33-56 Configuring Output Policy Maps with Class-Based Priority Queuing 33-57 Configuring Output Policy Maps with Weighted Tail Drop 33-61

Displaying QoS Information 33-64

QoS Statistics 33-64

Configuration Examples for Policy Maps 33-64

QoS Configuration for Customer A 33-65 QoS Configuration for Customer B 33-67 Modifying Output Policies and Adding or Deleting Classification Criteria 33-68 Modifying Output Policies and Changing Queuing or Scheduling Parameters 33-68 Modifying Output Policies and Adding or Deleting Configured Actions 33-69 Modifying Output Policies and Adding or Deleting a Class 33-70

Contents

CHAPTER

34 Configuring EtherChannels and Link-State Tracking 34-1

Understanding EtherChannels 34-1

EtherChannel Overview 34-2 Port-Channel Interfaces 34-3 Port Aggregation Protocol 34-4

PAgP Modes 34-5 PAgP Interaction with Other Features 34-5

Link Aggregation Control Protocol 34-6

LACP Modes 34-6

LACP Interaction with Other Features 34-7 EtherChannel On Mode 34-7 Load Balancing and Forwarding Methods 34-7

Configuring EtherChannels 34-9

Default EtherChannel Configuration 34-10 EtherChannel Configuration Guidelines 34-10 Configuring Layer 2 EtherChannels 34-11

OL-9639-06

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

xxv

Contents

Configuring Layer 3 EtherChannels 34-14

Creating Port-Channel Logical Interfaces 34-14

Configuring the Physical Interfaces 34-15 Configuring EtherChannel Load Balancing 34-17 Configuring the PAgP Learn Method and Priority 34-18 Configuring LACP Hot-Standby Ports 34-19

Configuring the LACP System Priority 34-20

Configuring the LACP Port Priority 34-21

Displaying EtherChannel, PAgP, and LACP Status 34-22 Understanding Link-State Tracking 34-22 Configuring Link-State Tracking 34-24

Default Link-State Tracking Configuration 34-24 Link-State Tracking Configuration Guidelines 34-24 Configuring Link-State Tracking 34-24

Displaying Link-State Tracking Status 34-25

CHAPTER

35 Configuring IP Unicast Routing 35-1

Understanding IP Routing 35-2

Types of Routing 35-2

Steps for Configuring Routing 35-3 Configuring IP Addressing 35-4

Default Addressing Configuration 35-4 Assigning IP Addresses to Network Interfaces 35-5

Use of Subnet Zero 35-6

Classless Routing 35-6 Configuring Address Resolution Methods 35-8

Define a Static ARP Cache 35-8

Set ARP Encapsulation 35-10

Enable Proxy ARP 35-10 Routing Assistance When IP Routing is Disabled 35-11

Proxy ARP 35-11

Default Gateway 35-11

ICMP Router Discovery Protocol (IRDP) 35-11 Configuring Broadcast Packet Handling 35-13

Enabling Directed Broadcast-to-Physical Broadcast Translation 35-13

Forwarding UDP Broadcast Packets and Protocols 35-14

Establishing an IP Broadcast Address 35-15

Flooding IP Broadcasts 35-16 Monitoring and Maintaining IP Addressing 35-17

xxvi

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

OL-9639-06

Enabling IPv4 Unicast Routing 35-18 Configuring RIP 35-19

Default RIP Configuration 35-19 Configuring Basic RIP Parameters 35-20 Configuring RIP Authentication 35-21 Configuring Summary Addresses and Split Horizon 35-22 Configuring Split Horizon 35-23

Configuring OSPF 35-24

Default OSPF Configuration 35-25

Nonstop Forwarding Awareness 35-26 Configuring Basic OSPF Parameters 35-26 Configuring OSPF Interfaces 35-27 Configuring OSPF Network Types 35-28

Configuring OSPF for Nonbroadcast Networks 35-29

Configuring Network Types for OSPF Interfaces 35-29 Configuring OSPF Area Parameters 35-31 Configuring Other OSPF Parameters 35-32 Changing LSA Group Pacing 35-33 Configuring a Loopback Interface 35-34 Monitoring OSPF 35-35

Contents

Configuring EIGRP 35-35

Default EIGRP Configuration 35-37

Nonstop Forwarding Awareness 35-38 Configuring Basic EIGRP Parameters 35-38 Configuring EIGRP Interfaces 35-39 Configuring EIGRP Route Authentication 35-40 Configuring EIGRP Stub Routing 35-41 Monitoring and Maintaining EIGRP 35-43

Configuring BGP 35-43

Default BGP Configuration 35-45

Nonstop Forwarding Awareness 35-47 Enabling BGP Routing 35-48 Managing Routing Policy Ch an ges 35-50 Configuring BGP Decision Attributes 35-51 Configuring BGP Filtering with Route Maps 35-53 Configuring BGP Filtering by Neighbor 35-54 Configuring Prefix Lists for BGP Filtering 35-55 Configuring BGP Community Filtering 35-57 Configuring BGP Neighbors and Peer Groups 35-58

OL-9639-06

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

xxvii

Contents

Configuring Aggregate Addresses 35-60 Configuring Routing Domain Confederations 35-61 Configuring BGP Route Reflectors 35-61 Configuring Route Dampening 35-62 Monitoring and Maintaining BGP 35-63

