Cisco ME 3400 Ethernet Access Switch
Software Configuration G uide
Cisco IOS Release 12.2(25)EX
November 2005
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Customer Order Number: DOC-7817058=
Text Part Number: 78-17058-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS M ANUAL ARE SUBJECT TO CHA NGE WITHOUT NO TICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSI BILITY FOR THEIR APPLICA TION OF ANY PRODUCT S.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORT H IN THE INFORMATION PACKET T HAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP head er compressi on is an adap tation of a program developed by the Universi ty of Ca lifornia, Berk eley (UCB) as part of UCB ’s public
domain version of the UNIX operatin g system. All rights reserved . Copyri ght © 1981 , Rege nts of the Uni versity of Calif ornia.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THE SE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAI M ALL WARRANTIE S, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NO NINFRINGEM ENT OR ARISING FROM A COURS E OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING ,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE S.
CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn,
and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the
Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering th e Internet
Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Ex pe rti se,
the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX,
Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient,
and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0502 R)
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
© 2005 Cisco Systems, Inc. All rights res erved.
Preface xxxiii
Audience xxxiii
Purpose xxxiii
Conventions xxxiii
Related Publications xxxiv
Obtaining Documentation xxxv
Cisco.com xxxv
Product Documentation DVD xxxv
Ordering Documentation xxxv
Documentation Feedback xxxvi
Cisco Product Secu rity Overview xxxvi
Reporting Security Problems in Cisco Products xxxvii
CONTENTS
CHAPTER
Obtaining Technical Assistance xxxvii
Cisco Technical Support & Documentation Website xxxvii
Submitting a Service Request xxxviii
Definitions of Service Request Severity xxxviii
Obtaining Additional Publications and Information xxxix
1 Overview 1-1
Features 1-1
Performance Feat ures 1-2
Management Options 1-3
Manageability Features 1-3
Availability Features 1-4
VLAN Features 1-5
Security Features 1-5
Quality of Service and Class of Service Features 1-6
Layer 2 Virtual Pr ivate Network Services 1-7
Layer3 Features 1-7
Layer 3 VPN Services 1-8
Monitoring Features 1-8
Subscriber Security 1-5
Switch Security 1-5
Network Security 1-6
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
iii
Contents
Default Settings After Initial Switch Configuration 1-8
Network Configuration Examples 1-11
Multidwelling or Ethernet-to-the-Subscriber Network 1-11
Layer 2 VPN Application 1-13
Multi-VRF CE Applicatio n 1-14
Where to Go Next 1-15
CHAPTER
2 Using the Command-Line Interface 2-1
Understanding Command Modes 2-1
Understanding the Help System 2-3
Understanding Abbreviated Commands 2-3
Understanding no and default Forms of Commands 2-4
Understanding CLI Error Messages 2-4
Using Command History 2-4
Changing the Command Hi story Buffer Size 2-5
Recalling Commands 2-5
Disabling the Command History Feature 2-5
Using Editing Features 2-6
Enabling and Disa bling Editing Features 2-6
Editing Commands through Keystrokes 2-6
Editing Command Lines that Wrap 2-8
Searching and Filtering Output of sho w an d m or e Com ma nds 2-8
Accessing the CLI 2-9
Accessing the CLI through a Console Connection or through Telnet 2-9
CHAPTER
iv
3 Assigning the Switch IP Address and Default Gateway 3-1
Understanding the Boot Process 3-1
Assigning Switch Information 3-2
Default Switch Information 3-3
Understanding DHCP-Based Autoconfiguration 3-3
DHCP Client Request Process 3-3
Configuring DHCP-Based Autoconfiguration 3-5
DHCP Server Configuration Guidelines 3-5
Configuring the TFTP Server 3-5
Configuring the DNS 3-6
Configuring the Relay Device 3-6
Obtaining Configuration Files 3-7
Example Configuration 3-8
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Manually Assigning IP Information 3-9
Checking and Saving the Running Configuration 3-10
Modifying the S ta rtup Configurat ion 3-12
Default Boot Configuration 3-13
Automatically Downloading a Configuration File 3-13
Specifying the Filename to Read and Write the System Configu ration 3-13
Booting Manually 3-14
Booting a Specific Software Image 3-14
Controlling Environment Variables 3-15
Scheduling a Reload of the Software Image 3-16
Configuring a Scheduled Reload 3-17
Displaying Sched uled Reload Information 3-18
Contents
CHAPTER
4 Configuring Cisco IOS CNS Agents 4-1
Understanding Cisco Configuration Engine Software 4-1
Configuration Service 4-2
Event Service 4-3
NameSpace M a pper 4-3
What You Should Know About th e C N S ID s an d De vice Hostname s 4-3
ConfigID 4-3
DeviceID 4-4
Hostname and De viceID 4-4
Using Hostname, DeviceID, and ConfigID 4-4
Understanding Cisco IOS Agents 4-5
Initial Configuration 4-5
Incremental (P ar tia l ) Co nf ig ur ation 4-6
Synchronized Configuration 4-6
Configuring Ci sco IOS Agents 4-6
Enabling Automate d CNS Configuration 4-6
Enabling the C NS Ev e nt Agent 4-8
Enabling the Cisco IOS CNS Agent 4-9
Enabling an Initial Configuration 4-9
Enabling a Partial Configuration 4-11
CHAPTER
78-17058-01
Displaying CNS Configuration 4-12
5 Administering the Switch 5-1
Managing the System Time and Date 5-1
Understanding the System Clock 5-2
Understanding Network Time Protocol 5-2
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
v
Contents
Configuring NTP 5-4
Default NTP Config uration 5-4
Configuring NTP Authentication 5-5
Configuring NTP Associations 5-6
Configuring NTP Broadcast Service 5-7
Configuring NTP Ac cess Restrictions 5-8
Configuring the Source IP Address for NTP Packets 5-10
Displaying the NTP C onfiguration 5-11
Configuring Ti me and Date Manually 5-11
Setting the System Clock 5-11
Displaying the Time and Date Configuration 5-12
Configuring the Time Zone 5-12
Configuring Summer Time (Daylight Saving Time) 5-13
Configuring a System Name and Prompt 5-14
Default System Name and Prompt Configuration 5-15
Configuring a System Name 5-15
Understanding DNS 5-15
Default DNS Configuration 5-16
Setting Up DNS 5-16
Displaying the DNS Configuration 5-17
Creating a Banner 5-17
Default Banner Con figuration 5-17
Configuring a Message-of-the-Day Login Banner 5-18
Configuring a Login Banner 5-19
Managing the MAC Address Table 5-19
Building the Address Table 5-20
MAC Addresses and VLANs 5-20
Default MAC Address Tab le Configuration 5-21
Changing the Addres s Aging Time 5-21
Removing Dynamic Address Entries 5-22
Configuring MAC Address Notification Traps 5-22
Adding and Removing Static Address Entries 5-24
Configuring Unicast MAC Address Filtering 5-25
Disabling MAC Address Learning on a VLAN 5-26
Displaying Addre ss Table Entries 5-28
Managing the ARP Table 5-28
vi
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Contents
CHAPTER
CHAPTER
6 Configuring SDM Templates 6-1
Understanding the SDM Templates 6-1
Configuring the Switch SDM Template 6-2
Default SDM Template 6-2
SDM Template Configuration Guidelines 6-2
Setting the SDM Template 6-3
Displaying the SDM Temp lates 6-4
7 Configuring Switch-Based Authentication 7-1
Preventing Unauthorized Access to Your Switch 7-1
Protecting Access to Privileged EXEC Commands 7-2
Default Password and Privilege Level Configuration 7-2
Setting or Changing a Static Enable Password 7-3
Protecting Enable and Enable Secret Passwords with Encryption 7-4
Disabling Password Recovery 7-5
Setting a Telnet Password for a Terminal Line 7-6
Configuring User name and Password Pairs 7-7
Configuring Multiple Privilege Levels 7-8
Setting the Priv ilege Level for a Command 7-8
Changing the Default Privilege Level for Lines 7-9
Logging into and Exiting a Privilege Level 7-10
Controlling Switch Access with TACACS+ 7-10
Understanding TACACS+ 7-10
TACACS+ Operation 7-12
Configuring TACACS+ 7-13
Default TACACS+ Confi guration 7-13
Identifying the TACACS+ Server Host and Setting the Authentication Key 7-13
Configuring TACACS+ Login Authentication 7-14
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 7-16
Starting TACACS+ Accounting 7-17
Displaying the TA CACS+ Configuration 7-17
Controlling Switch Access with RADIUS 7-18
Understanding RADIUS 7-18
RADIUS Operation 7-19
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
vii
Contents
Configuring RADIUS 7-20
Default RADIUS Configu ration 7-20
Identifying the RADIUS Server Host 7-20
Configuring RADI US Login Authentication 7-23
Defining AAA Server Groups 7-25
Configuring RADIUS Authorization for User Privilege d Access and Network Services 7-27
Starting RADIUS Accounting 7-28
Configuring Set tings for All RADIUS Servers 7-29
Configuring the Switch to Use Vendor-Specific RADIUS Attributes 7-29
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 7-31
Displaying the RADIUS Configuration 7-31
Controlling Switch Access with Kerberos 7-32
Understanding Kerberos 7-32
Kerberos Operation 7-34
Authenticating to a Boundary Switch 7-35
Obtaining a TGT from a KDC 7-35
Authenticating to Network Services 7-35
Configuring Kerberos 7-36
CHAPTER
Configuring the Switch for Local Authentication and Authorization 7-36
Configuring the Switch for Secure Shell 7-37
Understanding SSH 7-38
SSH Servers, Integrated Clients, and Supported Versions 7-38
Limitations 7-38
Configuring SSH 7-39
Configuration Guidelines 7-39
Setting Up the Switch to Run SSH 7-39
Configuring the SSH Server 7-40
Displaying the SS H C onfiguration and Status 7-41
8 Configuring IEEE 802.1x Port-Based Authentication 8-1
Understanding IEEE 802.1x Port-Based Authentication 8-1
Device Roles 8-2
Authentication Initiation and Message Exchange 8-3
Ports in Authorized and Unauthorized States 8-4
IEEE 802.1x Accounting 8-5
IEEE 802.1x Accounting Attribute-Value Pairs 8-5
IEEE 802.1x Host Mode 8-6
Using IEEE 802.1x with Port Security 8-7
Using IEEE 802.1x with VLAN Assignment 8-8
viii
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Configuring IEEE 802.1x Authentication 8-9
Default IEEE 802.1x Configuration 8-9
IEEE 802.1x Confi guration Guidelines 8-10
Configuring IEEE 802.1x Authentication 8-11
Configuring th e Switch-to-RADIUS-Server Communicat ion 8-12
Configuring Periodic Re-Authentication 8-13
Manually Re-Authenticating a Client Connected to a Port 8-14
Changing the Quiet Period 8-14
Changing the Switch-to-Client Retransmission Time 8-15
Setting the Switch-to-Client Frame-Retransmission Number 8-15
Setting the Re-Aut hentication Number 8-16
Configuring the Host Mode 8-17
Resetting the IE EE 802.1x Configuration to the Default Values 8-17
Configuring IEEE 802.1x Accounting 8-18
Displaying IEEE 802.1x Statistics and Status 8-19
Contents
CHAPTER
9 Configuring Interface Characteristics 9-1
Understanding Interface Types 9-1
Port-Based VLANs 9-2
Switch Ports 9-2
UNI and NNI Ports 9-3
Access Ports 9-3
Trunk Ports 9-4
Tunnel Ports 9-4
Routed Ports 9-4
Switch Virtual Interfaces 9-5
EtherChannel Por t Groups 9-6
Connecting Interfaces 9-6
Using Interface Configuration Mode 9-7
Procedures for Configuring Interfaces 9-7
Configuring a Range of Interfaces 9-8
Configuring and Using Interface Range Macros 9-10
Configuring Ethernet Interfaces 9-11
Default Etherne t Interface Configuration 9-12
Configuring User Network and Network Node Interfaces 9-13
Configuring Interface Speed and Duplex Mode 9-14
Speed and Duplex Configuration Guidelines 9-15
Setting the Interface Speed and Duplex Parameters 9-15
Configuring IEEE 802.3x Flow Control 9-17
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
ix
Contents
Configuring Auto-MDIX on an Interface 9-18
Adding a Descripti on for an Interface 9-19
Configuring Layer 3 Interfaces 9-20
Configuring the System MTU 9-21
Monitoring and Maintaining the Interfaces 9-22
Monitoring Interface Status 9-23
Clearing and Reset ting Interfaces and Counters 9-24
Shutting Down and Restarting the Interface 9-24
CHAPTER
CHAPTER
10 Configuring Command Macros 10-1
Understanding Command Macros 10-1
Configuring Comman d Macros 10-2
Default Command Macro Configuration 10-2
Command Macro Configuration Guidelines 10-2
Creating Command Macros 10-3
Applying Command Macros 10-4
Displaying Command Macros 10-5
11 Configuring VLANs 11-1
Understanding VLANs 11-1
Supported VLANs 11-3
Normal-Range VLANs 11-3
Extended-Range VL ANs 11-4
VLAN Port Membership Modes 11-4
UNI VLANs 11-5
Creating and Modifying VLANs 11-6
Default Etherne t VLAN Configuration 11-7
VLAN Configuration Guidelines 11-8
Creating or Modifying an Ethernet VLAN 11-9
Assigning St at ic-Access Port s to a VLAN 11-10
Creating an Extended-Range VLAN with an Internal VLAN ID 11-11
Configuring UNI VL ANs 11-12
Configuration Guidelines 11-12
Configuring UNI VL ANs 11-13
Displaying VLANs 11-14
Configuring VLAN Tr unks 11-14
Trunking Overview 11-14
IEEE 802.1Q Confi guration Considerations 11-15
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
x
78-17058-01
Default Layer 2 Ethernet Inte rfa c e VL A N Co nf ig ur ation 11-16
Configuring an Ethernet Interface as a Trunk Port 11-16
Interaction with Other Features 11-16
Configuring a Trunk Port 11-17
Defining the Allo w e d V LA N s on a Tr un k 11-17
Configuring the Native VLAN for Untagged Traffic 11-19
Configuring Trunk Ports for Load Sharing 11-19
Load Sharing Using STP Port Priorities 11-20
Load Sharing Using STP Path Cost 11-21
Configuring VMPS 11-23
Understanding VMPS 11-23
Dynamic-Access Port VLAN Membership 11-24
Default VMPS Client Configuration 11-24
VMPS Configuration Guidelines 11-25
Configuring the VMPS Client 11-25
Entering the IP Address of the VMPS 11-25
Configuring Dynamic-Access Ports on VMPS Clients 11-26
Reconfirming VLAN Memberships 11-26
Changing the Reconfirmation Interval 11-27
Changing the Retry Count 11-27
Monitoring the VMPS 11-27
Troubleshooting Dynamic-Access Port VLAN Membership 11-28
VMPS Configuration Example 11-28
Contents
CHAPTER
78-17058-01
12 Configuring Private VLANs 12-1
Understanding Private VLANs 12-1
Types of Private VLANs and Private-VLAN Ports 12-2
IP Addressing Scheme with Private VLANs 12-4
Private VLANs across Multiple Switches 12-4
Private VLANs and Unicast, Broadcast, and Multicast Traffic 12-5
Private VLANs and SVIs 12-5
Configuring Private VLANs 12-5
Tasks for Configuring Private VLANs 12-6
Default Private-VLAN Configuration 12-6
Private-VLAN Configuration Guidelines 12-6
Secondary and Primary VLAN Configuration 12-7
Private-VLAN Po rt Co nfiguration 12-8
Limitations with Other Features 12-9
Configuring and Associating VLANs in a Private VLAN 12-10
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
xi
Contents
Configuring a Lay er 2 Interface as a Private-VLAN Host Port 12-12
Configuring a Lay er 2 Interface as a Private-VLAN Promi scuous Port 12-13
Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface 12-14
Monitoring Private VLANs 12-15
CHAPTER
13 Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling 13-1
Understanding IEEE 802.1Q Tunneling 13-1
Configuring IEEE 802.1Q Tunneling 13-4
Default IEEE 802.1Q Tunneling Configuration 13-4
IEEE 802.1Q Tunnel ing Configuration Guidelines 13-4
Native VLANs 13-4
System MTU 13-5
IEEE 802.1Q Tunneling and Other Features 13-6
Configuring an IEEE 802.1Q Tunneling Port 13-6
Understanding Layer 2 Protocol Tunneling 13-8
Configuring Layer 2 Protocol Tunneling 13-10
Default Layer 2 Protocol Tunneling Configuration 13-11
Layer 2 Protocol Tu nneling Configuration Guidelines 13-11
Configuring Layer 2 Protocol Tunneling 13-12
Configuring Layer 2 Tunneling for EtherChannels 13-14
Configuring the SP Edge Switch 13-14
Configuring the Customer Switch 13-15
Monitoring and Maintaining Tunneling Status 13-18
CHAPTER
xii
14 Configuring STP 14-1
Understanding Spanning-Tree Features 14-1
STP Overview 14-2
Spanning-Tree To pology and BPDUs 14-3
Bridge ID, Switch Priority, and Extended System ID 14-4
Spanning-Tree I nterface States 14-4
Blocking State 14-6
Listening State 14-6
Learning State 14-6
Forwarding State 14-7
Disabled State 14-7
How a Switch or Port Becomes the Root Switch or Root Port 14-7
Spanning Tree and Redundant Connectivity 14-8
Spanning-Tree Add ress Management 14-8
Accelerated Aging to Retain Connectivity 14-9
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Spanning-Tree Mode s and Protocols 14-9
Supported Spanning-Tree Instances 14-10
Spanning-Tree Interoperability and Backward Compat ibility 14-10
STP and IEEE 802.1Q Tr unks 14-10
Configuring Spanning-Tree Features 14-11
Default Spanning -Tree Configuration 14-11
Spanning-Tree Configuration Guidelines 14-12
Changing the Spanning-Tree Mode. 14-13
Disabling Spanning Tree 14-14
Configuring the Root Switch 14-14
Configuring a Secondary Root Switch 14-16
Configuring Port Priority 14-16
Configuring Path Cost 14-18
Configuring the Switch Priority of a VLAN 14-19
Configuring Spanning-Tree Timers 14-20
Configuring the Hello Time 14-20
Configuring the Forwarding-Delay Time for a VLAN 14-21
Configuring th e Maximum-Aging Time for a VLAN 14-21
Contents
CHAPTER
Displaying the Spanning-Tree Status 14-22
15 Configuring MSTP 15-1
Understanding MSTP 15-2
Multiple Spanning-Tree Regions 15-2
IST, CIST, and CST 15-2
Operations Within an MST Region 15-3
Operations Betwee n MST Regions 15-3
Hop Count 15-4
Boundary Ports 15-5
Interoperabi lity with IEEE 802.1D STP 15-5
Understanding RSTP 15-6
Port Roles and the Active Topology 15-6
Rapid Convergence 15-7
Synchronization of Port Roles 15-8
Bridge Protocol Data Unit Format and Processing 15-9
Processing Super ior BPDU Information 15-10
Processing Inferior BPDU Information 15-10
Topology Changes 15-10
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
xiii
Contents
Configuring MSTP Features 15-11
Default MSTP Config uration 15-12
MSTP Configuration Gui delines 15-12
Specifying the MST Region Configuration and Enabling MSTP 15-13
Configuring the Root Switch 15-14
Configuring a Sec ondary Root Switch 15-16
Configuring Port Priority 15-17
Configuring Path Cost 15-18
Configuring the Switch Priority 15-19
Configuring the Hello Time 15-19
Configuring th e Forwarding-Delay Time 15-20
Configuring th e Maximum-Aging Time 15-21
Configuring the Maximum-Hop Count 15-21
Specifying the Link Type to Ensure Rapid Transitions 15-22
Restarting the Protocol Migration Process 15-22
CHAPTER
Displaying the MST Configuration and Status 15-23
16 Configuring Optional Spanning-Tree Features 16-1
Understanding Optional Spanning-Tree Features 16-1
Understanding Port Fast 16-2
Understanding BPD U Guard 16-2
Understanding BPDU Filtering 16-3
Understanding EtherChannel Guard 16-3
Understanding Root Guard 16-3
Understanding Loop Guard 16-4
Configuring Optional Spanning-Tree Features 16-5
Default Optional Spanning-Tree Configuration 16-5
Optional Spanning-Tree Configuration Guidelines 16-5
Enabling Port Fast 16-5
Enabling BPDU Guard 16-6
Enabling BPDU Filtering 16-7
Enabling EtherChannel Guard 16-8
Enabling Root Guard 16-9
Enabling Loop Guard 16-9
xiv
Displaying the Spanning-Tree Status 16-10
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Contents
CHAPTER
CHAPTER
17 Configuring Flex Links 17-1
Understanding Flex Links 17-1
Configuring Flex Links 17-2
Default Flex Link Configuration 17-2
Flex Link Config uration Guidelines 17-2
Configuring Flex Links 17-3
Monitoring Flex Links 17-4
18 Configuring DHCP Features and IP Source Guard 18-1
Understanding DHCP Features 18-1
DHCP Server 18-2
DHCP Relay Agent 18-2
DHCP Snooping 18-2
Option-82 Data Insertion 18-3
DHCP Snooping Binding Database 18-5
Configuring DHCP Features 18-6
Default DHCP Config uration 18-7
DHCP Snooping Configuration Guidelines 18-7
Configuring the DHCP Relay Agent 18-8
Specifying the Packet Forwarding Address 18-9
Enabling DHCP Snoopi ng and Option 82 18-10
Enabling DHCP Snoopi ng on Private VLANs 18-11
Enabling the DHCP Snooping Binding Database Agent 18-12
78-17058-01
Displaying DHCP Sno oping Information 18-13
Understanding IP Source Guard 18-13
Source IP Address Filtering 18-14
Source IP and MAC Address Filtering 18-14
Configuring IP Source Guard 18-14
Default IP Source Guard Configuration 18-14
IP Source Guard Configuration Guidelines 18-15
Enabling IP Source Guard 18-15
Displaying IP Source Guard Information 18-16
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
xv
Contents
CHAPTER
CHAPTER
19 Configuring Dynamic ARP Inspection 19-1
Understanding Dynamic ARP Inspection 19-1
Interface Trust States and Network Security 19-3
Rate Limiting of ARP Packets 19-4
Relative Priority of ARP ACLs and DHCP Snooping Entries 19-4
Logging of Dropped Packets 19-4
Configuring Dynamic ARP Inspection 19-5
Default Dynamic ARP Inspection Configuration 19-5
Dynamic ARP Inspection Configuration Guidelines 19-6
Configuring Dynamic ARP Inspection in DHCP Environments 19-7
Configuring ARP ACL s for Non-DHCP Environments 19-8
Limiting the Rate of Incoming ARP Packets 19-10
Performing Validation Checks 19-12
Configuring the Log Buffer 19-13
Displaying Dynamic ARP Inspection Information 19-14
20 Configuring IGMP Snooping and MVR 20-1
Understanding IGMP Snooping 20-1
IGMP Versions 20-2
Joining a Multicast Group 20-3
Leaving a Multicast Group 20-5
Immediate Leave 20-5
IGMP Configurable-Leave Timer 20-5
IGMP Report Suppression 20-6
xvi
Configuring IGMP Snooping 20-6
Default IGMP Snoo ping Configuration 20-6
Enabling or Dis a bl in g IG M P Sno o pi ng 20-7
Configuring a Multicast Router Port 20-8
Configuring a Host Statically to Join a Group 20-8
Enabling IGMP Immediate Leave 20-9
Configuring the IGMP Leave Timer 20-10
Configuring TCN-Related Commands 20-11
Controlling the Multicast Flooding Time After a TCN Event 20-11
Recovering from Flood Mode 20-11
Disabling Multicast Flooding During a TCN Event 20-12
Configuring the IGMP Snooping Querier 20-13
Disabling IGMP Report Suppression 20-14
Displaying IGMP Sno oping Information 20-15
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Understanding Multicast VLAN Registration 20-16
Using MVR in a Multicast Television Application 20-16
Configuring MV R 20-18
Default MVR Configuration 20-18
MVR Configuration Guidelines and Limitations 20-19
Configuring MVR Global Parameters 20-19
Configuring MVR Interfaces 20-20
Displaying MVR Information 20-22
Configuring IG M P Fi lt ering and Throttling 20-22
Default IGMP Filtering and Throttling Configuration 20-23