Configuring ISO CLNS Routing 35-64

Configuring IS-IS Dynamic Routing 35-65

Default IS-IS Configuration 35-66 Nonstop Forwarding Awareness 35-66 Enabling IS-IS Routing 35-67 Configuring IS-IS Global Parameters 35-68 Configuring IS-IS Interface Parameters 35-71

Monitoring and Maintaining IS-IS 35-73

Configuring Multi-VRF CE 35-74

Understanding Multi-VRF CE 35-75 Default Multi-VRF CE Configuration 35-77 Multi-VRF CE Configuration Guid elines 35-77 Configuring VRFs 35-78 Configuring VRF-Aware Services 35-79

User Interface for ARP 35-79 User Interface for PING 35-80 User Interface for SNMP 35-80 User Interface for HSRP 35-80 User Interface for uRPF 35-81 User Interface for Syslog 35-81 User Interface for Traceroute 35-82

User Interface for FTP and TFTP 35-82 Configuring a VPN Routing Session 35-82 Configuring BGP PE to CE Routing Sessions 35-83 Multi-VRF CE Configuration Example 35-84 Displaying Multi-VRF CE Status 35-88

xxviii

Configuring Protocol-Independent Features 35-88

Configuring Cisco Express Forwarding 35-88 Configuring the Number of Equal-Cost Routing Paths 35-90 Configuring Static Unicast Routes 35-90 Specifying Default Routes and Networks 35-91 Using Route Maps to Redistribute Routing Information 35-92

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

OL-9639-06

Configuring Policy-Based Routing 35-96

PBR Configuration Guidelines 35-96 Enabling PBR 35-97

Filtering Routing Information 35-99

Setting Passive Interfaces 35-99 Controlling Advertising and Proce s sing in Routing Updates 35-100 Filtering Sources of Routing Information 35-101

Managing Authentication Keys 35-101

Monitoring and Maintaining the IP Network 35-102

Contents

CHAPTER

36 Configuring HSRP 36-1

Understanding HSRP 36-1

HSRP Versions 36-3 Multiple HSRP 36-4

Configuring HSRP 36-5

Default HSRP Configuration 36-5 HSRP Configuration Guidelines 36-5 Enabling HSRP 36-6 Configuring HSRP Priority 36-7 Configuring MHSRP 36-10 Configuring HSRP Authentication and Timers 36-10 Enabling HSRP Support for ICMP Redirect Messages 36-12

Displaying HSRP Configurations 36-12

37 Configuring Cisco IOS IP SLAs Operations 37-1

Understanding Cisco IOS IP SLAs 37-1

Using Cisco IOS IP SLAs to Measure Network Performance 37-3 IP SLAs Responder and IP SLAs Control Protocol 37-4 Response Time Computation for IP SLAs 37-4 IP SLAs Operation Scheduling 37-5 IP SLAs Operation Threshold Monitoring 37-5

OL-9639-06

Configuring IP SLAs Operations 37-6

Default Configuration 37-6 Configuration Guidelines 37-6 Configuring the IP SLAs Responder 37-7 Analyzing IP Service Levels by Using the UDP Jitter Operation 37-8 Analyzing IP Service Levels by Using the ICMP Echo Operation 37-11

Monitoring IP SLAs Operations 37-13

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

xxix

Contents

CHAPTER

38 Configuring Enhanced Object Tracking 38-1

Understanding Enhanced Object Tracking 38-1 Configuring Enhanced Object Tracking Features 38-2

Default Configuration 38-2 Tracking Interface Line-Protocol or IP Routing State 38-2 Configuring a Tracked List 38-3

Configuring a Tracked List with a Boolean Expression 38-4

Configuring a Tracked List with a Weight Threshold 38-5

Configuring a Tracked List with a Percentage Threshold 38-6 Configuring HSRP Object Tracking 38-7 Configuring Other Tracking Characteristics 38-8 Configuring IP SLAs Object Tracking 38-8 Configuring Static Routing Support 38-10

Configuring a Primary Interface 38-10

Configuring a Cisco IP SLAs Monitoring Agent and Track Object 38-11

Configuring a Routing Policy and Default Route 38-12

Monitoring Enhanced Object Tracking 38-13

CHAPTER

39 Configuring Ethernet OAM, CFM, and E-LMI 39-1

Understanding Ethernet CFM 39-2

CFM Domain 39-2 Maintenance Points 39-3 CFM Messages 39-4 Crosscheck Function 39-4 SNMP Traps 39-4 IP SLAs Support for CFM 39-5

Configuring Ethernet CFM 39-5

Default Ethernet CFM Configuration 39-5 Ethernet CFM Configuration Guidelines 39-6 Preparing the Ethernet CFM Network 39-6 Configuring Ethernet CFM Service 39-7 Configuring Ethernet CFM Crosscheck 39-8 Configuring IP SLAs CFM Operation 39-9

Manually Configuring an IP SLAs CFM Probe or Jitter Operation 39-10

Configuring an IP SLAs Operation with Endpoint Discovery 39-12

Displaying Ethernet CFM Information 39-13

xxx

Understanding the Ethernet OAM Protocol 39-14

OAM Features 39-15 OAM Messages 39-15

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

OL-9639-06

+ 1056 hidden pages