Configuring IGMP Profiles 20-23
Applying IGMP Profil es 20-25
Setting the Maximum Number of IGMP Groups 20-25
Configuring the IGMP Throttling Action 20-26
Displaying IGMP Filtering and Throttling Configuration 20-28
Contents
CHAPTER
21 Configuring Port-Based Traffic Control 21-1
Configuring Sto rm Control 21-1
Understanding Storm Control 21-1
Default Storm Control Configuration 21-3
Configuring Storm Control and Threshold Levels 21-3
Configuring Protected Ports 21-5
Default Protected Port Configuration 21-5
Protected Port Configuration Guidelines 21-6
Configuring a Protected Port 21-6
Configuring Port Blocking 21-7
Default Port Blocking Configuration 21-7
Blocking Flooded Traffic on an Interface 21-7
Configuring Port Security 21-8
Understanding Po rt Security 21-8
Secure MAC Addresses 21-8
Security Viol at ions 21-9
Default Port Security Configuration 21-10
Port Security Configuration Guidelines 21-10
Enabling and Configuring Port Security 21-11
Enabling and Confi guring Port Security Aging 21-15
78-17058-01
Displaying Port -Based Traffic Control Settings 21-17
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
xvii
Contents
CHAPTER
CHAPTER
22 Configuring CDP 22-1
Understanding CDP 22-1
Configuring CDP 22-2
Default CDP Config uration 22-2
Configuring the CDP Characteristics 22-2
Disabling and Enabling CDP 22-3
Disabling and Enabling CDP on an Interface 22-4
Monitoring and Maintaining CDP 22-5
23 Configuring UDLD 23-1
Understanding UDLD 23-1
Modes of Operation 23-1
Methods to Detect Unidirectional Links 23-2
Configuring UDLD 23-4
Default UDLD Configuration 23-4
Configuratio n Guidelines 23-4
Enabling UDLD Globally 23-5
Enabling UDLD on an Interface 23-5
Resetting an Interf ace Disabled by UDLD 23-6
CHAPTER
Displaying UDLD Status 23-6
24 Configuring SPAN and RSPAN 24-1
Understanding SPAN and RSPAN 24-1
Local SPAN 24-2
Remote SPAN 24-2
SPAN and RSPAN Concepts and Terminology 24-3
SPAN Sessions 24-3
Monitored Traffic 24-4
Source Ports 24-5
Source VLANs 24-6
VLAN Filtering 24-6
Destination Por t 24-7
RSPAN VLAN 24-8
SPAN and RSPAN Interaction with Other Features 24-8
Configuring SPAN an d RSPAN 24-9
Default SPAN and RSPAN Conf iguration 24-10
xviii
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Configuring Local SPAN 24-10
SPAN Configuration Guidelines 24-10
Creating a Local SPAN Session 24-11
Creating a Local SP AN S ession and Configuring Ingress Traffic 24-13
Specifying VLANs to Filter 24-15
Configuring RSPAN 24-16
RSPAN Configuration Guidelines 24-16
Configuring a VLAN as an RSPAN VLAN 24-17
Creating an RSPAN Source Session 24-17
Creating an RSPAN Destination Session 24-19
Creating an RSPAN Destination Session and Configuring Ingress Traffic 24-20
Specifying VLANs to Filter 24-21
Displaying SPAN and RSPAN Status 24-22
Contents
CHAPTER
CHAPTER
25 Configuring RMON 25-1
Understanding RMON 25-1
Configuring RMON 25-2
Default RMON Configuration 25-3
Configuring RMON Alarms and Events 25-3
Collecting Group History Statistics on an Interface 25-5
Collecting Group Ethernet Statistics on an Interface 25-6
Displaying RMON Status 25-6
26 Configuring System Message Logging 26-1
Understanding System Message Logging 26-1
Configuring System Message Logging 26-2
System Log Message Format 26-2
Default System Message Logging Configuration 26-3
Disabling Message Logging 26-3
Setting the Message D isplay Destination Device 26-4
Synchronizing Log Messages 26-5
Enabling and Disa bling Time Stamps on Log Messages 26-7
Enabling and Disabling Sequence Numbers in Log Messages 26-7
Defining the Message Severity Level 26-8
Limiting Syslog Messages Sent to the History Table and to SNMP 26-9
Configuring UNIX Syslog Servers 26-10
Logging Messages to a UNIX Syslog Daemon 26-10
Configuring the UNIX System Logging Facility 26-11
78-17058-01
Displaying the Lo gging Configuration 26-12
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
xix
Contents
CHAPTER
27 Configuring SNMP 27-1
Understanding SNMP 27-1
SNMP Versions 27-2
SNMP Manager Functions 27-3
SNMP Agent Fu nc ti on s 27-4
SNMP Community Strings 27-4
Using SNMP to Access MIB Variables 27-4
SNMP Notifications 27-5
SNMP ifIndex MIB Objec t Va lu es 27-5
Configuring SNMP 27-6
Default SNMP Configuration 27-6
SNMP Configuration Guidelines 27-6
Disabling the SNMP Agent 27-7
Configuring Commun ity Strings 27-8
Configuring SNMP Gro ups and Users 27-9
Configuring SNMP Not ifications 27-11
Setting the Agent Co ntact and Location Information 27-14
Limiting TFTP Servers Used Through SNMP 27-15
SNMP Exampl es 27-15
CHAPTER
Displaying SNMP Status 27-16
28 Configuring Network Security with ACLs 28-1
Understanding ACLs 28-1
Supported ACLs 28-2
Port ACLs 28-3
Router ACLs 28-4
VLAN Maps 28-5
Handling Fragmented and Unfragmented Traffic 28-5
Configuring IPv4 ACLs 28-6
Creating Standard and Extended IPv4 ACLs 28-7
IPv4 Access List Number s 28-8
ACL Logging 28-8
Creating a Numbered Standard ACL 28-9
Creating a Numbered Extended ACL 28-10
Resequencing ACEs in an ACL 28-14
Creating Named Standard and Extended ACLs 28-14
Using Time Ranges with ACLs 28-16
Including Comments in ACLs 28-18
Applying an IPv4 ACL to a Terminal Line 28-18
xx
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Applying an IPv4 ACL to an Interface 28-19
Hardware and Software Treatment of IP ACLs 28-21
IPv4 ACL Configuration Examples 28-21
Numbered ACLs 28-23
Extended ACLs 28-23
Named ACLs 28-23
Time Range Applied to an IP ACL 28-24
Commented IP AC L En tr ie s 28-24
ACL Logging 28-25
Creating Named MAC Extended ACLs 28-26
Applying a MAC ACL to a Layer 2 Interface 28-28
Configuring VLAN Map s 28-29
VLAN Map Configuration Guidelines 28-30
Creating a VLAN Map 28-31
Examples of ACLs and VLAN Maps 28-31
Applying a VLAN Map to a VLAN 28-33
Using VLAN Maps in Your Netwo rk 28-34
Wiring Closet Configuration 28-34
Denying Access to a Server on Another VLAN 28-35
Contents
CHAPTER
CHAPTER
Using VLAN Maps with Router ACLs 28-36
VLAN Maps and Router ACL Configuration Guidelines 28-36
Examples of Router ACLs an d VLAN Maps Applied to VLANs 28-37
ACLs and Switched Packets 28-37
ACLs and Routed Packets 28-38
ACLs and Multicast Packets 28-39
Displaying IPv4 ACL Configuration 28-39
29 Configuring Control-Plane Security 29-1
Understanding Control-Plane Security 29-1
Configuring Control-Plane Security 29-4
Monitoring Control-Plane Security 29-5
30 Configuring QoS 30-1
Understanding QoS 30-1
Modular QoS CLI 30-3
Input and Output Policies 30-4
Input Policy Maps 30-4
Output Policy Maps 30-5
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
xxi
Contents
Classification 30-5
Class Maps 30-6
The match Command 30-7
Classification Based on Layer 2 CoS 30-7
Classification Based on IP Precedence 30-8
Classification Based on IP DSCP 30-8
Classification Comparisons 30-9
Classification Based on QoS ACLs 30-10
Classification Based on QoS Groups 30-10
Table Maps 30-11
Policing 30-12
Individual Policing 30-13
Aggregate Policing 30-14
Unconditiona l Pr iority Policing 30-15
Marking 30-16
Congestion Management and Scheduling 30-18
Traffic Shapi ng 30-19
Class-Based Weighted Fair Queuing 30-21
Priority Queuing 30-22
Congestion Avoidance and Queuing 30-24
Configuring QoS 30-26
Default QoS Config uration 30-27
QoS Configuration Guidelines 30-27
Using ACLs to Classify Traffic 30-27
Creating IP Standard ACLs 30-28
Creating IP Extended ACLs 30-29
Creating Layer 2 MAC ACLs 30-30
Using Class Maps to Define a Traffic Class 30-31
Configuring Table Maps 30-33
Attaching a Traffic Policy to an Interface 30-35
Configuring Input Policy Maps 30-35
Configuring Input Policy Maps with Individual P olicing 30-36
Configuring Input Policy Maps with Aggregate Policing 30-39
Configuring Input Policy Maps with Marking 30-41
Configuring Out put Policy Maps 30-43
Configuring Out put Policy Maps with Class-Based-Weighted-Queuing 30-44
Configuring Out put Policy Maps with Class-Based Shaping 30-46
Configuring Out put Policy Maps with Port Shaping 30-47
Configuring Output Policy Maps with Class-Based Priority Queuing 30-48
Configuring Output Policy Maps with Weighted Tail Drop 30-53
xxii
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Displaying QoS Information 30-55
QoS Statistics 30-55
Configuration Examples for Policy Maps 30-56
QoS Configuration for Customer A 30-56
QoS Configuration for Customer B 30-58
Modifying Out pu t Po licies and Adding or Deleting Cla ss if ic ation Criteria 30-59
Modifying Output Policies and Changing Queuing or Scheduling Parameters 30-60
Modifying Out pu t Policies and Ad d in g or De le tin g Configured Ac ti ons 30-60
Modifying Output Policies and Adding or Deleting a Class 30-61
Contents
CHAPTER
31 Configuring EtherChannels 31-1
Understanding EtherChannels 31-1
EtherChannel Over view 31-2
Port-Channel I n terfaces 31-3
Port Aggregation Protocol 31-4
PAgP Modes 31-5
PAgP Interaction with Other Features 31-5
Link Aggregatio n Control Protocol 31-6
LACP Modes 31-6
LACP Interaction with Other Features 31-6
EtherChannel On Mode 31-7
Load Balancing and Forwarding Methods 31-7
Configuring EtherChannels 31-9
Default EtherCha nnel Configuration 31-9
EtherChannel Con figuration Guidelines 31-10
Configuring Layer 2 EtherChannels 31-11
Configuring Layer 3 EtherChannels 31-13
Creating Port-Channel Logical Interfaces 31-13
Configuring the Physical Interfaces 31-14
Configuring EtherChannel Load Balancing 31-16
Configuring the PAgP Learn Method and Priority 31-17
Configuring LACP Hot-Standby Ports 31-18
Configuring the LACP System Priority 31-19
Configuring the LACP Port Priority 31-20
78-17058-01
Displaying EtherChannel, PAgP, and LACP Status 31-21
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
xxiii
Contents
CHAPTER
32 Configuring IP Unicast Routing 32-1
Understanding IP Routing 32-2
Types of Routing 32-2
Steps for Configuring Routing 32-3
Configuring IP Addressing 32-4
Default Addressi ng Configuration 32-4
Assigning IP Add re sses to Networ k In te rf ac es 32-5
Use of Subnet Zero 32-6
Classless Routing 32-6
Configuring Address Resolution Methods 32-7
Define a Static ARP Cache 32-8
Set ARP Encapsulation 32-9
Enable Proxy AR P 32-10
Routing Assistance When IP Routing is Disabled 32-10
Proxy ARP 32-10
Default Gateway 32-11
ICMP Router Discovery Protocol (IRDP) 32-11
Configuring Broadcast Packet Handling 32-12
Enabling Directed Broadcast-to-Physical Broadcast Translation 32-13
Forwarding UDP Broadcast Packets and Protocols 32-14
Establishing an IP Broadcast Address 32-15
Flooding IP Broadcasts 32-15
Monitoring and Maintaining IP Addressing 32-17
xxiv
Enabling IPv4 Unicast Routing 32-17
Configuring RIP 32-18
Default RIP Configuration 32-19
Configuring Ba sic RIP Parame te rs 32-19
Configuring RI P Authentication 32-21
Configuring Summary Addresses and Split Horizon 32-21
Configuring Spl it Horizon 32-23
Configuring OSPF 32-23
Default OSPF Configuration 32-24
Configuring Basic OSPF Parameters 32-26
Configuring OSPF Interfaces 32-26
Configuring OSPF Area Parameters 32-27
Configuring Other OSPF Parameters 32-29
Changing LSA Group Pacing 32-30
Configuring a Loopback Interface 32-31
Monitoring OSPF 32-31
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Configuring EI GRP 32-32
Default EIGRP Configuration 32-34
Configuring Bas ic EIGRP Parameters 32-35
Configuring EI GRP Interfaces 32-36
Configuring EI GRP Route Authentication 32-37
Monitoring and Maintaining EIGRP 32-38
Configuring BGP 32-38
Default BGP Config uration 32-40
Enabling BGP Routing 32-42
Managing Routing Policy Changes 32-45
Configuring BGP Decision Attributes 32-46
Configuring BGP Filtering with Route Maps 32-48
Configuring BGP Fi ltering by Neighbor 32-49
Configuring Prefix Lists for BGP Filtering 32-50
Configuring BGP Community Filtering 32-51
Configuring BGP Neighbors and Peer Groups 32-52
Configuring Aggr egate Addresses 32-54
Configuring Routing Domain Confederations 32-55
Configuring BGP Route Reflectors 32-56
Configuring Route Dampening 32-57
Monitoring and Maintaining BGP 32-58
Contents
Configuring Multi-VRF CE 32-59
Understanding Multi -VRF CE 32-59
Default Multi-VRF CE Configuration 32-61
Multi-VRF CE Configuration Guidelines 32-61
Configuring VRFs 32-62
Configuring a VPN Routing Session 32-63
Configuring BGP PE to CE Routing Sessions 32-64
Multi-VRF CE Configuration Example 32-64
Displaying Multi-VRF CE Status 32-68
Configuring Protocol-Independent Features 32-69
Configuring Ci sco Express Forwarding 32-69
Configuring the Number of Equal-Cost Routing Paths 32-70
Configuring Static Unicast Routes 32-71
Specifying Default Routes and Networks 32-72
Using Route Maps to Redistribute Routing Information 32-73
Configuring Policy-Based Routing 32-76
PBR Configuration Guidelines 32-77
Enabling PBR 32-78
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
xxv
Contents
Filtering Rou tin g Info r m at ion 32-79
Setting Passive Interfaces 32-79
Controlling Advertising and Processing in Routing Updates 32-80
Filtering Sources of Routing Information 32-81
Managing Authentication Keys 32-82
Monitoring and Maintaining the IP Network 32-83
CHAPTER
CHAPTER
33 Configuring HSRP 33-1
Understanding HSRP 33-1
Multiple HSRP 33-3
Configuring HSRP 33-4
Default HSRP Configuration 33-4
HSRP Configuration Guidelines 33-5
Enabling HSRP 33-5
Configuring HSRP Priority 33-6
Configuring MHSRP 33-9
Configuring HSRP Authentication and Timers 33-9
Enabling HSRP Support for ICMP Redirect Messages 33-11
Displaying HSRP Configurations 33-11
34 Configuring IP Multicast Routing 34-1
Understanding Cisco’s Implementation of IP Multicast Routing 34-2
Understanding IGMP 34-2
IGMP Version 1 34-3
IGMP Version 2 34-3
Understanding PIM 34-3
PIM Versions 34-3
PIM Modes 34-4
Auto-RP 34-4
Bootstrap Router 34-5
Multicast Forwarding and Reverse Path Check 34-5
xxvi
Configuring IP Multicast Routing 34-7
Default Multicast Routing Configuration 34-7
Multicast Routing Configuration Guidelines 34-7
PIMv1 and PIMv 2 In te roperability 34-8
Auto-RP and BSR Configuration Guidelines 34-8
Configuring Basic Multicast Routing 34-9
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Configuring a Rendezvous Point 34-10
Manually Assigning an RP to Multicast Groups 34-11
Configuring Auto-RP 34-12
Configuring PI Mv2 BSR 34-16
Using Auto-RP and a BSR 34-20
Monitoring the RP Mapping Information 34-21
Troubleshooting PIMv1 and PIMv2 Interoperability Problems 34-21
Configuring Adva nced PIM Features 34-21
Understanding PIM Shared Tree and Source Tree 34-21
Delaying the Use of PIM Shortest-Path Tree 34-23
Modifying the PIM Router-Query Message Interval 34-24
Configuring Opt ional IGMP Features 34-25
Default IGMP Configuration 34-25
Configuring the Switch as a Member of a Group 34-25
Controlling Access to IP Multicast Groups 34-26
Changing the IGMP Version 34-27
Modifying the IGMP Host-Query Message Interval 34-28
Changing the IGMP Query Timeout for IGMPv2 34-29
Changing the Maximum Que ry Response Time for IGMPv2 34-29
Configuring the Switch as a Statically Connected Member 34-30
Contents
CHAPTER
Configuring Optional Multicast Routing Features 34-31
Configuring sdr Listener Support 34-31
Enabling sdr Li stener Support 34-31
Limiting How Long an sdr Cache Entry Exists 34-32
Configuring an IP Multicast Boundary 34-32
Monitoring and Maintaining IP Multicast Routing 34-34
Clearing Caches, Tables, and Databases 34-34
Displaying System and Network Statistics 34-34
Monitoring IP Multicast Routing 34-35
35 Configuring MSDP 35-1
Understanding MSDP 35-1
MSDP Operation 35-2
MSDP Benefits 35-3
Configuring MSDP 35-4
Default MSDP Configuration 35-4
Configuring a Def ault MSDP Peer 35-4
Caching Source-Active State 35-6
Requesting Sourc e Information from an MSDP Peer 35-8
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
xxvii
Contents
Controlling Source Information that Your Switch Originates 35-8
Redistributing Sources 35-9
Filtering Sou rc e- A ctive Request Mes sages 35-11
Controlling Source Information that Your Switch Forwards 35-12
Using a Filter 35-12
Using TTL to Limit the Multicast Data Sent in SA Messages 35-14
Controlling Source Information that Your Switch Receives 35-14
Configuring an MSDP Mes h Group 35-16
Shutting Down an MSDP Peer 35-16
Including a Borderi ng PIM Dense-Mode Region in MSDP 35-17
Configuring an Originating Address other than the RP Address 35-18
Monitoring and Maintaining MSDP 35-19
CHAPTER
36 Troubleshooting 36-1
Recovering from Corrupted Software By Using the XmodemProtocol 36-2
Recovering from a Lost or Forgotten Password 36-3
Procedure with Password Recovery Enabled 36-5
Procedure with Password Recovery Disabled 36-7
Preventing Autoneg otiation Mismatches 36-8
SFP Module Sec urity and Ident ifi cation 36-9
Monitoring SFP Module Status 36-9
Monitoring Temperature 36-9
Using Ping 36-10
Understanding Ping 36-10
Using Ping 36-10
All Software Ve rs io ns 36-11
Metro IP Access Image 36-11
Ping Responses 36-12
Summary 36-13
Using Layer 2 Tr ac e r o ut e 36-13
Understanding Layer 2 Traceroute 36-13
Layer 2 Tracerout e Usage Guidelines 36-14
Displaying the Ph ysical Path 36-15
xxviii
Using IP Traceroute 36-15
Understanding IP Traceroute 36-15
Executing IP Traceroute 36-16
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Using TDR 36-17
Understanding TDR 36-17
Running TDR and Displaying the Results 36-17
Using Debug Commands 36-18
Enabling Debuggi ng on a Specific Feature 36-18
Enabling All-System Diagnostics 36-19
Redirecting Debu g and Error Message Output 36-19
Using the show platform forward Command 36-19
Using the crashinfo File 36-22
Contents
APPENDIX
APPENDIX
A Supported MIBs A-1
MIB List A-1
Using FTP to Access th e MI B Files A-3
B Working with the Cisco IOS File System, Configuration Files, and Software Images B-1
Working with th e Fl ash File System B-1
Displaying Available File Systems B-2
Setting the Default File System B-3
Displaying Information about Files on a File System B-3
Changing Directo ries and Displaying the Working Directory B-3
Creating and Removing Directories B-4
Copying Files B-4
Deleting Files B-5
Creating, Displaying, and Extracting tar Files B-5
Creating a tar Fi le B-6
Displaying the Co ntents of a tar File B-6
Extracting a ta r Fil e B-7
Displaying the Contents of a File B-7
78-17058-01
Working with Configuration Files B-8
Guidelines for Creating and Using Configuration Files B-8
Configuration File Types and Location B-9
Creating a Configuration File By Using a Text Editor B-9
Copying Configuration Files By Using TFTP B-10
Preparing to Download or Upload a Configuration File By Using TFTP B-10
Downloading the Configuration File By Using TFTP B-10
Uploading the Configuration File By Using TFTP B-11
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
xxix
Contents
Copying Configuration Files By Using FTP B-11
Preparing to Download or Upload a Configuration File By Using FTP B-12
Downloading a Configuration File By Using FTP B-13
Uploading a Configuration File By Using FTP B-14
Copying Configuration Files By Using RCP B-15
Preparing to Download or Upload a Configuration File By Using RCP B-15
Downloading a Configuration File By Using RCP B-16
Uploading a Configuration File By Using RCP B-17
Clearing Configuration Information B-18
Clearing the St a rtu p Co nfiguration Fi le B-18
Deleting a Stored Configuration File B-18
Working with So ft w a re Ima g es B-18
Image Location on the Switch B-19
tar File Format of Images on a Server or Cisco.com B-19
Copying Image Files By Using TFTP B-20
Preparing to Downl oad or Upload an Image File By Using TFTP B-21
Downloading an Image File By Using TFTP B-21
Uploading an Image File By Using TFTP B-23
Copying Image Files By Using FTP B-23
Preparing to Downl oad or Upload an Image File By Using FTP B-24
Downloading an Image File By Using FTP B-25
Uploading an Image File By Using FTP B-27
Copying Image Files By Using RCP B-28
Preparing to Downl oad or Upload an Image File By Using RCP B-28
Downloading an Image File By Using RCP B-29
Uploading an Image File By Using RCP B-31
APPENDIX
xxx
C Unsupported Commands in CiscoIOS Release 12.2(25)EX C-1
Access Control Lists C-1
Unsupported Privileged EXEC Commands C-1
Unsupported Global Configuration Commands C-1
ARP Commands C-1
Unsupported Global Configuration Commands C-1
Unsupported Interface Configuration Commands C-2
Unsupported Debug Commands C-2
HSRP C-2
Unsupported Global Configuration Commands C-2
Unsupported Interface Configuration Commands C-2
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
IGMP Snooping Commands C-2
Unsupported Global Configuration Commands C-2
Interface Commands C-3
Unsupported Privileged EXEC Commands C-3
Unsupported Global Configuration Commands C-3
Unsupported Interface Configuration Commands C-3
IP Multicast Routing C-3
Unsupported Privileged EXEC Commands C-3
Unsupported Global Configuration Commands C-4
Unsupported Interface Configuration Commands C-4
IP Unicast Routing C-4
Unsupported Privileged EXEC or User EXEC Commands C-4
Unsupported Global Configuration Commands C-5
Unsupported Interface Configuration Commands C-5
Unsupported BGP Router Configuration Commands C-6
Unsupported VPN Conf iguration Commands C-6
Unsupported Route Map Commands C-6
Contents
MAC Address Commands C-7
Unsupported Privileged EXEC Commands C-7
Unsupported Global Configuration Commands C-7
Miscellaneous C-7
Unsupported Global Configuration Commands C-7
Unsupported Privileged EXEC Commands C-8
Unsupported show platform Commands C-8
MSDP C-8
Unsupported Privileged EXEC Commands C-8
Unsupported Global Configuration Commands C-8
NetFlow Commands C-8
Unsupported Global Configuration Commands C-8
QoS C-9
Unsupported Global Configuration Commands C-9
Unsupported Interface Configuration Commands C-9
RADIUS C-9
Unsupported Global Configuration Commands C-9
SNMP C-9
Unsupported Global Configuration Commands C-9
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
xxxi
I
NDEX
Contents
Spanning Tree C-9
Unsupported Global Configuration Command C-9
Unsupported Interface Configuration Command C-9
VLAN C-10
Unsupported Global Configuration Commands C-10
Unsupported User EXEC Commands C-10
xxxii
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Audience
Preface
This guide is f or the networ king pr ofessi on al m ana ging the Cisc o Met ro E ther net (ME ) 340 0 Serie s
Ethernet Access switch, hereafter referred to as the switch. Before us in g th is guide, y ou s ho u l d h ave
experience working w it h th e Cisc o IO S sof tware an d be fam ilia r with the c on cepts and te rm inol ogy of
Ethernet and local area networ king.
Purpose
This guide provides procedures for using the commands that have been created or changed for use with
the Cisco ME 3400 switch. It does not provide detailed information about these commands. For detailed
information about these commands, see the Cisco ME 3400 Ethernet Access Switc h Com mand Ref er ence
for this release. For informa tion ab out the stan dard Cisc o IOS Release 12.2 com mands , see the Cisco
IOS documentation set available from the C isco .com ho me page at Service and Support > Technical
Documents. On the Cisco Product Documenta tio n hom e page , sel ect Release 12.2 from the Cisco IOS
Software drop-d own list .
This guide does not descri be system message s you might enc ounter or how to install your switch. For
more information, see th e Cisco ME 3400 Ethernet Access Switch System Message Guide for this release
and the Cisco ME 3 400 E the rnet Ac cess Sw itch Hardware Installation Guide .
For the latest documentation upda tes, see th e releas e notes for this re lease .
Conventions
This publication use s the se conventions to co nvey instructions a nd info rmat ion:
Command descriptions use these conventions:
• Commands and keywords are in boldface text.
• Arguments for which you supply values are in italic.
• Square brackets ([ ] ) mean o pt iona l e lem en ts .
• Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements.
78-17058-01
• Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional
element.
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
xxxiii
Related Publications
Interactive examples use these conventions:
• Terminal sessions and system displays are in screen font.
• Information you ent er is in b oldface sc reen f ont .
• Nonprinting charac ters, such as passwords or t abs, ar e in angl e brackets (< >) .
Notes, cautions, and timesavers use these conventions and symbols:
Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in
this manual.
Caution Means re ad er be ca reful. In this situation, you might do something that could result in equipment
damage or loss of data.
Related Publications
Preface
These documents provide complete in for ma tion abo ut the switc h and are a vailable from this Cisco.com
site:
http://www.cisco.com/univercd/cc/td/doc/product/metro/me3400/index.htm
Note Before installing, configurin g, or upgrad ing the swit ch, see the se docum ents:
• For initial configuration information, see the “Configuring the Switch with the CLI-Based Setup
Program” appendix in the hardware installation guide.
• For upgrading informati on, see th e “Downloadin g Software” se ction in the relea se notes.
You can order printed copies of documents with a DOC-xxxxxx= numbe r from the Cisco.com site s and
from the telephone numbers listed in the “Obtaining Documentation” se ction on page xxxv .
• Release Notes for the Cisco ME 3400 Ethernet Access Switch (not orderable but available on
Cisco.com)
• Cisco ME 3400 Etherne t Ac cess Switch S oftware Configuration Gui de (orde r numbe r
DOC-7817058=)
• Cisco ME 3400 Etherne t Ac cess Switch C omma nd Re fe rence (order n umb er DO C-7 817 060 =)
• Cisco ME 3400 Etherne t Acc ess Swit ch System Message Guide ( or der n umb er DO C- 7817 062 =)
• Cisco ME 3400 Ethernet Access Switch Hardware Installation Guide (not orderable but available on
Cisco.com)
xxxiv
• Cisco ME 3400 and ME 240 0 E the rnet A cce ss Sw itches Ge ttin g S tarted Gui de ( or de r n umb er
DOC-7817050=)
• Regulatory Compliance and Safe ty In format ion for t h e Ci sco ME 3 400 an d M E 2400 E the rnet
Access Switches (order number D OC-78 17051)
• Cisco Small Form-Factor Pluggable Modules Instal lation Note s ( or de r nu mb er D OC - 7815160 =)
• Cisco CWDM GBIC and CWDM SFP Inst allati on No te ( not or der abl e but available on Cisco .com )
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Preface
• Cisco Gigabit Ethernet Transceiver Modules Compatibility Matrix (not orderable but available on
Cisco.com)
• Cisco 100-Megabit Ethernet SFP Modules Compatibility Matrix (not orderable but available on
Cisco.com)
• Cisco CWDM SFP Transceiver Compatibility Matrix (not orderable but available on Cisco.com)
Obtaining Documentation
Cisco documentatio n and a dd ition al lite rat ure a r e available on Cisc o.co m. Cisc o al so provide s s everal
ways to obtain technical assista nce an d othe r techni cal re sour ces. Thes e secti ons explain how to obtain
technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/techsupport
Obtaining Documentation
You can access the Cisco website at this URL:
http://www.cisco.com
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Product Documentation DVD
Cisco documentation and additional literature are available in the Product Documentation DVD package,
which may have shipped with your produc t. The Product Documentat ion DVD is updated regularly and
may be more cur re nt th an pr i nted d ocu ment atio n.
The Product Doc um enta ti on DVD is a c omp rehe nsive library of te ch nic al p ro duc t do cu ment atio n o n
portable media. The D VD enables you to access mult iple versio ns of hardwa re and softw are installa tion,
configuration, and co mmand guides for Cisco p roducts and to view technical doc umentation in HTML.
With the DVD, you have access to the same doc umentati on that is fou nd on the Cisco websit e withou t
being connected to the Internet. Certain products also have .pdf versions of the documentation available.
The Product Documentation D VD is av ailable as a single unit or as a subscriptio n. Registered Cisco.com
users (Cisco direct customers) can order a Product Documentation DVD (product number
DOC-DOCDVD=) from Cisco Marketplace at this URL:
http://www.cisco.com/go/marketplace/
Ordering Documentation
Beginning June 30, 2005, registered Cisco.co m users may orde r Cisco docum entat ion at the Product
Documentation Store in the Cisco Marketplace at this URL:
http://www.cisco.com/go/marketplace/
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
xxxv
Documentation Feedback
Nonregistered Cisco.com users can order tec hnical docum ent ation from 8:00 a.m. to 5:00 p. m.
(0800 to 1700 ) PDT by calling 1 86 6 4 63-348 7 in t he U nite d State s and Ca nada , or el sewhere by
calling 011 408 519-5055. You can also order documentation by e-mail at
tech-doc-store-mkpl@external.cisco.com or by fax at 1 408 519-5001 in the United States and Canada,
or elsewhere at 011 408 5 19- 5001.
Documentation Feedback
You can rate and prov id e feedback about Cisco technical doc u ment s by completing the online feedbac k
form that appears with the technical documents on Cisco.com.
You can send comments about Ci sco docu mentatio n to bug-doc@ci sco.c om.
You can submit commen ts by using the re sponse car d (if pres ent) beh ind the front cover of your
document or by wri ting t o the fo llowing a ddress:
Cisco Systems
Attn: Customer Docume nt Ordering
170 West Tasman Drive
San Jose, CA 95134- 988 3
Preface
We appre ciat e your co mmen ts.
Cisco Product Security Overview
Cisco provides a free online Security Vulnerability Policy portal at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
From this site, you ca n pe rf orm t hes e ta sks:
• Report security vulnerabilities in Cisco products.
• Obtain assistance with security incidents that involve Cisco products.
• Register to receive security informat ion from Ci sco.
A current list of security advisories and notices for Cisco products is available at this URL:
http://www.cisco.com/go/psirt
If you prefer to see advisories and notices as they are updated in real time, you can access a Product
Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:
http://www.cisco.com/en/US/products/products_psirt_rss_feed.html
xxxvi
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Preface
Reporting Security Problems in Cisco Products
Cisco is committed to deliv ering secure products. We test our products interna lly before we release them,
and we strive to correct all vulnerabilities quickly. If you think that you might have identified a
vulnerability in a Cisco product, contact PSIRT:
• Emergencies—security-alert@cisco.com
An emergency is either a co nditio n in which a system is und er active attack or a conditi on for which
a severe and urgent security vulnerability should be reported. All other conditions are considered
nonemergencies.
• Nonemergencies—psirt@cisco.com
In an emergency, you can also reac h PSIRT by telephone:
• 1 877 228-7302
• 1 408 525-6532
Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product to encrypt any sensitive
information that you sen d to Cisco . PSIRT can work from encry pted inf ormation th at is compati ble wi th
PGP versions 2.x through 8 .x.
Obtaining Technical Assistance
Never use a revoked or an expired encryption key. The correct public key to use in your correspondence
with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page
at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
The link on this page ha s the cur rent PGP key ID in use.
Obtaining Technical Assistanc e
Cisco Technical Support provides 24-hour-a-day award-winning techn ical assi stance . The Cisc o
Te chnical Support & Documentation website on Cisco.com features extensive online support resources.
In addition, if you h ave a valid C isco se rvic e c ontra ct , Cisco Technical Assistan ce Cen ter ( TAC)
engineers provide tele pho ne sup por t. If yo u d o no t h ave a valid Cisco se rvic e c ontra ct , con t act y our
reseller.
Cisco Technical Support & Documentation Website
The Cisco Technical Support & D ocu men tat ion w ebsi te provides on lin e docum en ts a nd tool s for
troubleshooting and re solvi ng t ec hnic al issues w ith C isco pr oduc ts and te ch nolog ies. The we bsit e is
available 24 hours a day, at this URL:
http://www.cisco.com/techsupport
78-17058-01
Access to all tools on the Cisco Technical Support & Documentati on we bsit e requir es a Cisc o.co m user
ID and password. If you have a valid servi ce cont rac t but do n ot have a user ID or passwor d, you c a n
register at this URL:
http://tools.cisco.com/RPF/register/register.do
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
xxxvii
Obtaining Technical As sistance
Note Use the Cisco Pr oduct Ident ificati on (CPI ) to ol to loc ate your pr odu ct s er ial n umb er b efore su bmitt ing
a web or phone request for servic e. You can ac cess the CPI tool fr om the Cisco Technical Support &
Documentation website b y clicking the Tools & Resources link under Documentation & Tools. Choose
Cisco Product Identification Tool from the Alphabetical Index drop-d own list, or click the Cisco
Product Identification Tool link under Alerts & RMAs. The CPI tool offers three sea rch option s: by
product ID or model name; by tree view; or for certain products, by copying and pasting show command
output. Search results show an illustration of your product with the serial number label location
highlighted. Locate the serial number label on your product and record the information before placing a
service call.
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3
and S4 service requests are those in which your network is minimally impaired or for which you require
product information. ) After you desc ribe you r situation, the TAC Service Re quest Tool provides
recommended s oluti ons. I f your issu e is no t re so lved using t he r ecom me nded re sourc e s, your se rv ice
request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:
Preface
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TA C b y telephone.
(S1 or S2 service requests are t hose in whic h your prod uction network is down or severely degraded.)
Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business
operations running smoothly.
To open a serv ice reque st by telephone , use one of th e following numb ers:
Asia-Pacific: +61 2 8446 7411 (Australia : 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447
For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity
definitions.
Severity 1 (S1)—Your network is “down,” or there is a critical impact to your business operations. You
and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspe cts of your
business operation are negatively affected by inadequate performance of Cisco products. You and Cisco
will commit full-time resources during normal business hours to resolve the situation.
xxxviii
Severity 3 (S3)—Operational perform ance of your netwo rk is impair ed, but most business operatio ns
remain functional. You and Cisco will commit resources during normal business hours to restore service
to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or
configuration. There is littl e or no effect on you r business operations.
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Preface
Obtaining Additional Publications and Information
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online
and printed sources.
• Cisco Marketplace provides a variety of Ci sco b ook s, refe renc e guid es, d oc ument at ion, and logo
merchandise. Visit Cisco Marketplace, the company store, at this URL:
http://www.cisco.com/go/marketplace/
• Cisco Press publishes a wide range of general networking, train ing and certificati on titles. Both new
and experienced users will benefit from these publications. For current Cisco Press titles and other
information, go to Cisco Press at this URL:
http://www.ciscopress.com
• Packet magazi ne is the Cisc o Systems tech nical user magazi ne for maximi zing Inte rnet an d
networking investments. Each quar ter, Packet delivers coverage of t he l ate st ind ust ry t rend s,
technology breakthrough s, and Cisco product s and soluti ons, as well as network deployme nt and
troubleshooting t ips, configu ratio n exa mp les, cust om er c a se studie s, ce rtificat ion an d tr aini n g
information, and links to score s of in-dept h online resource s. You can access Packet magazine at
this URL:
http://www.cisco.com/packet
• iQ Magazine is the quarterly pu bli cati on from Ci sco System s desig ned t o hel p growing comp an ies
learn how they can use tec hn ology to i n crea se revenue, stre a mline the ir business , and expand
services. The publication identifies the challenges facing these companies and the technologies to
help solve them, usin g rea l-worl d ca se st ud ies an d business st rategies t o he lp r eade rs make soun d
technology investment decisions. You can ac cess iQ Magaz ine at this URL:
http://www.cisco.com/go/iqmagazine
or view the digital edition at this URL:
http://ciscoiq.texterity.com/ciscoiq/sample/
• Internet Protocol Journal is a quarterly journal publis hed by Cisco Systems for engineering
professionals involved in designing, developing, and ope ratin g p ubli c a nd pr ivate internets a nd
intranets. You can access the Internet Protocol Journal at this URL:
http://www.cisco.com/ipj
• Networking products offered by Cisco Systems, as well as custom er support services, ca n be
obtained at this URL:
http://www.cisco.com/en/US/products/index.html
• Networking Professionals Connection is an interactive website for networking professionals to share
questions, suggestions, and inf orm atio n a bout net working pr odu cts and t ech nolo gi es w ith Ci sco
experts and other networking professi onals. Join a di scussion at this UR L:
http://www.cisco.com/discuss/networking
• World-cl ass networki ng traini ng is available from Cisco. You can view current offerings at
this URL:
78-17058-01
http://www.cisco.com/en/US/learning/index.html
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
xxxix
Obtaining Additiona l Publications and Informatio n
Preface
xl
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Features
CHAPTER
1
Overview
This chapter provides these topics about the Cisco Metro Ethernet (ME) 3400 Series Ethernet Access
switch software:
• Features, page 1-1
• Default Settings After Initial Switch Configuration, page 1-8
• Network Configuration Examp les, page 1-11
• Where to Go Next, page 1-15
In this document, IP refers to IP Version 4 (IPv4).
The switch ships with one of these software images installed:
• The metro base image provides ba sic Metro Etherne t feature s.
• The metro access image in cludes a dditional features such as IEEE 802.1Q tun neling, L ayer 2
protocol tunnelin g, dynam i c A RP ins pe ction, a nd IP sourc e guar d.
• The metro IP access image add s Layer 3 func tionality suc h as IP routin g support for Routing
Information Protocol (RIP), Open Shortest Path First (OSPF) Protocol, Border Gateway Protocol
(BGP), and Enh ance d Int eri or Ga teway Routing Pro toco l (EIG RP), mu ltipl e V PN
routing/forwarding on customer edge devices, (multi-VRF-CE), and IP multicast routing
Protocol-Independent Multicast (PIM) sparse mode (SM) and dense mode (DM).
Note Unless otherwise noted, all features describe d in this chapter and in this guide are supported on
all images.
Some features noted in this chapter are a vaila ble only on the c ryptographic (t hat is, supports en cryption)
versions of the switch software image . You must obtain authorization to use this fe ature and to downloa d
the cryptographi c version of t he so ft ware f rom Cisc o. com. For m ore in for mat ion, see t he r ele ase n ote s
for this relea se .
The Cisco ME switch has two different types of interfaces: network node interfaces (NNIs) to connect
to the service provider network and user network interfaces (UNIs) to connect to customer networks.
Some features are support ed only on one of these por t types.
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
1-1
Features
Chapter 1 Overview
The switch has these features:
• Performance Featu res , pa ge 1-2
• Management Options, page 1-3
• Manageability Feat u res, pa ge 1- 3 (i ncludes a fe ature re quiring th e cryp tograph ic versions of the
software)
• Availability Features, page 1-4
• VLAN Features, pa ge 1- 5
• Security Feature s, page 1-5 (inc ludes a feat ure requ iring th e cryptogr aphi c versions of the switc h
software)
• Quality of Service a nd Cl ass of Se rv ice Fe atu re s, page 1-6
• Layer 2 Virtual Private Network Services, page 1-7
• Layer 3 Features, page 1-7 (requires metro IP access image)
• Layer 3 VPN Services, page 1-8 (requires metro IP access image)
• Monitoring Feature s, pa ge 1 -8
Performance Features
• Autosensing of port speed and au tonegotia tion of duplex mod e on all switc h ports for opt imizi ng
bandwidth
• Automatic-medium-dependent interface crossover (auto-MDIX) capability on 10/100 and
10/100/1000 Mbps interfaces and on 10/100/1000 BASE-T/TX small form-factor pluggable (SFP)
module interfaces that enables the interface to automatically detect the required cable connection
type (straight-throu gh or crossover) and to configure t he connec tion ap propria tely
• Support for routed frames up to 1546 bytes, for frames up to 9000 bytes that are bridged in hardware,
and for frames up to 2000 bytes that are bridged by software.
• IEEE 802.3x flow control on all por ts (the switc h does not send pause fr ames)
• EtherChannel for enha nced fault tolera nce an d for providing up to 2 Gb ps (Gigab it EtherC hanne l)
or 800 Mbps (Fast Ethe rCh anne l) f ull d uplex of ban dwi dth b etwe en sw itch es, r oute rs, a nd servers
• Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for automatic
creation of Eth erCha nn el lin ks ( sup porte d onl y on N NIs)
• Forwarding of Layer 2 and Layer 3 packets at Gigab it line ra te
• Per-port storm control for preventing broadcast, multicast, and unicast storms
• Port blocking on forwarding unk nown Layer 2 unkn own unicast, multica st, and bri dged broa dcast
traffic
• Internet Group M ana geme nt Pr otoc ol ( IGM P) snoo ping fo r IG MP versions 1, 2, and 3 for
efficiently forwarding multimedia and multicast traffic
1-2
• IGMP report suppression for sending only one IGMP repo rt per mult icast rout er query to th e
multicast devices (supported on ly for IGMP v1 or IGMPv2 queries)
• IGMP snooping que rie r s uppo rt to c onfigure swi tch to gene rate pe riodi c I GMP G ener al Qu er y
messages
• Multicast VLAN registration (MVR) to continuously send multicast streams in a multicast VLAN
while isolating the streams from subscriber VLANs for bandwidth and security reasons
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 1 Ov erv iew
• IGMP filtering for con trolling th e set of mu lticast grou ps to which hosts on a swit ch port ca n belong
• IGMP throttling for configuring the action when the maximum number of entries is in the IGMP
forwarding table
• IGMP configurable leave timer to configure the leave latency for the network.
• Switch Database Manageme nt (SDM ) template s for alloca ting system resource s to maximi ze
support for user-selecte d featu res
Management Options
• CLI—The Cisco IOS software supports desktop- and multilayer-switching features. You can access
the CLI either by connecting your management station directly to the switch console port or by using
Telnet from a remote management station. For more information about the CLI, see Chapter 2,
“Using the Com mand- Line I nte rface .”
• Cisco Configuration Engine—The Cisco Configuration Engine is a network management device that
works with embedded Cisco IOS CNS Agents in the switch software. You can automate initial
configurations and configurat ion up da tes by gene ratin g sw it ch-sp ec ific con figurati on chan ges ,
sending them to the switch, executing the configuration change, and logging the results. For more
information about using Cisco IOS agents, see Chapter 4, “Configuring Cisco IOS C NS A gents .”
• SNMP—SNMP management applications such as CiscoWorks2000 LAN Management Suite (LMS)
and HP OpenView. Y ou can manage from an SNMP-compatible management station that is running
platforms such as HP OpenView or SunNet Manager. The switch supports a comprehensive set of
MIB extensions and four remote mon itoring (RMON ) groups . For more informa tion about using
SNMP, see Chapter 27, “Configurin g SN MP.”
Features
Manageability Features
Note The encrypted Secure Shell (SSH) feature listed in this section is available only on the cryptographic
versions of the switch software image.
• Support for DHCP for c onfigurat ion o f sw itch infor mat ion (su ch a s IP addr ess, defa ult ga teway,
hostname, and Domain Name System [DNS] and TFTP server names)
• DHCP relay for forwa rdin g Us er Dat agra m Pro t oco l ( UDP) br oadc asts, inc ludi n g IP addr e ss
requests, from DHCP c lien ts
• Directed unicast requests to a DNS server for identifying a switch through its IP address and its
corresponding h ostna me and to a TF TP ser ver f or admi niste ring so ftwar e up gra des f ro m a TFT P
server
• Address Resolution Protocol (ARP) for identifying a switch through its IP address and its
corresponding MAC addre ss
• Unicast MAC address filtering to drop packets with specific source or destination MAC addresses
• Configurable MA C address scal ing that allo ws disabling MA C address learnin g on a VLAN to limit
the size of the MAC address table
• Cisco Discovery Protocol (CDP) Versions 1 and 2 for network topology di scovery and mapping
between the switc h and o t her C is co devices on t he n etwor k (sup por ted on ly on NNIs)
• Network Time Pr otocol (NTP) for prov iding a consistent time stamp to al l switches from an ex ternal
source
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
1-3
Features
• Cisco IOS File System (IFS) for providing a single interface to all file systems that the switch uses
• In-band management ac cess for up to 16 simultaneous Telnet connections for multiple CLI-b ased
sessions over the network
• In-band management access for up to five simultaneous, encrypted Secure Shell (SSH) connections
for multiple CLI-based sessions o v er th e netw ork ( requires the cryptogra phic v ersions o f the swi tch
software).
• In-band management acc ess through SNMP Versions 1, 2c, and 3 get and set requests
• Out-of-band management access through the switch console port to a directly attached terminal or
to a remote te rmin al t hrough a se ria l c onnec ti on or a mo de m
• User-defined command macros for creating custom switch configurations for simplified deployment
across multiple switches
Availability Features
• UniDirectional Link Detection (UDLD) and aggressive UDLD for detecting and disabling
unidirectional link s on fiber-optic int erfac es ca used by i ncor re ct fiber-opti c w iring or po rt fa ults
Chapter 1 Overview
• IEEE 802.1D Spanning Tree Protocol (ST P) for red undant back bone co nnectio ns and loo p-free
networks (supported only on NNI s). STP has these fe ature s:
–
Up to 128 suppo rte d spanning-tree i nsta nces
–
Per-VLAN spanning-tree plus (PVST+ ) for balanc ing load across VLANs
–
Rapid PVST+ for balancing load ac ross VLANs an d providing ra pid convergence of
spanning-tree instances
• IEEE 802.1s Multiple Span ning Tree Protocol (MSTP) on NNIs for gro uping VLANs i nto a
spanning-tree instance and for providing multiple forwarding paths for data traffic and load
balancing and rapid per-VLAN Span ning-Tree plus (rapid -PVST+) based on the IEEE 802.1w
Rapid Spanning Tree Protoco l (R STP) fo r rapid co nvergence of the spanni ng t ree by imm e diate ly
transitioning root and de sign ate d port NNIs to th e f orward ing stat e
• Optional spanning- tree featur e s available in PV ST+, ra pid -PVST+ , an d MST P m odes on NNI s:
–
Port Fast for elimina tin g th e for warding de la y by e nabl ing an NN I t o im me dia tely tra nsit ion
from the blocking stat e to the fo rwarding state
–
Bridge protocol data unit (BPDU) guard for shutting down Port Fast-enabled NNIs that receive
BPDUs
–
BPDU filtering for preventing a Port Fast-enab led N NI f ro m send ing or rec eiving BPDUs
–
Root guard for preventing sw itches outside the n et work core from becoming the spanning-t ree
root
–
Loop guard for preventing alternate or root port NNIs from becoming designated ports because
of a failure that leads to a unidirectional link
1-4
• Flex Link Layer 2 i nte rface s to ba ck up o ne a nother a s a n al te rnat ive to STP for ba sic li nk
redundancy in a nonloop net work ( requ ires metro IP acce ss or metr o a ccess ima ge)
• HSRP for Layer 3 router redunda ncy (requ ires metro IP a cce ss im ag e)
• Equal-cost routing for lin k-level and switch-l evel redundancy (requires me tro IP acc ess image)
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 1 Ov erv iew
VLAN Features
Features
• Support for up to 1005 VLANs for assigning users to VLA Ns associ ated w ith appropr iate network
resources, traffic patterns, and ba ndwidt h
• Support for VLAN IDs in t he f ull 1 to 409 4 ran ge a ll owed by the I EEE 802 .1Q stan da rd
• VLAN Query Protocol (VQP) for dynamic VLAN membership
• IEEE 802.1Q trunking enca psulati on on all ports fo r network moves, adds, and changes;
management and control of broadcast and multicast traffic; and network security by establishing
VLAN groups for hi gh-se curi ty users an d n etwork resour c es
• VLAN 1 minimization for re duci ng the ri sk of spanni ng-t ree loops or sto rms by allowing VLA N 1
to be disabled on any individual VLAN trunk l ink. With this feature ena bled , no user tra ffic is sent
or received on the trunk. The switch CPU contin ues to send an d receive control prot ocol frame s.
• UNI-isolated VLANs to isolate c ustomer VLANs fro m VLAN s of other custo mers on th e same
switch. Local switching does not occur among UNIs on the switch that belong to the same UNI
isolated VLAN.
• Private VLANs to address VLAN scalability problems, to provide a more controlled IP address
allocati on, and to al low Layer 2 port s t o be isolated from ports o n other switches
Security Features
The switch provides security for the subscriber, the switch, and th e network.
Subscriber Security
• By default, local switching is disabled among subscriber ports to ensure that subscribers are
• DHCP snooping to filter untrusted DHCP messages between untru sted hosts a nd DHCP servers
• IP source guard to restrict t raffic on nonrouted inte rfaces by filtering traffic based on the DHCP
• Dynamic ARP inspection to prevent malicious attacks on the switch by not relaying invalid ARP
Note IP source guard and dynamic ARP inspection are available only when the switch is running the metro IP
access or metro access image.
Switch Security
Note The Kerberos feature listed in this section is only available on the cryptographic versions of the switch
software.
isolated.
snooping database an d I P so urc e bin di ngs
requests and responses to other ports in the same VLAN
78-17058-01
• Password-protected access (read-only and read-write access) to management interfaces for
protection against una uthorize d configurati on change s
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
1-5
Features
Chapter 1 Overview
• Configuration file security so that only au thenti cated and a uthorize d users have access to the
configuration file, preventing users from acc essi ng t he c onfiguratio n file by using t he p assword
recovery process
• Multilevel security for a choice of security level, notification, and resulting actions
• Port security option for limiting and identifying MAC addresses of the stations allowed to access
the port
• Port security aging to set the aging time for secure addresses on a port
• UNI default port stat e is di sabl ed
• Automatic control-plane p rotection to p rotect the CPU f rom acciden tal or maliciou s o verlo ad due to
Layer 2 control traffic on UNIs
• TACACS+, a proprietary feature for mana ging network security th rough a TACACS server
• RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users
through authentication, authorization, and accounting (AAA) services
• Kerberos security system to authent icate reque sts for networ k resource s by using a trusted th ird
party (requires the crypt ographi c versions of the sw itch softwar e)
Network Security
• Static MAC addressing for ensuring security
• Standard and extended IP access control lists (ACLs) for defining security policies in both directions
on routed inte rface s ( rou ter ACLs) and V LAN s and inb oun d o n Laye r 2 in terfa ce s (po rt ACLs)
• Extended MAC acce ss control lists for def ining securit y policies in the inbound dir ection on Layer 2
interfaces
• VLAN ACLs (VLAN maps) for providing intra-VLAN security by filtering traffic based on
information in the M AC, IP, and TCP/ UDP he ader s
• Source and destination MAC-based ACLs for filtering non-IP traffic
• IEEE 802.1x port-base d authen tica tion to prevent unauthori zed devices (client s) from gaining
access to the net work. Th ese fea tures are sup port ed:
–
VLAN assignment f or re stri ctin g I EEE 80 2.1x-a uthe nti cate d users to a sp eci fied VLAN
–
Port security for contro lling acce ss to IEEE 802.1x ports
–
IEEE 802.1x acc ount ing to tra ck n etwo rk usa ge
Quality of Service and Class of Service Features
• Cisco modular quality of service (QoS) command-line (MQC) implementation
• Classification based on IP precedence, Differentiated Services Code Point (DSCP), and IEEE
802.1p class of se rv ice ( CoS) pa cket fields , ACL lookup, or as signing a QoS labe l f or outp ut
classification
• Policing
1-6
–
One-rate policing ba sed on average rate and burst rate for a polic er
–
Two-color policing that allows different actions for packets that conform to or exceed the rate
–
Aggregate policing for policers shared by multiple traffic classes
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 1 Ov erv iew
• W eighted tail drop (WTD) as the congestion-avoidance mechanism for managing the queue lengths
and providing drop preced ences fo r different tra ffic classifications
• Table maps for map ping DSCP, CoS, and IP precedence values
• Queuing and Schedulin g
–
Shaped round robin (SRR) traffic shaping to mix packets from all queues to minimize traffic
burst
–
Class-based traffic shaping to specify a maximum permitted average rate for a traffic class
–
Port shaping to specify the maximum permitted average rate for a port
–
Class-based weighted queui ng (CBWFQ) t o control ba ndwidth t o a traffic class
–
WTD to adjus t queu e size for a sp eci fied tra ffic class
–
Low-latency priority queuing to allow preferential treatment to certain traffic
Layer 2 Virtual Private Network Services
Layer 2 virtual private network (VPN) features are only available when the switch is running the met ro
IP access or metro access image.
Features
• IEEE 802.1Q tunneling enables service providers to offer multiple point Layer 2 VPN services to
• Layer 2 protocol tunnel ing to en able cu stomers to co ntrol pro tocol s such as BPDU, CDP, VTP,
Layer 3 Features
Layer 3 features are only available when the switch is running the metro IP access image.
• HSRP for Layer 3 rout er redunda ncy
• IP routing protocols for lo ad bala ncing and fo r constru cting scalable , routed bac kbones :
• IP routing between VLANs (inter-VLAN routing) for full Layer 3 routing between two or more
• Policy-based routing (PBR) for configuring defined policies for traffic flows
• Static IP routing for manually building a routing table of network path information
• Equal-cost routi ng fo r load ba la nc ing a nd red und ancy
customers
PAgP, LACP, and UDLD protocol s to be tunnele d across service- provider ne tworks.
–
RIP Versions 1 and 2
–
OSPF
–
EIGRP
–
BGP Version 4
VLANs, allowing each VLAN to maintain its own autonomous data-link domain
78-17058-01
• Internet Control Message Protocol (ICMP) and ICMP Router Disc overy Prot ocol (IRDP) for using
router advertisement and router solicitation messages to discover the addresses of routers on directly
attached su bne ts
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
1-7
Default Settings After Initi al Sw itch Configuration
• Protocol-Independent Multicast (PIM) for multicast routing within the network, allowing for
devices in the network to receive the multicast feed requested and for switches not participating in
the multicast to be pr uned. I nclu des su ppo rt f or PIM spa rse m ode ( PIM -SM), PI M de nse m ode
(PIM-DM), and PIM sparse-dense mode
• Multicast Source Discovery Protocol (MSDP) for connecting multiple PIM-SM domains
• DHCP relay for forwarding UD P broadca sts, incl uding IP ad dress reque sts, from DH CP clients
Layer 3 VPN Services
These features are available only when the switch is running the metro IP access image.
• Multiple VPN routing/forwarding (multi-VRF) instan ces in customer ed ge dev ices (multi-VRF CE)
to allow service providers to support multiple virtual private networks (VPNs) and overlap IP
addresses between VPNs
• VRF and EIGRP compatibility
Monitoring Features
Chapter 1 Overview
• Switch LEDs that provide port- and switch-level status
• MAC address notification traps and RADIUS accounting for tracking users on a network by storing
the MAC addresses that the switch has learned or removed
• Switched Port A na lyz er (SPAN) and Remote SPAN (RSPAN) for t raffic monit oring on any po rt or
VLAN
• SPAN and RSPAN support of Intrusion Dete ctio n Sy stem s (ID S) to m onitor, repel, a nd re po rt
network security violat ion s
• Four groups (history, statistics, ala rms , an d events) of e mb edde d R MON age nts for n etwor k
monitoring and traffic analy sis
• Syslog facility for logging system messages about authentication or authorization errors, resource
issues, and time-out events
• Layer 2 traceroute t o identif y the physic al path that a packet takes from a sou rce device to a
destination device
• Time Domain Reflector (TDR) to diagnose and resolve cabling problems on copper Ethernet 10/100
ports
• SFP module diagnostic management interface to monitor physical or operational status of an SFP
module
Default Settings After Initial Switch Configuration
1-8
The switch is designed for plug-and-play operation; you only need to assign basic IP information to the
switch and connect it to the othe r devices in your network. If you have specific network needs, you can
change the i n terfa ce -sp ec ific and sy st em -wi de se tti n gs.
Note For information about assigning an IP address by using the CLI-based setu p program, see the hardwa re
installation guide.
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 1 Ov erv iew
Default Settings After Initial Switch Configuration
If you do not configure the switch at all, the Cisc0 ME 3400 switch operates with the default settings
shown in Table 1-1.
Table 1-1 Default Settings After Initial Switch Configuration
Feature Default Setting More information in...
Switch IP address, subnet mask, and
default gateway
Domain name None
Passwords None defined Chapter 5, “Administering the Switch”
TACACS+ Disabled
RADIUS Disabled
System name and prompt Switch
NTP Enabled
DNS Enabled
IEEE 802.1x Disabled Chapter 8, “Co nfiguring IE EE 802.1x
DHCP
DHCP client Enabled Chapter 3, “Assigning the Switch IP
•
• DHCP relay agent Enabled (if the device is acting as a
Port parameters
• Operating mo de Layer 2 (switc hpo rt) Chapter 9, “Co nfiguring Int erface
• Port enable state Enabled NNIs; disabled UNIs
• Interface speed and duplex mode Autonegotiate
• Auto-MDIX Enabled
• Flow control Off
Command Macros None configured Chapter 10, “Configu ring Command
VLANs
• Default VLAN VLAN 1 Chapter 11, “Configuring VLANs”
• VLAN interface mode Access
• VLAN type UNI isolated
• Private VLANs None configured Chapter 12, “Configuring Private VLANs”
Dynamic ARP inspection (r equire s
metro IP access or metro access
image)
0.0.0.0 Chapter 3, “Assigning the Switch IP
Address and Default Ga teway”
Port-Based Authentication”
Address and Default Ga teway”
DHCP relay agent and is configured
and enabled)
Chapter 18, “Con figuring DHCP Fea tures
and IP Source Guard”
Characteristics”
Macros”
Disabled on all VLANs Chapter 19, “Configuring D ynamic ARP
Inspection”
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
1-9
Chapter 1 Overview
Default Settings After Initi al Sw itch Configuration
Table 1-1 Default Settings After Initial Switch Configuration (continued)
Feature Default Setting More information in...
Tunneling
• 802.1Q tunneli ng (requ ire s
metro IP access or metro access
image)
• Layer 2 protocol t unnel ing
(requires metro IP access or
metro access image)
Spanning Tree Protocol
• STP Rapid PVST+ enabled on NNIs in
• MSTP Di sabled (only sup ported on NNIs) Chapter 15, “Configu ring MSTP”
• Optional spanning-tre e feature s Disabled (only supported on NNIs) Chapter 16, “Configuring Opt ional
Flex Links (requires metro IP access
or metro access image)
DHCP snooping Disabled Chapter 18, “Configuring DHCP Features
IP source guar d (requ ire s m etro I P
access or metro access image)
IGMP snooping
• IGMP snooping Enabl ed Chapter 20, “Configuring IGMP Snooping
• IGMP filters None applied
• IGMP querier Disabled
• MVR Disabled
IGMP throttling Deny Chapter 20, “Configuring IGMP Snooping
Port-based Traffic Control
Broadcast, multicast , and unicast
•
storm control
• Protected ports None defined
• Unicast and multicast traffic
flooding
• Secure ports None configured
CDP Enabled (sup por ted only on NN Is) Chapter 22, “Configuring CDP”
UDLD Disabled Chapter 23, “Configuring UDLD”
SPAN and RSPAN Disabled Chapter 24, “Configuring SPAN and
RMON Disabled Chapter 25, “Configuring RM ON”
Syslog messages Enabled; displayed on the con sole Chapter 26, “Configuring System Message
Disabled Chapter 13, “Configuring IEEE 802. 1Q
and Layer 2 Protocol Tunneling”
Disabled
Chapter 14, “Configuring STP”
VLAN 1
Spanning-Tree Features”
Not configured Chapter 17, “Configuring Flex Links”
and IP Source Guard”
Disabled Cha pter 18, “Configuring DHCP Features
and IP Source Guard”
and MVR”
and MVR”
Disabled Chapter 21, “Configuring Port-Based
Traffic Control”
Not blocked
RSPAN”
Logging”
1-10
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 1 Ov erv iew
Network Configuration Examples
Table 1-1 Default Settings After Initial Switch Configuration (continued)
Feature Default Setting More information in...
SNMP Enabled; Version 1 Chapter 27, “Configuri ng SNMP”
ACLs None configured Chapter 28, “Configu ring Network
Security with ACLs”
QoS Not configured Chapter 30, “Configuring QoS”
EtherChannels None configured Chapter 31, “ Configuring Eth erChanne ls”
IP unicast routing
• IP routing and routing protocols
(requires metro IP access or
metro access image))
• Multi-VRF-CE (requires metro
IP access or metro ac cess image)
HSRP groups (requires metro IP
access image)
IP multicast routing (requires metro
IP access image)
MSDP (requires metro IP access
image)
Disabled Chapter 32, “Configuring IP Unicast
Routing”
Disabled
None configured Chapter 33, “Configuring H SRP”
Disabled on all interfaces Chapter 34, “C onfiguring IP Mul ticast
Routing”
Disabled Chapter 35, “Configuring MSDP”
Network Configuration Examples
This section provide s network co nfigurati on conc ept s and i ncl udes examples of usin g t he s wit ch t o
create dedicated network segments and interconnecting the segments through Fast Ethernet and Gigabit
Ethernet connec tions.
• “Multidwelling or Ethernet-to-the-Subscriber Network” section on page 1-11
• “Layer 2 VPN Application” section on page 1-13
• “Multi-VRF CE Application” section on page 1-14
Multidwelling or Ethernet-to-the-Subscriber Network
Metro Ethernet provides the access technology for service providers deploying voice, video, and Internet
access services to metropolitan areas. The Metro Ethernet user-facing provider edge (UPE) switches
provide economical bandwidth and the security and the QoS needed for these services.
Figure 1-1 shows a Gigabit Ethernet ring for a residential location, serving multitenant units by using
Cisco ME 3400 Ethernet Access switches connected through 1000BASE-X SFP module ports. Cisco ME
switches used as residential switches provide customers with high-speed connections to the service
provider point-of presence (POP ).
Home access gateways are co nne cted t o the ME swi tches th rough UNI s c onfigure d as 802. 1Q tru nks.
Because the default behavior on UNIs allows no local switching between UNI ports, the subscribers are
protected from each other. UNIs also do not process contro l protocol s from custome rs, so
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
1-11
Network Configuration Ex am ples
Set-top box
Set-top box
denial-of-service attacks are avoided. The Cisco ME switch also provides mechanisms such as port
security and IP Source Guard to protect against MAC or IP spoofing. By using advanced access co ntrol
lists, the service providers have granular control of the types of traffic to enter the network.
To provide differential QoS treatment for different types of traffic, the Cisco ME switch can identify,
police, mark, and sc hedul e tra ffic types based on L ayer 2 t o Laye r 4 in forma ti on. T he Ci sco mo dula r
QoS command-line interface (CLI), or MQC, on Cisco ME switches provi des an eff icient method of QoS
configuration. You can configure a poli cer on in gress U NI s to en sure t hat a custom er can send onl y the
amount of bandwidth paid for. On egress NNIs, you can use four different queue s to provide different
levels of priority for different types of traffic. One queue can be assigned as a low-latency queue to
provide expedit ed service for latency sensitiv e traf fic such as v oice. You can also configure a r ate-limiter
on the low-latency queues to prevent other queues from being deprived due to miscon figuration.
When an end statio n in one VL AN nee ds to comm unic ate with an en d s tation in ano ther VLAN, a rou ter
or switch routes the traff ic to the appr opriate destination VLAN , pro viding inter -VLAN routing. VLAN
access control l ist s ( VLAN m aps ) provid e intra -VL AN sec uri ty a nd prevent unaut hori zed use rs from
accessing critical pieces of the network. The routers also provide firewall services, Network Address
Translation (NAT) services, voice-over-IP (VoIP) gateway services, and WAN and Internet access.
Figure 1-1 Cisco ME Switches in a Multidwelling Configuration
Chapter 1 Overview
Cisco routers
Catalyst 6500 switches
Si
Cisco ME switches
Home access gateways
Set-top box
PC PC
Service
Provider
POP
Residential
basement
Residential
location
Set-top box
1-12
TV
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
TV
92998
78-17058-01
Chapter 1 Ov erv iew
SP VLAN 8
SP VLAN 8
SP VLAN 5
Layer 2 VPN Application
Enterprise customers need not only high bandwidth, but also the ability to extend their private network
across the service provid er’ s shared infrastructure. W ith Ethernet in the WAN network, servic e providers
can meet the bandwidth requirements of enterprise customers and use VPN features to extend customers’
networks.
Enterprise customers can use Layer 2 VPN to transparently move any type of traffic across a
service-provider network, and create virtual pipes across the service provider infrastructure. In contrast
to Layer 3 VPN service, Layer 2 VPN lowers operational expenses by minimizing enterprise user-facing
provider edge (UPE) switch con figuration an d manage ment. You can use Cisco ME 3400 switches to
form Layer 2 VPNs so that cu stomers at different loca tions can excha nge infor mation t hrough a
service-provider netwo rk w ith out r equi ring d edic ated c onnec tio ns.
In Figure 1-2, Cisco ME 3400 switches are used as UPEs in customer sites connected to
customer-premises equipment (CPE) switches. The switches can tag customer traffic with the
service-provider VLAN ID on top of t he custom er’s IEEE 802.1Q tag. By supporting double tags, the
Cisco ME 3400 swi tch provide s a v irt ual tunn el for ea ch c ustom er and pr events VLAN ID overlaps
between customers. In add ition to data-p lan e sep arati on , the Cisc o ME 3400 sw itch ca n also tunn el the
customer’s control protocols. With Layer 2 protocol tunne ling, the switch can en capsu late eac h
customer’s control-plane traffic and send it transparently across the service-provider network.
See Chapter 13, “Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling,” for mor e info rmat ion on
configuring these featur es.
Network Configuration Examples
Figure 1-2 Layer 2 VPN Configuration
Customer building
CPE
Customer
VLAN 35-60
Corp A, site 1
CPE
Customer
VLAN 50-120
Corp B, site 1
SP VLAN 5
UPE
UPE
SP VLAN 8
SP Metro core
SP VLAN 8
SP VLAN 8
UPE
SP VLAN 5
SP VLAN 5
UPE
SP VLAN 8
SP VLAN 8
Customer building
CPE
VLAN 50-120
Corp B, site 2
CPE
VLAN 35-60
Corp A, site 2
CPE
VLAN 50-120
Corp B, site 3
78-17058-01
Customer building
UPE = Cisco ME 3400 switch
Customer building
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
92997
1-13
Network Configuration Ex am ples
Multi-VRF CE Application
A VPN is a collection of sites sharing a common routing table. A customer site is connected to the
service-provider network by one or more interfaces, and the service provider associates each interface
with a VPN routing table, called a VPN routing/forwarding (VRF) table. Multiple VPN
routing/forwarding (multi-VRF) instances in customer edge (CE) devices (multi-VRF CE) allows a
service provider to support two or more VPNs with overlap ping IP addre sses.
Multi-VRF CE includes these devices:
• Customer edge (C E) devices provide cust omer s a ccess to t he se rv ice-p rovider ne twork over a data
link to one or more provider edge rou ters. The CE device advertise s the sit e’s local routes to the
router and learn s t he re mote VP N r out es f ro m the ro uter. The Cisco ME 3 400 sw it ch c an b e a CE
device.
• Provider edge (PE) routers exchange routing information with CE devices by using static routing or
a routing protocol such as BG P, RIPv2, OSPF, or EIGRP. The PE is only required to maintain V PN
routes for directly attached VPNs. It does not need to maintain all of the service-provider VPN
routes. Each PE router maintains a VRF for each of its directly connected sites.
• Provider routers or core routers are any routers in the service provider network that do not attach to
CE devices.
Chapter 1 Overview
With multi-VRF CE, multiple customers can share one CE, and only one physical link is used between
the CE and the PE. The shared CE maintains separate VRF tables for each customer and switches or
routes packets for each customer based on its own routing table. Multi-VRF CE extends limited PE
functionality to a CE device, giving it the ability to maintain separate VRF tables to extend the privacy
and security of a VPN to the branch office.
Figure 1-3 shows a configuration using Cisco ME 3400 switches as multiple virtual CEs. This scenario
is suited for customers who hav e low bandwidth requirements for their VPN service, for ex ample, sm all
companies. In this case, multi-VRF CE support is required in the Cisco ME switches. Because
multi-VRF CE is a Layer 3 feature, each interface in a VRF must be a Layer 3 interface.
Figure 1-3 Multiple Virtual CEs
VPN 1
VPN 2
CE1
CE2PE1 PE2
Service
provider
CE = Customer-edge device
PE = Provider-edge device
VPN 1
VPN 2
101385
1-14
See the “Configuring Multi-VRF CE” section on page 32-59 for more information about Multi-VRF-CE.
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 1 Ov erv iew
Where to Go Next
Before configuring the switch, review these sections for startup information:
• Chapter 2, “Using the Command-Line Interface”
• Chapter 3, “Assigning the Switch IP Address and Default Gateway”
• Chapter 4, “Configuring Cisco IOS CNS Agen ts”
Where to Go Next
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
1-15
Where to Go Next
Chapter 1 Overview
1-16
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
CHAPTER
2
Using the Command-Line Interface
This chapter describes the Cisco IOS command-line interface (CLI) and how to use it to configure your
Cisco ME 3400 Ethernet Access switch . It contains t hese secti ons:
• Understanding Comman d Mode s, page 2-1
• Understanding the Help Syste m, page 2-3
• Understanding Abbreviated Com mands, pa ge 2-3
• Understanding no and default Forms of Commands, page 2-4
• Understanding CLI Erro r Me ssage s, page 2-4
• Using Command History, page 2-4
• Using Editing Features, page 2-6
• Searching and Filtering Output of show and more Commands, page 2-8
• Accessing the CLI, page 2-9
Understanding Command Mod es
The Cisco IOS user interface is divided into many different modes. The commands available to you
depend on which mode you are curre ntl y in. En ter a ques tion ma rk (? ) at the system prom pt to ob tain a
list of commands available for each command mode.
When you start a sessio n on the swi tch, you b egin in us er mo de, o ften c alle d user EX EC m ode . Onl y a
limited subset of the commands are available in user EXEC mode. For example, most of the user EXEC
commands are one -time comm ands, s uch as show commands, which show the current configuration
status, and cle ar commands, which clear counters or interfaces. The user EXEC commands are not saved
when the switch reboots.
To have access to all commands, you must enter privileged EXEC mode. Normally, you must enter a
password to enter privileged EXE C m od e. Fr om this mode , you c an en ter any privileged E XEC
command or enter glob al co nfigurati on mode.
Using the configurat ion m odes ( gl ob al, i nte rface , and l ine ), y ou ca n ma ke ch ang es to the ru nning
configuration. If you save the configuration, these commands are stored and used when the switch
reboots. To access the various configuration modes, you must sta rt at glo bal c onfigura tion mo de . Fro m
global configuration mo de, you can enter inte rface con figuration mod e and line configurati on mode.
Table 2-1 describes the main command mode s, how to access each one, the prom pt you see in that mode, and
how to exit the mode. The examples in the table use the hostname Switch.
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
78-17058-01
2-1
Chapter 2 Using the Comm and-Line Interface
Understanding Command Modes
Table 2-1 Command Mode Summary
Mode Access Method Prompt Exit Method About This Mode
User EXEC Begin a session with
your switch.
Privileged EXEC While in use r E XEC
mode, enter the
enable command.
Global configuration While in privileged
EXEC mode, en ter
the configure
command.
VLAN configuration While in global
configuration mode,
enter the
vlanvlan- id
command.
Interface
configuration
While in global
configuration mode,
enter the interface
command (with a
specific interface).
Switch>
Switch#
Switch(config)#
Switch(config-vlan)#
Switch(config-if)#
Enter logout or
quit.
Enter disable to
exit.
T o e xi t to pr i v ileged
EXEC mode, enter
exit or end, or press
Ctrl-Z.
To exit to global
configuration mode,
enter the exit
command.
To return to
privileged EXEC
mode, press Ctrl-Z
or enter end .
To exit to global
configuration mode,
enter exit.
To return to
privileged EXEC
mode, press Ctrl-Z
or enter end .
Use this mode to
• Change terminal settings.
• Perform basic tests.
• Display system
information.
Use this mode to verify
commands that you have
entered. Use a password to
protect access to this mode.
Use this mo de t o configur e
parameters that apply to the
entire switch.
Use this mo de t o configur e
VLAN parameters.
Use this mo de t o configur e
parameters for the Eth erne t
ports.
For information about defining
interfaces, see the “Using
Interface Configura tion Mode”
section on page 9-7.
Line configuration While in global
configuration mode,
specify a line with
the line vty or line
console command.
For more detailed information on the command modes, see the command reference guide for this release.
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
2-2
Switch(config-line)#
To exit to global
configuration mode,
enter exit.
To return to
privileged EXEC
mode, press Ctrl-Z
or enter end .
To configure multiple
interfaces with the same
parameters, see the
“Configuring a Range of
Interfaces” sect ion on
page 9-8.
Use this mo de t o configur e
parameters for the ter mina l
line.
78-17058-01
Chapter 2 Us ing the Command-Line Interface
Understanding the Help System
Understanding the Help System
You can enter a quest ion ma rk (?) at the system prompt to display a list of co mm an d s a vailable for each
command mode. You can also obtain a list of associated keywords and arguments for any command, as
shown in Table 2-2.
Table 2 - 2 Help Summary
Command Purpose
help Obtain a brief descript ion of the help syst em in any comman d mode.
abbreviated-command-en try? Obtain a list of comma nds that begin wit h a partic ular cha racter st ring.
For example:
Switch# di?
dir disable disconnect
abbreviated-command-en try<Tab> Complete a partial command name.
For example:
Switch# sh conf<tab>
Switch# show configuration
? List all comma nds available for a part ic ular c omma nd mo de.
For example:
Switch> ?
command ? List the associated keywords for a command.
For example:
Switch> show ?
command keyword ? List the associ ated a rguments for a keyword.
For example:
Switch(config)# cdp holdtime ?
<10-255> Length of time (in sec) that receiver must keep this packet
Understanding Abbreviated Comma nds
You need to ente r on ly enou gh ch ar act ers for the sw itc h to re cogn iz e t he c om mand a s u ni que.
This example sho ws how to enter the show configuration privile g ed EX EC comma nd in an abbre v iated
form:
Switch# show conf
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
2-3
Chapter 2 Using the Comm and-Line Interface
Understanding no and de fault Forms of Commands
Understanding no and default Fo rms of Comma nds
Almost e ver y conf igu ration co mmand a lso ha s a no form. In ge neral , use the no form to disable a feature
or function or reverse th e a c tio n of a co mm an d. For exam pl e, t he no shutdown interface c onfigura tion
command reverses the shutdown of an interface. Use the command without the keyword no to re-enable
a disabled feature or to enable a feature t hat is di sabled by default .
Configuration commands can also have a default form. The default form of a command returns the
command setting to its default. Most commands are disabled by default, so the default form is the same
as the no form. However , some c ommands are enable d by def ault and ha ve v ariables set to certain def ault
values. In thes e case s, th e default command enables the command and sets variables to their default
values.
Understanding CLI Error Messages
Table 2-3 li sts some err or messa ges t hat y ou mi gh t en coun ter whi le using the C LI t o co nfigure you r
switch.
Table 2-3 Common CLI Error Messages
Error Message Meaning How to Get Help
% Ambiguous command:
"show con"
% Incomplete command.
% Invalid input detected
at ‘^’ marker.
You did not enter enough characters
for your switch to recognize the
command.
You did not enter all the keywords or
values required by this command.
You entere d th e co mm an d
incorrectly. The caret (^) marks the
point of the error.
Re-enter the command followed by a question mark (?)
with a space between the command and the question
mark.
The possible keywords that y ou can en ter wi th the
command appear.
Re-enter the command followed by a question mark (?)
with a space between the command and the question
mark.
The possible keywords that y ou can en ter wi th the
command appear.
Enter a question mark (?) to display all the commands
that are available in this command mode.
The possible keywords that y ou can en ter wi th the
command appear.
Using Command History
The software provides a history or re cord of com mands tha t you have entered. Th e comman d history
feature is particularly useful for recalling long or complex commands or entries, including access lists.
You can customize this feature to suit your needs as described in these sections:
2-4
• Changing the Command History Buffer Size, page 2-5 (optional)
• Recalling Commands, page 2-5 (optional)
• Disabling the Comm and Histo ry Feat ure, pa ge 2-5 (o ptiona l)
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 2 Us ing the Command-Line Interface
Changing the Command History Buffer Size
By default, the switch records ten command lines in its history buffer. You can alter this number for a
current terminal session or for all sessions on a particular line. These procedures are optional.
Beginning in privileged EXEC mode, en ter this co mm an d to cha nge th e num ber of c omm an d lin es that
the switch records during the current terminal session:
Switch# terminal history [size number-of-lines]
The range is from 0 to 256.
Beginning in line configur ati on mode , en ter thi s co mmand to c onfigure t he nu mb er of com ma nd l ine s
the switch records for all sessions on a particular line:
Switch(config-line)# history [size number-of-lines]
The range is from 0 to 256.
Recalling Commands
Using Command History
T o recall commands from the history buffer, perform one of the actions listed in Table 2-4. These actions
are optiona l.
Table 2-4 Recalling Commands
1
Action
Press Ctrl-P or the up arrow key. Recall comma nds in t he hi stor y buffer, beginning with the most rec ent c omma nd.
Press Ctrl-N or the down arrow key. Return to more recent commands in the history buffer after reca lling com mands
show history While in privileged EXEC mode, list the last several commands that you just
1. The arrow keys function only on ANSI-compatible terminals such as VT100s.
Result
Repeat the key sequence to recall successively older commands.
with Ctrl-P or the up arrow key. Repeat the key sequence to recall succ essively
more recent comm ands .
entered. The number of commands that appear is controlled by the setting of the
terminal his tory glob al conf iguration com mand and the history line configuration
command.
Disabling the Command Hist or y Feat ure
The command history feature is au tomatically enabled. You can disable it for the current te rminal session
or for the command line . These pr ocedu res are optional .
To disable the feature during the current terminal session, enter the terminal no history privileged
EXEC command.
78-17058-01
To disable command history for the line, enter the no history line configuration comm and.
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
2-5
Using Editing Features
Using Editing Features
This section describes th e editin g featur es that can he lp you manip ulate the command line. It con tains
these sections:
• Enabling and Disabling Editing Features, page 2-6 (optional)
• Editing Commands th rou gh Keystrokes, page 2 -6 (o ptional )
• Editing Comman d Li nes t hat W rap, page 2 -8 (o ptiona l)
Enabling and Disabling Editing Features
Although enhanced e diting mode is automat ic ally enabled, you can disable it, re-enable it, or configure
a specific line to have enhanced editing. These procedures are optional.
To globally disable enhanced editing mode, enter this command in line configuration mode:
Switch (config-line)# no editing
To re-enable the enhanced editing mode for the current terminal session, enter this command in
privileged EXEC mode:
Switch# terminal editing
Chapter 2 Using the Comm and-Line Interface
To reconfigure a specific line to have enhanced editing mode, enter this command in line configuration
mode:
Switch(config-line)# editing
Editing Commands through Keystrokes
Table 2-5 shows the keystrokes that you need to edit command lines. These keystrokes are optional.
Table 2-5 Editing Commands through Keystrokes
Capability Keystroke
Move around the command line to
make changes or correc tions.
Recall commands from th e buffer a nd
paste them in the command lin e. Th e
switch provides a bu ff er with th e last
ten items that you deleted.
Press Ctrl-B, or press the
left arrow key.
Press Ctrl-F, or press the
right arrow key.
Press Ctrl-A. Move the cursor to th e b eginni ng of t he c om ma nd l ine.
Press Ctrl-E. Move the cursor to the end of the command line.
Press Esc B. Move the cursor back one word.
Press Esc F. Move the cursor forward one word.
Press Ctrl-T. Transpose the character to the left of the cursor with the
Press Ctrl-Y. Recall the most recent entry in the buffer.
1
Purpose
Move the cursor back one ch arac ter.
Move the cursor forward one character.
character located at the cursor.
2-6
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 2 Us ing the Command-Line Interface
Table 2-5 Editing Commands through Keystrokes (continued)
Using Editing Features
Capability Keystroke
Press Esc Y. Recall the next buffer entry.
Delete entries if you make a mistake
or change your mind .
Press the Delete or
Backspace key.
Press Ctrl-D. Delete the ch ar ac ter a t t he cu rsor.
Press Ctrl-K. Delete all characters from the cursor to the end of the
Press Ctrl-U or Ctrl-X. Delete all characters from the cursor to the beginning of
Press Ctrl-W. Delete the word to the left of the cursor.
Press Esc D. Delete from the cursor to the end of the word.
Capitalize or lowercase words or
Press Esc C. Capitalize at the cursor.
capitalize a set of letters.
Press Esc L. Change the word at the cursor to lowercase.
Press Esc U. Capitalize letters from the cursor to the end of the word.
Designate a part ic ula r keystroke as
Press Ctrl-V or Esc Q.
an executab le command, per haps as a
shortcut.
Scroll down a line or screen on
Press the Return key. Scroll down one lin e.
displays that are longer than the
terminal screen can display.
1
Purpose
The buffer contains only the last 10 items tha t you have
deleted or cut. If you press Esc Y more than ten times, you
cycle to the first buffer entry.
Erase the character to the left of the cursor.
command line.
the command lin e.
Note The More prompt is used for
any output that has mo re
lines than can b e di spla yed
on the terminal screen,
including show command
output. You can use the
Return and Space bar
keystrokes whenever you see
the More prompt .
Press the Space bar. Scroll down one scre en .
Redisplay the current command line
Press Ctrl-L or Ctrl-R. Redisplay the current command line.
if the switch sudde nly sends a
message to your screen.
1. The arrow keys function only on ANSI-compatible terminals such as VT100s.
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
78-17058-01
2-7
Searching and Filtering Output of show and more Commands
Editing Command Lines that Wrap
You can use a w rap aro und fea ture for c om mands t hat extend b eyond a singl e li ne on th e sc re en. W h en
the cursor reaches the right margin, the command line shifts ten spaces to the left. You cannot see the
first ten characters of the line, but you can scrol l back a nd check t he syntax a t the beginning of t he
command. The keystroke actions are optional.
T o scroll back to the be ginning of the command entry, press Ctrl-B or the left arrow key repeatedly. You
can also press Ctrl-A to immediately m ove to t he begi nn ing o f th e l ine .
Note The arrow keys function only on ANSI-co mpati ble termi nals such as VT100 s.
In this example, the access-list global configuration command entry extends beyond one line. When the
cursor first reaches the en d of the line, the line is shifted ten spaces to the left and redisplaye d. The dollar
sign ($) sho ws t hat th e line has been scrol led to the left. Each time th e curs or reaches the end of the line,
the line is again shifted ten spaces to the left.
Switch(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1
Switch(config)# $ 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.25
Switch(config)# $t tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq
Switch(config)# $108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq 45
Chapter 2 Using the Comm and-Line Interface
After you complete the entry, press Ctrl-A to check th e complete s yntax before pressin g the Return key
to execute t he co mm an d. Th e d o llar sig n ( $ ) ap pears at the end of the line to sho w t ha t th e lin e h as b een
scrolled to the right:
Switch(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1$
The software assumes you have a terminal screen that is 80 columns wide. If you have a width other than
that, use the terminal width privileged EX EC c omm an d to se t th e widt h of y our te rmin al .
Use line wrapping wit h the comm and hi story fea ture to rec all and modi fy previous comp lex command
entries. For info rmation a bout rec alling pr e vious command entries, see th e “E diti ng Comma nds t hroug h
Keystrokes” section on page 2-6.
Searching and Filtering Output of show and more Commands
You can search and filter the o utput for show and more commands. This is useful when you need to sort
through large amounts of output or if you want to exclude output that you do not need to see. Using these
commands is option al.
To use this functionality, enter a show or more command followed by the pi pe character (|), one of the
keywords begin, include, or exclude, and an expression that you want to se arch f or or filter out:
command | {begin | include | exclude} regular-expression
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output
are not displayed, but the lines tha t contain Output appear.
2-8
This example shows how to include in the output disp lay only line s where th e expression protocol
appears:
Switch# show interfaces | include protocol
Vlan1 is up, line protocol is up
Vlan10 is up, line protocol is down
GigabitEthernet0/1 is up, line protocol is down
GigabitEthernet0/2 is up, line protocol is up
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 2 Us ing the Command-Line Interface
Accessing the CLI
You can acc ess t he CL I thro ugh a cons ol e co nne ctio n, t hro ugh Telnet, or by us ing th e browser.
Accessing the CLI through a Console Connection or through Telnet
Before you can access the CLI, you must connect a terminal or PC to the switch console port and power
on the switch as described in the hardware installation guide that shipped with your switch. Then, to
understand the boot proc ess and the op tions available for assign ing IP infor mation, se e Chapter 3,
“Assigning the Switch IP Address and Default Gateway.”
If your switch is a lre ad y configure d, you ca n acc ess the C LI t hr ough a l o cal conso le co nne ctio n o r
through a remote Telnet session, but your switch must first be configured for th is type of acc ess. For
more information, see the “Setti ng a Telnet Password for a Termina l Line” se ction on page 7-6.
You can use one of these methods to establish a connection with the switch:
• Connect the switch console port to a management station or dial-up modem. For information about
connecting to the console port, see the switch hardware installation guide.
Accessing the CLI
• Use any Telnet TCP/IP or encrypted Secure Shell (SSH) package from a remote management
station. The switch must have network connectivity with the Telnet or SSH client, and the switch
must have an enable secret password configured.
For information about configuring the switch for Telnet access, see the “Setting a Telnet Password
for a Terminal Line” section on page 7-6. The switch supports up to 16 simultaneous Telnet sessions.
Changes made by one Telnet user are reflected in all other Telnet sessions.
For information about configuring the switch for SSH, see the “Configuring the Switch for Secure
Shell” section on page 7-37 . T he s witc h su pport s up to five simultaneous secu re SSH s ession s.
After you connect through the consol e port, thro ugh a Telnet session or through an SSH sessio n, the
user EXEC prompt appears on the management station.
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
2-9
Accessing the CLI
Chapter 2 Using the Comm and-Line Interface
2-10
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
CHAPTER
3
Assigning the Switch IP Address and Default Gateway
This chapter describes how to create the initial switch configuration (for example, assigning the
switch IP address an d default gateway infor matio n) for the Ci sco Metr o Ethern et (ME) 3400 Et herne t
Access switch by using a variety of automatic and manual methods. It also describes how to modify the
switch startup configuration.
Note For complete syntax and usage information for the commands used in this chapter, see the command
reference for this release and to the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and
Services, Releas e 12.2.
This chapter consists of these sections:
• Understanding the Boot Process, pa ge 3-1
• Assigning Switch Infor mat ion, page 3-2
• Checking and Saving the Running Configuration , page 3-10
• Modifying the Startup Configu ration, pa ge 3-12
• Scheduling a Reload of th e Software Imag e, page 3-16
Note Information in this chapter abo ut co n figuring IP addresses and DHCP is specific to I P Version 4 (I Pv4).
Understanding the Boot Process
T o start your switch, you need to follow the p rocedures in the hardw are installation guide abou t installing
and powering on the switch, and setting up the initial configuration (IP address, subnet mask, default
gateway, secret and Telnet passwords, and so fo rt h) of the switc h.
The normal boot pro cess i nvolves the operatio n of t he bo ot loa der sof tware, whi ch perfo rm s the se
functions:
• Performs low-le vel CPU initializa tion. It initializes th e CPU registers, which control where physical
memory is mapped, its quantity, its speed, and so forth.
• Performs power -on self-test (POST ) for the CPU subsystem. I t tests the CPU DRAM and the portion
of the flash device that makes up the flash file system.
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
3-1
Assigning Switch Information
• Initializes the flash file system on the system board.
• Loads a default operating system software image into memory and boots the switch.
The boot loader p rovid es access t o the fla sh f ile syst em befo re the ope rating s ystem is lo aded. No rmally,
the boot loader is used only to load, uncompress, and launch the operating system. After the boot loader
gives the operating system control of the CPU, the boot loader is not active until the next system reset
or power-on.
The boot loader also provides trap-door access into the system if the operating system has problems
serious enough that it cann ot be used. The trap-doo r mech anism provid es enoug h access t o the system
so that if it is necessary, you can format the flash file system, reinstall the operating system software
image by using the XM OD EM Pr otoc ol, re c over from a lo st or forgotte n pa ssword, an d finall y res tart
the operating syste m. For more inf ormation, see th e “Recovering from Corrupted Software By Using the
Xmodem Protocol ” se ction on p age 36-2 and the “Recovering from a Lost or Forgotten Password”
section on page 36-3 .
Note You can disable password rec overy. For more information, see the “Disabling Password Recovery”
section on page 7-5.
Chapter 3 Assigning the Switch IP Address and Default Gateway
Before you can assign switch information, make sure you have connected a PC or terminal to the console
port, and configured the PC or ter minal-e mulat ion software baud rate an d chara cter format to match
these of the switch consol e port:
• Baud rate default is 9600.
• Data bits default is 8.
Note If the data b its opti on is set to 8, s et th e pari ty opti on to none.
• Stop bits default is 1.
• Parity settings default is none.
Assigning Switch Information
You can assign IP informa tion throug h the swi tch setup prog ram, through a DHC P server, or manually.
Use the switch setup program if yo u want to be p rompted for specif ic IP in formation. W ith this program,
you can also configure a hostname and an enable secret password. It gives you the option of assigning a
T eln et pass wor d (to pro vi de secu rity du ring re mote ma nage ment) . Fo r more i nform ation about th e setup
program, see the “Configuring the Switch with the CLI-Based Setup Program” appendix in the hardware
installation guide.
Use a DHCP server for centralized control and automatic assignment of IP information after the server
is configured.
3-2
Note If you are using DHCP, do not respond to any of the questions in the setup program until the sw itch
receives the dynamically assigned IP address and reads the configuration file.
If you are an experienced user familiar with the switch configuration steps, manually configure the
switch. Otherwise, use t he se tup progr am d escrib ed pr eviously.
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 3 Assigning the Switch IP Address and Default Ga teway
These sections contai n this co nfigurati on inform ation:
• Default Switch Informatio n, page 3-3
• Understanding DHCP-Bas ed Autoconfigura tion, page 3-3
• Manually Assigning I P In forma ti on, p ag e 3-9
Default Switch Information
Table 3-1 shows the default switch information.
Table 3-1 Default Switch Information
Feature Default Setting
IP address and subnet ma sk No IP address or subnet m ask a re d efined.
Default gateway No default gateway is defined.
Enable secret password No password is defined.
Hostname The factory-assigned default hostname is Switch.
Telnet password No password is defined.
Assigning Switch Information
Understanding DHCP-Based Autoconfiguration
DHCP provides configuratio n inf orm ati on to Int erne t hos ts a nd inter net worki ng devices. Thi s pr otoc ol
consists of two components: one for delivering configuration parameters from a DHCP server to a device
and a mechanism for allocating network addresses to devices. DHCP is built on a client-server model,
in which designated DH CP s ervers a ll ocat e ne twork a dd resses a nd de liver configuration pa ram ete rs t o
dynamically configured devices. The switch can act as a DHCP client, but it cannot be a DHCP server.
During DHCP-based autoconfigur ation, you r switch (DH CP client) is au tomatica lly configured at
startup with IP address info rmati on and a co nfiguration file.
With DHCP-based autoconfiguration, no DHCP client-sid e configurati on is needed on your switc h.
However , you need to configure the DHCP server for various lease options associated with IP addresses.
If you are using D HC P to rel ay t he c on figurati on file loca tio n o n the net work, you mig ht al so ne ed to
configure a Trivial File Transfer Protocol (TFTP) server and a Domain Name System (DNS) server.
The DHCP server for your switch can be on the same LAN or on a different LAN than the switch. If the
DHCP server is runn ing o n a differen t LAN , you sh oul d c onfigure a D HC P rela y device be twe en y our
switch and the DHCP server. A relay device forwards broa dc ast tra ffic between two dire ct ly con ne cted
LANs. A router does not forward broadcast packets, but it forwards packets based on the destinat ion IP
address in the received packet.
DHCP-based autoconfiguration replaces the BOOTP client functionality on your switch.
DHCP Client Request Process
78-17058-01
When you boot your switch, the DHCP client is invoked and requests configuration information from a
DHCP server when th e co n figuration file is not present o n th e switc h. I f th e c onfiguration file is presen t
and the configuration includes the ip address dhcp interface config urat ion com mand on specific routed
interfaces, the DHCP client is invoked and requests the IP address information for those interfaces.
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
3-3
Assigning Switch Information
Figure 3-1 shows the sequence of message s tha t are e xcha nged betw een the DHC P clien t and th e DHCP
server.
Figure 3-1 DHCP Client and Server Message Exchange
Switch A
The client, Switch A, broadcasts a DHCPDISCOVER message to locate a DHCP server. The DHCP
server offers configuration parameters (such as an IP address, subnet mask, gateway IP address, DNS IP
address, a lease for the IP address, and so forth) to the client in a DHCPOFFER unicast message.
In a DHCPREQUEST br oadc ast me ssage , the cli ent ret urns a fo rm al r eque st f or the offered
configuration information to the DHCP server. The formal request is broadcast so that all other DHCP
servers that received the DHCPDISCOVER broadcast message from the client can reclaim the IP
addresses that they offered to the client.
DHCPDISCOVER (broadcast)
DHCPOFFER (unicast)
DHCPREQUEST (broadcast)
DHCPACK (unicast)
Chapter 3 Assigning the Switch IP Address and Default Gateway
DHCP server
51807
The DHCP server confirms that the IP address has been allocated to the client by returning a DHCPACK
unicast message to the client. With this message, the client an d server are boun d, and the c lient use s
configuration information received from the server. The amount of information the switch receives
depends on how you configure the DHC P server. For more information, see the “Configuring the TFTP
Server” section on page 3-5.
If the configuration parameters sent to the client in the DHCPOFFER unicast message are invalid (a
configuration error e xi sts), the cli en t returns a DHCPDECL INE broa dcast messa ge to the DHCP server.
The DHCP server sends the client a DHCPN AK denial broadcast message, which mean s that the of fered
configuration parameters have not been assigned, that an error has occurred during the negotiation of the
parameters, or that the client has been slow in responding to the DHCPOFFER message (the DHCP
server assigned the par am eters t o an othe r cl ien t).
A DHCP client might receive offers from multiple DHCP or BOOTP servers and can accept any of the
offers; however, the client usually accepts the first offer it receives. The offer from the DHCP server is
not a guarantee that the IP address is allocated to the client; however, the server usually reserves the
address until the client has had a chance to formally request the address. If the switch accepts replies
from a BOOTP server and configures itself, the switch broadcasts, instead of unicasts, TFTP requests to
obtain the switch configurati on file.
3-4
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 3 Assigning the Switch IP Address and Default Ga teway
Configuring DHCP-Based Autoconfiguration
These sections contai n this co nfigurati on inform ation:
• DHCP Server Configuration Guidelines, page 3-5
• Configuring the TFTP Se rver, page 3-5
• Configuring the DNS, page 3-6
• Configuring the Relay Device, page 3-6
• Obtaining Configuration Fi les, pa ge 3-7
• Example Configurati on , p ag e 3-8
If your DHCP server is a Cisco device, see the “Configuring DHCP” section of the “IP Addressing and
Services” section of the Cisco IOS IP Co nfiguration G uid e, Release 12.2 for additional information
about configuring DHCP.
DHCP Server Configuration Guidelines
Follow these guidelines if y ou are configur ing anot her device as a D HCP server:
Assigning Switch Information
You should configure the DHCP server with reserved leases that are bound to each switch by the switch
hardware address.
If you want the switch to recei ve IP address information, yo u must configure th e DHCP server with these
lease options:
• IP address of the client (requi red)
• Subnet mask of the client (requ ired)
• DNS server IP address (optional)
• Router IP address (d efaul t gat eway addres s t o be us ed by t he sw itch ) ( requ ir ed)
If you want the switch to receive the configuration file from a TFTP server, you must configure the
DHCP server with these lease options:
• TFTP server name (requ i red)
• Boot filename (the n ame of the con figurat ion file tha t the c lien t ne e ds) (r ec omme nde d)
• Hostname (optional)
Depending on the settings of the DHCP server, the switch can receive IP address information, the
configuration file, or bot h.
If you do not configure the DHCP server with the lease opti ons described previously, it replies to client
requests with only those parameters that are configured. If the IP address and the subnet mask are not in
the reply, the switch is not co nfigur ed. I f the ro uter IP add re ss or th e TFTP server name ar e not fou nd,
the switch might send broadcast , instead of un icast, TFTP requests. Una v ailability of other lease options
does not affect autoconfigurati on.
Configuring the TFTP Server
Based on the DHCP server configuration, the switch attempts to download one or more configuration
files from the TFTP server. If you configured the DHCP server to respond to the switch with all the
options required for IP connectivity to the TFTP server, and if you configured the DHCP server with a
TFTP server name, address, and configuration filename, the switch attempts to download the specified
configuration file from the specified TFTP server.
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
3-5
Assigning Switch Information
If you did not specify the configuration filename, the TFTP server, or if the configuration file could not
be downloaded, the switch attempts to download a configuration file by using various combinations of
filenames and TFTP serv er addresses. Th e file s include the specif ied conf igurati on file name (if any ) and
these files: network-config, cisconet.cfg, hostname.config, or hostname.cfg, w he r e host nam e is the
switch’s current hostname. The TFTP server addresses used include the specified TFTP server address
(if any) and the broadcast add ress (255.2 55.255 .255).
For the switch to successfully download a configuration file, the TFTP server must contain one or more
configuration files in its b ase dire cto ry. The files can includ e thes e files:
• The configuration file named in the DHCP reply (t he actual sw itch co nfiguration file).
• The network-confg or the c isconet .cfg file (known as the defaul t configuration files).
• The router-confg or the cisc ortr.cfg file (These files contain comm ands com mon to all switche s.
If you specify the T FT P se rver na me i n the DH CP s erver-leas e da taba se, you m ust a lso co nfigure the
TFTP server name-to-IP-address mapping in the DNS-server database.
If the TFTP serve r to be used is on a dif ferent LAN f rom the switch, or if it is to be accessed b y the switch
through the broadcast addr ess (whic h occurs if the DHCP server respon se does not co ntain all t he
required informat ion de scri bed previou sly ), a re lay must be co nfigured to f orwa rd the TFTP packet s to
the TFTP server . F or more informatio n, see the “Conf iguri ng the Rela y Devi ce” secti on on page 3-6 . The
preferred solution is to configure the DHCP server with all the required information.
Chapter 3 Assigning the Switch IP Address and Default Gateway
Normally, if the DHCP and TFTP servers are properly configured, these files are not accessed.)
Configuring the DNS
The DHCP server uses the DNS server to resolve the TFTP server name to an IP address. You must
configure the TFTP ser ver n ame- to-I P addr e ss map on the D NS server. The TFTP server contai ns t he
configuration files for the switch.
You can configure the IP addresse s of the DNS servers in the lea se datab ase of the DH CP server from
where the DHCP replies will retrie v e them. You ca n enter up to tw o DNS serv er IP addresse s in the lease
database.
The DNS server can be on the same or on a different LAN as the switch. If it is on a different LAN, the
switch must be able to access it through a router.
Configuring the Relay Device
You must configure a relay device, also referr ed to as a relay a g ent, when a swi tc h send s b roadc as t
packets that require a response from a host on a different LAN. Examples of broadcast packets that the
switch might send are DHCP, DNS, and in some cases, TFTP packets. You must configure this relay
device to forward received broadcast packets on an interface to the destination host.
If the relay device is a Ci sco ro ut er, enable I P rou ting (ip routing global configur ati on co mman d), an d
configure helper add resse s by using the ip helper-address interface configuration co mm an d.
For example, in Figure 3- 2, configure t he route r interfaces as follows:
On interface 1 0. 0.0 .2:
router(config-if)# ip helper-address 20.0.0.2
router(config-if)# ip helper-address 20.0.0.3
router(config-if)# ip helper-address 20.0.0.4
3-6
On interface 2 0. 0.0 .1
router(config-if)# ip helper-address 10.0.0.1
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 3 Assigning the Switch IP Address and Default Ga teway
Note If the switch is acting as the relay de vic e, co nf igure the inter face a s a route d port. For more in formatio n,
see the “Routed Ports” sec tion o n page 9-4 and the “Configuring Laye r 3 Interfac es” secti on on
page 9-20.
Figure 3-2 Relay Device Used in Autoconfiguration
Assigning Switch Information
Switch
(DHCP client)
10.0.0.1
20.0.0.2 20.0.0.3
DHCP server TFTP server DNS server
Obtaining Configuration Files
Depending on the availability of the IP address and the configuration filename in the DHCP reserved
lease, the switch obtains its configuration information in these ways:
• The IP address and the co n figuration filename is res er ved for the switch and provide d in the DHCP
reply (one-file read method).
The switch rece ives its IP addres s, subn et mas k, TFTP server add res s, and th e configur ation
filename from the DHCP server. The switch sends a unicast message to the TFTP server to retrieve
the named configuration file from the base directory of the server and upon receipt, it completes its
boot-up process.
Cisco router
(Relay)
10.0.0.2
20.0.0.1
20.0.0.4
49068
78-17058-01
• The IP address and the configuration filename is reserved for the switch, but the TFTP server
address is not provided in the DHCP reply (one-file read method).
The switch receives its IP address, subn et mask, and the configuratio n filename from t he DHCP
server. The switch sends a broadcast message to a TFTP server to retrieve the named configuration
file from the base di rec tory of the s erver, and upon rec eipt, it com pl etes i ts boo t-up pr ocess.
• Only the IP address is reserved for the switch and provided in the DHCP reply. The configuration
filename is not provided (two-file read method).
The switch receives its IP address, subnet mask, and the TFTP server address from the DHCP server.
The switch sends a unicast message to the TFTP server to retrieve the network-confg or cisconet.cfg
default configur ation file. (If the netw ork-confg file cann ot be read, the switch reads the cisconet.cfg
file.)
The default configuration file contains th e hostnam es-to-I P-addre ss mapping fo r the switch. The
switch fills its host table with the information in the file and obtains its hostname. If the hostname
is not found in t he file, t he sw itc h u ses the h ostna me in the DHC P re ply. If the hostname i s not
specified in the DHCP reply, the switch uses the default Switch as its hostname.
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
3-7
Assigning Switch Information
After obtaining its hostname from the default conf iguration f ile or the DHCP reply, the switch reads
the configuration file that has the same name as its hostname (hostname-confg or hostname.cfg,
depending on whether network-confg or cisconet .cfg was read earlier) fro m the TFTP server. If the
cisconet.cfg file is read, the filename of the host is truncated to eight characters.
If the switch ca nno t re ad t he ne twork- co nfg, ci scon et. cf g, or t he h ost name file, i t read s t he
router-confg file. If the switc h cannot rea d the rou ter-confg file, it re ads the ci scortr.cfg file.
Note The switch broadcasts TFTP server requests if the TFTP server is not obtained from the DHCP replies,
if all attempts to read the configuration file through unicast transmissions fail, or if the TFTP server
name cannot be r eso lved t o an I P a ddr ess.
Example Configuration
Figure 3-3 shows a sample network for retrieving IP information by using DHCP-based autoconfiguration.
Figure 3-3 DHCP-Based Autoconfiguration Network Example
Chapter 3 Assigning the Switch IP Address and Default Gateway
Switch 1
00e0.9f1e.2001
Cisco router
10.0.0.10
DHCP server DNS server TFTP server
Switch 2
00e0.9f1e.2002
10.0.0.1
Switch 3
00e0.9f1e.2003
10.0.0.2 10.0.0.3
(tftpserver)
Switch 4
00e0.9f1e.2004
111394
Table 3-2 shows the configuration of the reserved leases on the DHCP server.
Table 3-2 DHCP Server Configuration
Switch A Switch B Switch C Switch D
Binding key (hardware address) 0 0e0.9f1e .200 1 00e0.9f1e.2002 00e0.9f1e.200 3 00e0.9f1e.200 4
IP address 10.0.0.21 10.0.0.22 10.0.0.23 10.0.0.24
Subnet mask 255.255.255.0 255.255.255.0 255.255.2 55. 0 255.255.2 55. 0
Router address 10.0.0 .10 10.0.0.10 10.0.0.10 10.0.0.10
DNS server address 10.0.0.2 10.0.0.2 10.0.0.2 10.0.0.2
TFTP server name tftpserver or
10.0.0.3
Boot filename (configuration file)
switcha-confg switc hb-con fg switchc-confg swit chd- confg
tftpserver or
10.0.0.3
tftpserver or
10.0.0.3
tftpserver or
10.0.0.3
(optional)
Hostname (optional) switcha switchb switchc switchd
3-8
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 3 Assigning the Switch IP Address and Default Ga teway
DNS Server Configuration
The DNS server maps th e TFT P server nam e tftpserver to IP address 1 0.0.0 .3.
TFTP Server Configuration (on UNIX)
The TFTP server base directory is set to /tftpserver/work/. This directory contains the network-confg file
used in the two-file read met hod. Th is file cont ain s t he hos tn am e to be a ssigne d to th e s witc h ba sed on
its IP address. The base director y also conta ins a configurat ion file for each switc h (switcha-confg,
switchb-confg, and so forth) as shown in this display:
prompt> cd /tftpserver/work/
prompt> ls
network-confg
switcha-confg
switchb-confg
switchc-confg
switchd-confg
prompt> cat network-confg
ip host switcha 10.0.0.21
ip host switchb 10.0.0.22
ip host switchc 10.0.0.23
ip host switchd 10.0.0.24
Assigning Switch Information
DHCP Client Configuration
No configuration file is present on Switch A through Switch D.
Configuration Explanation
In Figure 3-3, Switch A reads its configurat ion file as follows:
• It obtains its I P add re ss 10 .0.0 .21 f rom th e D HC P ser ver.
• If no configuration filename is given in the DHCP server reply, Switch A reads the network-conf g
file from the base dire cto ry of t he T FT P se rver.
• It adds the contents of the network-confg file to its host table.
• It reads its host ta ble by indexi ng i ts I P a ddr ess 10 .0. 0. 21 t o it s hostnam e (sw itch a).
• It reads the configuration file that corresponds to its hostname; for example, it reads switch1-confg
from the TFTP server.
Switches B through D retrieve their configuration files and IP addresses in the same way.
Manually Assigning IP Information
Beginning in privileged EXEC mode, follow these steps to manually assign IP information to a switch
virtual interface (SVI). If the switch is run ning the metr o IP access image, you ca n also manually assig n
IP information to a port if you first put the port into Layer 3 mode by using the no switchport command.
Step 1
Step 2
Step 3
Step 4
78-17058-01
Command Purpose
configure terminal Ente r global con figuration mod e.
interface vlan vlan-id Enter interface configuration mode, and en ter th e VLAN to which th e IP
information is a ssigne d. T he r an ge is 1 t o 409 4; do not ent er lea ding
zeros.
ip address ip-address subnet-mask Enter the IP address and subnet ma sk.
exit Return to global configur ation m ode.
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
3-9
Checking and Saving the Runnin g Configuration
Command Purpose
Step 5
Step 6
Step 7
Step 8
Step 9
ip default-gateway ip-address Enter the IP addr ess of the next- hop ro ut er i nte rface th at is dire c tly
end Return to privileged EXEC mode.
show interfaces vlan vlan-id Verify the configured IP address.
show ip red irect s Verify the configured default gateway.
copy running-config startup-config (Optional) Save your entries in the configurati on file.
To remove the switch IP address, use the no ip address interface configura tion co mmand . If you are
removing the address through a Telnet session, your connec tion to th e switch will be lost. To remov e t he
default gateway address, us e t he no ip default-gateway global configura tion comma nd.
Chapter 3 Assigning the Switch IP Address and Default Gateway
connected to the switch where a default gateway is being configured. The
default gateway receives IP packets w ith un re solved d estina ti on IP
addresses from the switch.
Once the default ga teway is configure d, the switch has co nnectivity t o the
remote networks with which a host needs to communicate.
Note When your switch is configured to rout e with I P, it does not need
to have a default gateway set.
For information on setting the switch system name, protecting access to privileged EXEC commands,
and setting time and cale ndar ser vices, see Chapter 5, “Administering the Switch.”
Checking and Saving the Running Configuratio n
You can check the configurat ion set tings you ent ered or cha nges you mad e by enterin g this privileged
EXEC command:
Switch# show running-config
Building configuration...
Current configuration : 2010 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 3400-3
!
enable password cisco
!
no aaa new-model
ip subnet-zero
no ip domain-lookup
!
table-map test
default copy
!
no file verify auto
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
3-10
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 3 Assigning the Switch IP Address and Default Ga teway
!
vlan 2,10
!
class-map match-all test1
class-map match-all class2
class-map match-all class1
!
!
policy-map test
class class1
police cir percent 30
policy-map test2
class class2
police cir 8500 bc 1500
policy-map test3
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
shutdown
!
interface FastEthernet0/3
shutdown
!
interface FastEthernet0/4
shutdown
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
Checking and Saving the Running Configuration
<output truncated>
interface GigabitEthernet0/1
port-type nni
!
interface GigabitEthernet0/2
port-type nni
!
interface Vlan1
no ip address
no ip route-cache
no ip mroute-cache
shutdown
!
interface Vlan10
ip address 192.168.1.76 255.255.255.0
!
ip default-gateway 192.168.1.3
no ip http server
ip classless
!
!
!
control-plane
!
!
line con 0
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
3-11
Modifying the Startup Configuration
session-timeout 120
exec-timeout 120 0
speed 115200
line vty 0 4
password cisco
no login
line vty 5 15
no login
!
!
end
T o store t he config uration o r changes you have made to your s tartup conf igurat ion in flas h memory , en ter
this privileged EXEC command:
Switch# copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
This command saves the configuration set ting s that you made. If you fail to do thi s, you r co nfigurati on
will be lost the next time you reload the system. To display information stored in the NVRAM section
of flash memory, use the show startup-config or more startup-config privileged EXEC command.
For more informati on abou t al tern ative loca tion s f rom wh ich to copy the c onfigurat ion file, see
Appendix B, “Working with the Cisco IOS Fil e Syst em, Configurat ion Fil es, and Sof tware Imag es . ”
Chapter 3 Assigning the Switch IP Address and Default Gateway
Modifying the Startup Configuration
These sections descri be how to modify the swi tch startup co nfigurati on:
• Default Boot Configuration, page 3-13
• Automatically Downloading a Configuration File, page 3-13
• Booting Manually, page 3-14
• Booting a Specific Software Image, page 3-14
• Controlling Environment Variables, page 3-15
See also Appendix B, “Working with the Cisco IOS File Syst em, Configurat ion Files , and So ftware
Images,” fo r informa tion about switch con figuration files.
3-12
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 3 Assigning the Switch IP Address and Default Ga teway
Modifying the Startup Configuration
Default Boot Configuration
Table 3-3 shows the defa ult bo ot c onfigura tion.
Table 3-3 Default Boot Configuration
Feature Default Setting
Operating system software image The switch attempts to automatically boot the system us ing informati on in the BOO T
environment variable. If the variable is not set, the switch attempts to load and
execute th e fi rst e xecuta ble im age it can b y perfo rming a r ecursi v e, de pth-f irst s earch
throughout the flash file system.
The Cisco IOS imag e is stor ed in a di rect ory th at ha s th e sam e na me as the image f ile
(excluding the .bin extension).
In a depth-first search of a di rector y, each encountered subdir ectory is co mplet ely
searched before continuing the search in the original directory.
Configuration file Configured switches use the config.text file stored on the system bo ard in flas h
memory.
A new switch has no configuration file.
Automatically Downloading a Configuration File
You can automatical ly download a configurat ion file to your switch by using the DHCP-base d
autoconfiguration feature. For more information, see the “Understanding DHCP-Based
Autoconfiguration” secti on on pa ge 3-3.
Specifying the Filename to Read and Write the System Configuration
By default, the Cisco IOS software uses the file config.text to read and write a nonvolatile copy of the
system configuration. However, you can specify a different filename, which will be loaded during the
next boot cycle.
Beginning in privileged EXEC mode, follow these steps to specify a different configuration filename:
Command Purpose
Step 1
Step 2
configure terminal Enter glob al co nfigurat ion mo de .
boot config-file flash:/file-url Specify the configurati on file to load dur ing the next boot cycle.
For file-url, specify the path (directory) and the configuration
filename.
Step 3
Step 4
Step 5
78-17058-01
Filenames and dire ctor y name s are ca se sensi tive.
end Return to privileged EXEC mode.
show boot Verify your entries.
The boot config-file global c onfigurati on com ma nd chan ge s the
setting of the CONFIG_FILE environment variable.
copy running-config startup-config (Optional) Save your entries in the configuration file.
To return to the default setting, use the no boot config-file global configuration command.
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
3-13
Modifying the Startup Configuration
Booting Manually
By default, the switch automatical ly boots; however, you can configure it to manually boot.
Beginning in privileged EXEC mode, follow these steps to configure the switch to manually boot during
the next boot cycle:
Command Purpose
Step 1
Step 2
Step 3
Step 4
configure terminal Enter global configurati on mode .
boot manual Enable the sw itch t o m anu al ly bo ot d uri n g the next bo ot cycle.
end Return to privileged EXEC mode.
show boot Verify your entries.
Chapter 3 Assigning the Switch IP Address and Default Gateway
The boot manual global command changes the setting of the
MANUAL_BOOT environment variable.
The next time you reboot the system, the switch is in boot loader
mode, shown by the switch: prompt. To boot the system, use the
boot filesystem:/file-url boot loader command.
Step 5
copy running-config startup-config (Optional) Save your entries in the configuration file.
To disab le ma nual boot ing, u se the no boot manual gl obal configura tio n com mand .
Booting a Specific Software Image
By default, the switch attempts to automatically boot the system using information in the BOOT
environment variable. If this variable is not set, the switch attempts to load and execute the first
executabl e i mage it can b y per for ming a r ecur si v e , de pt h-f ir st search t hroug hout the fla sh f ile s yst em. In
a depth-first search of a dire cto ry, each encountered subdi rect ory is co mplet ely sear ched before
continuing the search in the original directory. However, you can specify a specific image to boot.
Beginning in privileged EXEC mode, follow these steps to configure the switch to boot a specific image
during the next boot cycle:
Command Purpose
Step 1
Step 2
configure terminal Enter glob al configurat ion mode.
boot system filesystem:/file-url Configure the switch to boot a specific image in flash memory during the
next boot cycle.
• For filesystem:, use flash: for the system board flash device.
• For file-url, specify the path (directory) and the name of the
bootable imag e.
Filenames and dire ctor y name s are ca se sensi tive.
3-14
• For filesystem:, use flash: for the system board flash device.
• For file-ur l, specify the path (directory) and the name of the bootable
image.
Filenames and directory names are case sensitive.
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 3 Assigning the Switch IP Address and Default Ga teway
Command Purpose
Step 3
Step 4
end Return to privileged EXEC mode.
show boot Verify your entries.
The boot system glo bal co mman d chang es the settin g of the B OOT
environment variable.
During the next boot cycle, the switch attempts to automatically boot the
system using information in the BOOT environment variable.
Step 5
copy running-config startup-config (Optional) Save your entries in the configuration file.
To return to the default setting, use the no boot system global configurat ion c omma nd.
Controlling Environment Variables
With a normally operat ing swi tch, y ou e nter the b oot l oader m ode onl y thro ugh a sw it ch c onso le
connection configured for 9600 bps. Unplug and then reconnect the switch power cord. After the switch
performs POST, the switch begins the autoboot process. The boo t loader pro mpts the user fo r a break
key character d uring th e b oot -up seq ue nce, as s hown i n th is exam pl e:
***** The system will autoboot in 5 seconds *****
Modifying the Startup Configuration
Send a break key to prevent autobooting.
The break key character is different for each operating system.
• On a SUN work statio n runn i ng UNI X, C tr l-C is the b reak key.
• On a PC running Windows 2000, Ctrl -B reak is th e brea k key.
Cisco TAC has tabulated break keys for most common operating systems and provided an alternative
break key sequence for termin al emu lators tha t do not suppo rt the bre ak keys. To view this table, see:
http://www.cisco.com/warp/public/701/61.html#how-to
When you enter the brea k key, the boot loader switch: prompt appears.
The switch boot loader software provides support for nonvolatile environment variables, which can be
used to control how the boot loade r, or any other software runni ng on the sys tem, be haves. Boot loade r
environment variables are similar to environment variables that can be set on UNIX or DOS systems.
Environment variables that have values are stored in flash memory outside of the flash file system.
Each line in these files cont a ins an environmen t variab le na me a nd a n equa l si gn f ollowed by th e value
of the variable. A v ar iable has no v a lu e if it is not listed in this file; it has a value if it is listed in the file
even if the value is a null string. A variable that is set to a null strin g (for e xamp le, “ ”) is a va riab le with
a value. Many environment variables are predefined and have default values.
Environment variables store two kinds of data :
• Data that controls code, which does not read the Cisco IOS conf iguration f ile. For e xample, the name
of a boot loader helper file, which extends or patches the functionality of the boot loader can be
stored as an environment variable.
78-17058-01
• Data that controls code, which is responsible for reading the Cisco IOS configuration file. For
example, the na me o f th e Ci sco I OS configur ati on file ca n be st ored a s a n environment vari able .
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
3-15
Chapter 3 Assigning the Switch IP Address and Default Gateway
Scheduling a Reload of the Softw are Image
You can change the settings of the environment variables by accessing the boot loader or by using Cisco
IOS commands. Under normal circumstances, it is not necessary to alter the setting of the environment
variables.
Note For complete syntax and usage information for the boot loader commands and environment variables,
see the command refe renc e for this re lease .
Table 3-4 descri bes the fu nction of the mos t common environme nt variables.
Table 3-4 Environment Variables
Variable Boot Loader Command Cisco IOS Global Configuration Command
BOOT set BOOT filesystem:/file-url ...
boot system filesystem:/file-url ...
A semicolon-separated list of executable files to
try to load and execute when automatically
booting. If the BOO T en vironment v ariable is not
set, the system attempts to load and execute the
first executable image it can find by using a
recursive, depth-first search through the flash file
system. If the BOOT variable is set but the
specified images cann ot be load ed , the sy stem
attempts to boot the first bootable file that it can
find in the flash file system.
MANUAL_BOOT set MANUAL_BOOT yes
Decides whether the switch automatically or
manually boots.
Valid values are 1, yes, 0, a nd no. I f it is set to no
or 0, the boot loader attempts to automatically
boot the system. If it is set to anything else, you
must manually boot the switch from the boot
loader mode .
CONFIG_FILE set CONFIG_FILE flash:/file-url
Changes the filename that Cisco IOS uses to read
and write a nonvolatile copy of the syst em
configuration.
Specifies the Cisco IOS image to load during the
next boot cycle. T his co mm and c ha ng es the
setting of the BOOT environment variable.
boot manual
Enables manually boo ting the sw itch durin g the
next boot cycle and changes the sett ing of the
MANUAL_BOOT environment variable.
The next time you reboot the system, the switch is
in boot loader mode. To boot the system, use the
boot flash:filesystem:/file-url boot loader
command, and specify th e name of th e bootab le
image.
boot config-file flash:/file-url
Specifies the f ilename that C isco IOS uses to rea d
and write a nonvolatile copy of the system
configuration. This comm and chan ges the
CONFIG_FILE environment variable.
Scheduling a Reload of the Software Image
You can schedule a reload of the softw ar e i mage to occur on the switch at a later time (for e xample, late
at night or during the weeken d when the switch is used less), or you can synchro nize a rel oad
network-wide (for example , to perfor m a software upgr ade on all switches in the network) .
Note A scheduled reload m ust t ake plac e w ithi n app rox ima tely 24 days.
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
3-16
78-17058-01
Chapter 3 Assigning the Switch IP Address and Default Ga teway
Configuring a Sche duled Relo ad
To configure your switch to reload the software image at a later time, use one of these commands in
privileged EXEC mode:
• reload in [hh:]mm [text]
This command schedules a reload of the software to take af fect in the specif ied minutes or hours and
minutes. The reload must take place within approximately 24 days. You can specify the reason for
the reload in a string up to 255 ch arac ters in length.
• reload at hh:mm [month day | day month] [text]
This command schedule s a reload of the sof tware to tak e place at the specif ied time (using a 24-hou r
clock). If you specify the month and day, the reload is scheduled to take place at the specified time
and date. If you do not specify the month an d day, the reload takes place at the specified time on the
current day (if the specified time is later than the current time) or on the next day (if the specified
time is earlier than the current time). Specifying 00:00 schedules the reload for midnight.
Note Use the at keyword only if the switch syste m c lock has been se t ( throu gh Network Time
Protocol (NTP), the hardware calendar, or manually). The time is relative to the configured
time zone on the switch. To schedule reloads across several switches to occur
simultaneously, the time on each switch must be synchronized with NTP.
Scheduling a Reload of the Software Image
The reload command halts the system. If the system is not set to manually boot, it reb oots itself. Use the
reload command after you save the switch configuration information to the startup configuration (copy
running-config startup-config).
If your switch is configured for manua l booting, do not relo ad it from a virtual terminal. This restri ction
prevents the switch from entering the boot loader mode and thereby taking it from the remote user’s
control.
If you modify your configuration file, the switch prompts you to save the configuration before reloading.
During the save operation, the system r eque sts whe the r you wa nt to pr ocee d with t he save if the
CONFIG_FILE environment variable points to a startup configuration file that no longer exists. If you
proceed in this situation , the syste m enters setup mode up on reload.
This example shows how to reload the software on the switch on th e curren t day at 7:30 p. m:
Switch# reload at 19:30
Reload scheduled for 19:30:00 UTC Wed Jun 5 1996 (in 2 hours and 25 minutes)
Proceed with reload? [confirm]
This example shows how to reload the software on the switch at a future time:
Switch# reload at 02:00 jun 20
Reload scheduled for 02:00:00 UTC Thu Jun 20 1996 (in 344 hours and 53 minutes)
Proceed with reload? [confirm]
To cancel a previously scheduled reload, use the reload cancel privileged EXEC command .
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
3-17
Scheduling a Reload of the Softw are Image
Displaying Scheduled Reload Information
T o display information about a previously scheduled reload or to find out if a reload has been scheduled
on the switch, use the show reload privileged EXEC command.
It displays reload information including the time the reload is scheduled to occur and the reason for the
reload (if it was specified when the reload was scheduled).
Chapter 3 Assigning the Switch IP Address and Default Gateway
3-18
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
CHAPTER
4
Configuring Cisco IOS CNS Agents
This chapter describes how to configure the Cisco IOS CNS agents on the Cisco ME 3400 switch.
Note For complete confi guration informatio n for the Cisco Conf ig uration En gine, see th is URL on Cisco.com
http://www.cisco.com/en/US/products/sw/netmgtsw/ps4617/tsd_products_support_series_home.html
This chapter consists of these sections:
• Understanding Cisco Con figuration En gine Soft ware, p age 4-1
• Understanding Cisco IOS Agen ts, pag e 4-5
• Configuring Cisco IOS Agents, page 4-6
• Displaying CNS Configuration, page 4-12
Understanding Cisco Configurati on Engine Software
The Cisco Configuration Engine is network man agemen t software that a cts as a configurati on service
for automating the deployment and management of network devices and services (see Figure 4-1). Each
Configuration Engine manages a group of Cisco devices (switches and routers) and the services that they
deliver, storing their configurations and delivering them as needed. The Configuration Engine automates
initial configuratio ns and c on figurat ion upd ate s by ge nera ti ng device-spe cific co nfigurati on cha nge s,
sending them to the device, executing the configura tion chang e, and logg ing the resul ts.
The Configuration Eng ine suppor ts standa lone and se rver mo de s and ha s th ese CNS c omp onent s:
• Configuration service (we b server, file manager, and namespace mapping server)
• Event service (event gateway)
• Data service directory (data models and schema)
In standalone mode , t he C onfigur ation E ngine support s an emb ed ded D ire cto ry Servic e. In th is m ode ,
no external directory or other da ta sto re is re quire d. In server mode, th e Con figurati on Engi ne suppor ts
the use of a user-defined external directory.
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
4-1
Understanding Cisco Config urat ion Engine Software
Figure 4-1 Configuration Engine Architectural Overview
Service provider network
Chapter4 Configuring Cisco IOS CNS Agents
Configuration
engine
Data service
directory
Configuration server
Event service
Web-based
user interface
Order entry
configuration management
These sections co ntai n this co ncept ual infor mati on:
• Configuration Service, pa ge 4-2
• Event Service, page 4-3
• What You Should Know About the CNS IDs and Device Hostnames, pa ge 4-3
141327
Configuration Service
The Configuration Service is t he core co mponen t of the Cisc o Configuration Engine. It consists of a
configuration server that works with Cisco IOS CNS agents on the switch. The Configuration Service
delivers device and service configurations to the switch for initial configuration and mass
reconfiguration by logical groups . Switc hes receive their initia l configurati on from the Configuration
Service when they start up on the network for the first time.
The Configuration Serv ice u ses th e CNS Event Service to send and receiv e co nfiguration change events
and to send success and failure notifications.
The configuration server is a we b server that u ses configurati on templ ates and th e device-spe cific
configuration information stored in the embedded (standalone mode) or remote (server mode) directory.
Configuration templates are text files containing static configuration information in the form of CLI
commands. In the templates, variables are specified using lightweight directory access protocol (LDAP)
URLs that reference the device-specific configuration information stored in a directory.
The Cisco IOS agent can perform a syntax check on received configuration files and publish events to
show the success or failure of the syntax check. The configuration agent can either apply configurations
immediately or delay the application until receipt of a synchronization event from the configuration
server.
4-2
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 4 Conf igu ri ng Ci sco IOS CNS Agents
Event Service
The Cisco Configurati on E ngine uses the Event Serv ice for re ceipt and g en erat ion of con figurati on
events. The event agent is on the switch and facilitates the communication between the switch and the
event gateway on the Configuration Engi n e.
The Event Service is a highly capabl e publish-a nd-subscrib e communicatio n method. The Ev ent Service
uses subject-based addr essing to se nd me ssage s to the ir d estinat ions. Sub jec t-ba sed ad dressing
conventions define a simple, uniform namespace for me ssages and the ir destina tions.
NameSpace Mapper
The Configuration Engine includes the N ameSpac e Mappe r (NSM) that provides a look up servic e for
managing logical group s of d evices b ased on ap pl icat ion, d evice or g roup I D , an d event.
Cisco IOS devices recognize on ly event subject -nam es tha t ma tch t hose configure d in Cisco I O S
software; for example, ci sco.c ns. config.loa d. You can use the namespace m appi ng ser vi ce to de signa te
events by using any desired naming c onvention. When you have pop ulat ed you r d ata st ore wi th y our
subject names, NSM change s y our event subjec t-na me strings t o th ose k nown by Cisco IOS.
For a subscrib er, when give n a uni que device ID and ev ent, th e names pace mapp ing se rvice re turn s a set
of events to which to subscribe. Similarly, for a publisher, when given a unique group ID, device ID, and
event, the mapping service r etur ns a set of events on whi ch t o pu bl ish.
Understanding Cisco Configuration Engine Software
What You Should Know About the CNS IDs and Device Hostnames
The Cisco Configurati on Engi ne assu me s th at a uniqu e ide ntifier is a ssoci ate d wi th ea ch c on figured
switch. This unique identifier can take on multiple synonyms, where each synonym is unique within a
particular namespace. The event service uses namespace content for subject-based addressing of
messages.
The Configuration Engine intersects two namesp aces, one for the event bus and the other for th e
configuration server. Within the scope of the configuration server namespace, the term ConfigID is the
unique identifier for a device. Within the scope of the event bus namespace, the term DeviceID is the
CNS unique iden tifier f or a device.
Because the Configuration Eng ine uses both t he event bus and the configuration server to provide
configurations to devices, you must define both Co nfigID and Device ID for eac h configured switc h.
Within the scope of a single instance of the configuration server, no two configured switches can share
the same value for ConfigID. Within the scope of a single instance of the event bus, no two configured
switches can share the same value for DeviceID.
ConfigID
Each configured switch ha s a u ni que ConfigID, w h ich serves a s th e key into t he C onfigurat ion E ngin e
directory for the corr espond ing set of switc h CLI attributes. The ConfigID defined on the swit ch must
match the ConfigID for the corresponding switch definition on the Configuration Engine.
The ConfigID is fixed at startup time and cannot be changed until the device restarts, even if the switch
hostname is reconfigured.
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
4-3
Understanding Cisco Config urat ion Engine Software
DeviceID
Each configured switch participating on the event bus has a unique DeviceID, which is analogous to the
switch source address so that the switch can be tar geted as a specif ic destin ation on the b us. All switches
configured with the cns config partial global configuration command must access the event bus.
Therefore, the DeviceID, as originated on the switch, must match the DeviceID of the corresponding
switch definition in the Configuration Engine .
The origin of the DeviceID is defined by the Cisco IOS hostname of the switch. However, the DeviceID
variable and its usage reside within the event gateway adjacent to the switch.
The logical Cisco IOS termination point on the event bus is embedded in the event gateway, which in
turn functions as a proxy on behalf of the switch. The event gateway represents the switch and its
corresponding DeviceID to th e event bus.
The switch declares its hostname to the event gateway immediately after the successful connection to
the event gateway. The event gateway couples the DeviceID value to the Cisco IOS hostname each time
this connection is established. The event gateway caches this DeviceID value for the duration of its
connection to the switch.
Hostname and DeviceID
Chapter4 Configuring Cisco IOS CNS Agents
The DeviceID is fixed at the time of the connection to the event gateway and does not change even when
the switch hostname is reconfigured.
When changing th e switch hostname on the switch, the on ly w ay to r ef re s h the DeviceID is to break th e
connection between the switch and the event gateway. Enter the no cns event global configura tio n
command followed by the cns event global configurati on comman d.
When the connection is re-e stablished, the swit ch sends its modif ied hostname to th e e vent gat ew ay. The
event gateway redefines the DeviceID to the new value.
Caution When using the Configuration Engin e use r inter face, yo u must first set the DeviceI D field to t he
hostname value that the switch acquires after–not befo re–you use th e cns config initial global
configuration comm and at the switch. Otherwise, subsequent cns config partial global configuration
command opera tio ns mal funct ion.
Using Hostname, DeviceID, and ConfigID
In standalone mode , whe n a host n ame value i s se t f or a sw itch , the co nfigurat ion server use s th e
hostname as the DeviceID when an event is sent on hostname. If the hostname has not been set, the event
is sent on the cn=<value> of the device.
In server mode, the hostname is not used. In this mode, the unique DeviceID attribute is always used for
sending an event on the bus. If t his att ribute i s n ot se t, you ca nnot upd ate the swit ch.
These and other associated attributes (tag value pairs) are set when you run Setup on the Configuration
Engine.
4-4
Note For more information abou t runnin g the setup progra m on the Configurat ion Engi ne, see th e
Configuration Engine setup an d configuration gui de at thi s URL on cisco .com:
http://www.cisco.com/en/US/pro ducts/sw/netmgtsw/ps461 7/products_insta llation_and_con figuration_
guide_book09186a00 803b59d b.html
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 4 Conf igu ri ng Ci sco IOS CNS Agents
Understanding Cisco IOS Agents
The CNS event agent feature allows the switch to publish and subscribe to events on the event bus and
works with the Cisco IOS agent. The Cisco IO S agent feature supports the sw itch by providing these
features:
• Initial Configuration, page 4-5
• Incremental (Par tial) Configu ratio n, page 4-6
• Synchronized Configurati on, pa ge 4- 6
Initial Configuration
When the switch first comes up, it attempts to get an IP address by broadcasting a DHCP request on the
network. Assuming there is no DHCP server on the subnet, the distribution switch acts as a DHCP relay
agent and forwards the request to the DHCP server. Upon receiving the request, the DHCP server assigns
an IP address to the new switch and includes the TFTP server IP address, the path to the bootstrap
configuration file, and the default gateway IP address in a unic ast reply t o the DHCP relay agent. Th e
DHCP relay agent forwar ds the repl y to the swit ch.
Understanding Cisco IOS Agents
The switch automatically configures the assigned IP address on interface VLAN 1 (the default) and
downloads the bootstra p c onfigurat ion file from t he T FTP server. Upon succe ssful download of the
bootstrap configuration file, the switch loads the file in its running configuration.
The Cisco IOS agents initiate communication with the Configuration Engine by using the appropriate
ConfigID and EventID. The Configuration Engine maps the Config ID to a template and downloads the
full configuration file to the switch.
Figure 4-2 shows a sample network configuration for retrieving the initial bootstrap configuration file
by using DHCP-based autoconfigurati on.
Figure 4-2 Initial Configuration Ov ervi ew
TFTP
server
Configuration
Engine
Access layer
V
switches
WAN
DHCP
server
DHCP relay agent
default gatewayDistribution layer
141328
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
4-5
Configuring Cisco IOS Agents
Incremental (Partial) Configuration
After the network is r unn in g, new serv ice s c an b e ad ded by us ing the Cisc o IOS a ge nt. In crem en tal
(partial) configurati ons can be sent to the switch. The actual configurati on can be sent as an event
payload by way of the event gateway (push operation) or as a signal event that triggers the switch to
initiate a pull operation.
The switch can check t he syntax of the co nfiguration be fore applyi ng it. If the syntax is c orrec t, the
switch applies the incremental configuration and publishes an event that signals success to the
configuration server. If the switch does not apply the incremental configuration, it publishes an event
showing an error status. When the switch has applied the incremental configuration, it can write it to
NVRAM or wait until signaled to do so.
Synchronized Configuration
When the switch receives a configuration, it can def er app lica tio n of the c onfiguration upon receipt of a
write-signal event. The write-signal event tells the switch not to save the updated configuration into its
NVRAM. The switch uses the updated configuration as its running configuration. This ensures that the
switch configuration i s sy nchro ni zed wi th o ther net work a ct ivities before s aving th e c onfiguration in
NVRAM for use at the next reboot.
Chapter4 Configuring Cisco IOS CNS Agents
Configuring Cisco IOS Agents
The Cisco IOS agents embedded in th e swit ch Cisco IO S softw a re allow the switch to be connected and
automatically configured as described in the “Enabling Automated CNS Configuration” section on
page 4-6. If you want to chan ge the con figuration or in stall a cu stom configurat ion, see these sect ions
for instructions:
• Enabling th e C NS E vent A ge nt , page 4 -8
• Enabling the Cisco IOS CNS Agent, page 4-9
Enabling Automated CNS Configuration
To enable automated CNS configuration of the switch, you must first complete the prerequisites in
Table 4-1. When you complete them, power on the switch. At the setup prompt, do nothing: The switch
begins the initial c onfigur ation as descr ibed in the “I nitial Conf iguration ” section on p age 4-5. When the
full configuration file is l oade d o n y our sw it ch, you nee d to do n othi ng e lse.
4-6
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 4 Conf igu ri ng Ci sco IOS CNS Agents
Table 4-1 Prerequisites for Enabling Automatic Configuration
Device Required Configuration
Access switch Factory default (no configuration file)
Distribution switch
DHCP server
TFTP server
CNS Configuration Engine One or more templates for each type of device, with the ConfigID
Configuring Cisco IOS Agents
• IP helper address
• Enable DHCP relay agent
• IP routing (if used as default gateway)
• IP address assignment
• TFTP server IP address
• Path to bootstrap configuration file on the TFTP server
• Default gateway IP address
• A bootstrap configuration file that includes the CNS
configuration comm ands that en able the sw itch to
communicate with the Configuration Engine
• The switch configured to use either the switch MAC address
or the serial number (instead of th e default hostna me) to
generate the ConfigID and EventID
• The CNS ev ent agent conf igured to pu sh the config uration f ile
to the switch
of the device mapped to the templ ate.
Note For more information about running the setup program and creating templates on the Configuration
Engine, see the Cisco C onfiguration En gine Inst allat ion and S etup G uide, 1. 5 for Lin ux at this URL:
http://www.cisco.com/en/US/pro ducts/sw/netmgtsw/ps461 7/products_insta llation_and_con figuration_
guide_book09186a00 803b59d b.html
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
4-7
Configuring Cisco IOS Agents
Enabling the CNS Event Agent
Note You must enable the CNS event agent on the switch before you enable the CNS configuration agent.
Beginning in privileged EXEC mode, follow these steps to enable the CNS event agent on the switch:
Command Purpose
Step 1
Step 2
configure terminal Enter global configurati on mode.
cns event {ip-address | hostname} [port-number]
[backup] [init-retry retry-count] [keepal iv e seconds
retry-count] [source ip-add ress]
Chapter4 Configuring Cisco IOS CNS Agents
Enable the event agent, and enter the gatew a y par amete rs.
• For { ip- add ress | hostname}, en ter e i th er t he
IP address or the hostname of t he event gateway.
• (Optional) For port number, enter the port number for
the event gateway. The default port number is 11011 .
• (Optional) Enter backup to show that this is the
backup gateway. (If omitted, this is the primary
gateway.)
Step 3
Step 4
Step 5
Step 6
• (Optional) For init-retry retry-count, enter th e
number of initial retries before switching to backup.
The default is 3.
• (Optional) For keepa l ive seconds, enter how often the
switch sends keepalive messages. For retry-count,
enter the numb er of u na nsw ered kee pa live mess age s
that the switch sends before the connect ion is
terminated. The default for each is 0.
• (Optional) For source ip-address, ente r the so urc e I P
address of this device.
Note Though vi sible in the com ma nd-l ine hel p string,
the encrypt and force-fmt1 keywords are not
supported.
end Return to privileged EXEC mode.
show cns event connections Verify information about the event agent.
show running-config Verify your ent ries.
copy running-config startup-config (Optional) Save your entries in the configur ation file.
To disable the CNS event agent, use the no cns event {ip-a ddress | hostname } glob al co nfiguration
command.
This example shows how to enable the CNS event agent, set the IP address gateway to 10.180.1.27, set
120 seconds as the keepalive interval, and set 10 as the retry count.
Switch(config)# cns event 10.180.1.27 keepalive 120 10
4-8
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 4 Conf igu ri ng Ci sco IOS CNS Agents
Enabling the Cisco IOS CNS Agent
After enabling the CNS event agent, start the Cisco IOS CNS agent on the switch. You can enable the
Cisco IOS agent with these commands:
• The cns config initial global configuration command enables the Cisco IOS agent and initiates an
initial configuration on the switch.
• The cns config partial global configuration command enables the Cisco IOS agent and initiates a
partial configuration on the switch. You can then use the Configuration Engine to remo tely send
incremental configurations to the switch.
Enabling an Initial Configuration
Beginning in privileged EXEC mode, follow these steps to enable the CNS configuration agent and
initiate an initial configuration on the switch:
Command Purpose
Step 1
Step 2
configure terminal Enter global configuration mode.
cns config connect-intf interface-prefix
[ping-interval seconds] [retries num]
Configuring Cisco IOS Agents
Enter the connect-inte rface-c onfig submode, and spe cify
the interface for connecting to the Configuration Engine.
• Enter the interface-prefix for the con necting interface.
You m ust specify the interface type but need not
specify the interface number.
Step 3
Step 4
Step 5
Step 6
• (Optional) For ping-interval seconds, enter the
interval between successive ping attempts. The range
is 1 to 30 seconds. The default is 10 seco nds.
• (Optional) For retries num, enter the n um ber o f pi ng
retries. The range is 1 to 30. The default is 5.
config-cli
or
line-cl i
Enter config-cli to connect to the Co nfigurati on En gi ne
through the inte rface defined i n cns config connect-intf.
Enter line-cli to connect to the Configurat ion Engi ne
through modem d ialup l ine s.
Note The config-cli interface configuration command
accepts the spec ial cha rac ter & that acts as a
placeholder for the in terface name . When the
configuration is applied, the & is replaced with the
interface name. For example, to connect through
FastEthernet0/1, the command
route 0.0.0.0 0.0.0.0 &
ip route 0.0.0.0 0.0.0.0 F ast Eth ernet0/ 1.
config-cli ip
generates the comman d
exit Return to global configuration mode.
hostname name Enter the hostname for the switch.
ip route network -number Establish a static route to the Configuration Engine whose
IP address is network-number.
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
4-9
Configuring Cisco IOS Agents
Command Purpose
Step 7
cns id inte rface num {dns-reverse | ipaddress |
mac-address} [event]
or
cns id {hardware-serial | hostname | string string}
[event]
Step 8
cns config initial {ip-address | hostname}
[port-number] [event] [no-persist] [pag e page]
[source ip-address] [syntax-check]
Chapter4 Configuring Cisco IOS CNS Agents
Set the unique Even tID or Co nfigID use d by the
Configuration Engine.
• For interface num, enter the type of interface–for
example, Ethernet, Gr oup -Asyn c, L oop ba ck, or
Virtual-Template. This setting specifies from which
interface the IP or MAC address should be retrieved to
define the unique ID.
• For { dns- reverse | ipaddress | mac-address} enter
dns-reverse to retrieve the hostname and assign it as
the unique ID, enter ipaddress to use the IP address, or
enter mac-address to use the MAC address as the
unique ID.
• (Optional) Enter event to set the ID to be the event-id
value used to identify the switch.
• For { hardware-serial | hostname| string string},
enter hardware-serial to set the switch serial number
as the unique ID, enter hostname (the default) to select
the switch host nam e as the unique ID, or en ter an
arbitrary text string for string string as the uniqu e ID.
Enable the Cisco IOS agent, and initiate an initial
configuration.
• For { ip- add ress | hostname}, enter the IP a ddr ess or
the hostname of the con figurat ion ser ver.
Step 9
• (Optional) For port-number, enter the port num ber of
the configuration server. The default port number is 80.
• (Optional) Enable event for configuration success,
failure, or warning messages when the conf iguration is
finished.
• (Optional) Enable no-persist to suppress the
automatic writing to NVRAM of the configuration
pulled as a result of entering the cns config initial
global configuration command. If the no-persist
keyword is not entered, using the cns config initial
command causes the resultant configuration to be
automatically written to NVRAM.
• (Optional) For page page, enter the web pa ge o f th e
initial configurati on. The default is /Config/conf ig/asp.
• (Optional) Enter source ip-address to use for source IP
address.
• (Optional) Enable syntax-check to check the syntax
when this parameter is entered.
Note Though vi sible in the com ma nd-l ine hel p string,
the encrypt keyword is not supported.
end Return to privileged EXEC mode.
4-10
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 4 Conf igu ri ng Ci sco IOS CNS Agents
Command Purpose
Step 10
Step 11
show cns config connections Verify information about the configuration agent.
show running-config Verify your ent ries.
To disab le th e CNS Cisco IO S ag ent, us e the no cns config initial {ip-address | hostname} global
configuration comma nd.
This example shows how to configure an initial conf iguration on a remote switch. The switch hostname
is the unique ID . The Ci sco C onfigurat ion Engi n e IP a dd ress i s 172.28 .12 9. 22.
Switch(config)# cns config connect-intf serial ping-interval 1 retries 1
Switch(config-cns-conn-if)# config-cli ip address negotiated
Switch(config-cns-conn-if)# config-cli encapsulation ppp
Switch(config-cns-conn-if)# config-cli ip directed-broadcast
Switch(config-cns-conn-if)# config-cli no keepalive
Switch(config-cns-conn-if)# config-cli no shutdown
Switch(config-cns-conn-if)# exit
Switch(config)# hostname RemoteSwitch
RemoteSwitch(config)# ip route 10.1.1.1 255.255.255.255 11.11.11.1
RemoteSwitch(config)# cns id Ethernet 0 ipaddress
RemoteSwitch(config)# cns config initial 10.1.1.1 no-persist
Configuring Cisco IOS Agents
Enabling a Partial Configuration
Beginning in privileged EXEC mode, follow these steps to enable the Cisco IOS agent and to initiate a
partial configuration on the switch:
Command Purpose
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
configure terminal Enter global configuration mode.
cns config parti al {i p-add ress | hostname}
[port-number] [source ip-address]
end Return to privileged EXEC mode.
show cns config stats
or
show cns config outstanding
show running-config Verify your ent ries.
copy running-config startup-config (Optional) Save your entries in the configuration file.
Enable the configuration agent, and initiate a partial
configuration.
• For { ip- add ress | hostname}, enter the IP a ddr ess or
the hostname of the con figurat ion ser ver.
• (Optional) For port-number, enter the port num ber of
the configuration server. The default port number is 80.
• (Optional) Enter source ip- address to use for the
source IP address.
Note Though vi sible in the com ma nd-l ine hel p string,
the encrypt keyword is not supported.
Verify information about the configuration agent.
78-17058-01
To disable the Cisco IOS agent, use the no cns config partial {ip-address | hostname} global
configuration comm and. To cancel a partial c onfigura tio n, use th e cn s co nfig cance l p rivileged EXEC
command.
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
4-11
Displaying CNS Configuration
Displaying CNS Configuration
You can use the privileged EXEC command s in Table 4-2 to display CN S configura tion in for mat ion.
Table 4-2 Displaying CNS Configuration
Command Purpose
show cns config connections Displays the status of the CNS Cisco IOS agent connections.
show cns config outstanding Displays information about incremental (partial) CNS
configurations that have started but are not yet completed.
show cns config stats Displays statistics about the Cisco IOS agent.
show cns event connections Displays the status of the CNS event agent connections.
show cns event stats Displays statistics about the CNS event agent.
show cns event subject Displays a list of event a ge nt s u bjec t s t h at ar e subs cr ib ed t o by
applications.
Chapter4 Configuring Cisco IOS CNS Agents
4-12
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 4 Conf igu ri ng Ci sco IOS CNS Agents
Displaying CNS Configuration
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
4-13
Administering the Switch
This chapter describes how to perform one -time ope rations to adm inister the Cisco ME 340 0 Ethernet
Access switch.
This chapter consists of these sections:
• Managing the System Time and Da te, page 5-1
• Configuring a System Name and Pro mpt, page 5-1 4
• Creating a Banner, page 5-17
• Managing the MAC Address Table, page 5-19
• Managing the AR P Table, page 5-28
Managing the System Time and Date
CHAPTER
5
You can manage the sy stem ti me and d ate o n y our swi tch usin g aut o matic con figurat ion, such a s the
Network Time Protocol (NTP), or manual configur ation met hods.
Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS
Configuration Fundamental s Command Re ference, Release 12 .2.
These sections contai n this co nfigurati on inform ation:
• Understanding the System C lock , pa ge 5-2
• Understanding Net work Time Protoc ol, page 5- 2
• Configuring NTP, page 5-4
• Configuring Time and Date Ma nual ly, page 5-11
78-17058-01
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
5-1
Managing the System Ti m e and Date
Understanding the System Clock
The heart of the time service is the system clock. This clock runs from the moment the system starts up
and keeps track of the date a nd time.
The system clock can then be set from these sources:
• NTP
• Manual configuration
The system clock can provide time to these services:
• User show commands
• Logging and debugging m e ssag es
The system clock keeps track of time intern ally ba sed on Universal Time Coordinated (UT C), also
known as Greenwich Mean Time (GMT). You can configure information about the loca l tim e z one a nd
summer time (daylight saving time) so that the time appears correctly for the local time zone.
The system clock keeps track of whether the time is authoritative or not (that is, whether it has been set
by a time source considered to be authoritative). If it is not authoritative, the time is available only for
display purposes and is not redistributed . For config uration infor mation, see th e “Conf i gu ring Time and
Date Manually” se ction on pa ge 5-11.
Chapter 5 Administering the Switch
Understanding Network Time Protocol
The NTP is designed to time-synchronize a network of devices. NTP runs over User Datagram Protocol
(UDP), which runs over IP. NTP is docu mented in RFC 13 05.
An NTP network us ual ly g ets its tim e fr om a n au th orit ative time sour ce, such as a r adio cl ock o r an
atomic clock attached to a time server. NTP then distributes this time across the network. NTP is
extremely efficient; no more than on e packet per mi nute is necessary to syn chron ize two devices to
within a millis eco nd of one an ot her.
NTP uses the concept of a stratum to describe how many NT P hops awa y a d evice is fro m an
authoritative time source. A strat um 1 time ser ver has a radio or atomic clock dire ctly at tach ed, a
stratum 2 time server receives its time through NTP from a stratum 1 time server, and so on. A device
running NTP automatically chooses as its time source the device with the lowest stratum number with
which it communicates through NTP. This strategy effectively builds a self-organizing tree of NTP
speakers.
NTP avoids synchronizing to a device whose time might not be ac curate by never synchronizing to a
device that is not synchronized. NTP also compares the time reported by several devices and does not
synchronize to a device whose time is significantly different than the others, even if its stratum is lower.
The communication s betwee n devices running NTP (known as associations) are usually statically
configured; each device is given the IP address of all devices with which it should form associations.
Accurate timekeeping i s p ossible by exch angi ng NTP messa ges be tw een ea ch pa ir o f d evices wit h an
association. However, in a LAN environment, NTP ca n be c onfigure d to use IP b roa dca st m essage s
instead. This alternative reduces configuration complexity because each device can simply be configured
to send or receive broadcast messages. However, in that case, information flow is one-way only.
5-2
The time kept on a device is a critical resource; you should use the security features of NTP to avoid the
accidental or malicious se ttin g o f a n in co rrec t ti me. Two mechanisms are available: an access list-based
restriction sche me an d an encr ypted au then tica tion me chani sm.
Cisco ME 3400 EthernetAccess Switch Software Configuration Guide
78-17058-01
Chapter 5 Administering the Switch
Cisco’s implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio
or atomic clock. We recommend that the t ime service for your network be derived from the public NTP
servers available on the IP Internet.
Figure 5-1 shows a typical network example using NTP. Switch A is the NTP master, with Switches B,
C, and D configured in NTP server mode, in server association wit h Switch A. Switch E is configured
as an NTP peer to the upstream and downstream switches, Switch B and Switch F.
Figure 5 -1 Typical NTP Network Configuration
Local
workgroup
servers
Managing the System Time and Date
Switch A
Switch B
Switch E
Workstations
Switch F
Workstations
Switch C Switch D
101349
If the network is isolated from the Internet, Cisco’s implementation of NTP allows a device to act as if
it is synchronized through NTP, when in fact it has learned the time by using other means. Other devices
then synchronize to tha t d evice thr oug h NT P.
When multiple sources of time are available, NTP is always considered to be more authoritative. NTP
time overrides the time s et by any ot her me thod .
78-17058-01
Several manuf acturers include NTP software for their host systems, and a publicly available version for
systems running UNIX and its various derivatives is also available . This software allows host systems to
be time-synchroniz ed as we ll.
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
5-3
Loading...