IBM Cisco Systems Intelligent Gigabit Ethernet User Manual

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter

Software Configuration Guide

Cisco IOS Release 12.1(22)EA6

Note: Before using this information and the product it supports, read the general information in Appendix C, “Getting Help and Technical Assistance” and Appendix D,

“Notices.”

First Edition (October 2005)

US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

Preface xxiii

Audience xxiii

Purpose xxiii

Conventions xxiv

Related Publications xxv

CHAPTER

1 Overview 1-1

Features 1-1

Ease of Use and Ease of Deployment 1-1 Performance 1-1 Manageability 1-2 Redundancy 1-3 VLAN Support 1-4 Security 1-4 Quality of Service and Class of Service 1-5 Monitoring 1-5

Management Options 1-6

Management Interface Options 1-6

Network Configuration Examples 1-7

Where to Go Next 1-8

2 Using the Command-Line Interface 2-1

Cisco IOS Command Modes 2-1

Getting Help 2-3

24R9746

Abbreviating Commands 2-4

Using no and default Forms of Commands 2-4

Understanding CLI Messages 2-5

Using Command History 2-5

Changing the Command History Buffer Size 2-5 Recalling Commands 2-6 Disabling the Command History Feature 2-6

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

iii

Contents

Using Editing Features 2-6

Enabling and Disabling Editing Features 2-6 Editing Commands through Keystrokes 2-7 Editing Command Lines that Wrap 2-8

Searching and Filtering Output of show and more Commands 2-9

Accessing the CLI 2-9

CHAPTER

3 Assigning the Switch IP Address and Default Gateway 3-1

Understanding the Boot Process 3-1

Assigning Switch Information 3-2

Default Switch Information 3-2 Manually Assigning IP Information 3-3

Checking and Saving the Running Configuration 3-4

Modifying the Startup Configuration 3-6

Default Boot Configuration 3-7 Specifying the Filename to Read and Write the System Configuration 3-7 Booting a Specific Software Image 3-8 Controlling Environment Variables 3-8

Scheduling a Reload of the Software Image 3-11

Configuring a Scheduled Reload 3-11 Displaying Scheduled Reload Information 3-12

4 Administering the Switch 4-1

Managing the System Time and Date 4-1

Understanding the System Clock 4-1 Understanding Network Time Protocol 4-2 Configuring NTP 4-3

Default NTP Configuration 4-4 Configuring NTP Authentication 4-4 Configuring NTP Associations 4-5 Configuring NTP Broadcast Service 4-6 Configuring NTP Access Restrictions 4-7 Configuring the Source IP Address for NTP Packets 4-9 Displaying the NTP Configuration 4-10

Configuring Time and Date Manually 4-10

Setting the System Clock 4-10 Displaying the Time and Date Configuration 4-11 Configuring the Time Zone 4-11 Configuring Summer Time (Daylight Saving Time) 4-12

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

Configuring a System Name and Prompt 4-13

Default System Name and Prompt Configuration 4-14 Configuring a System Name 4-14 Understanding DNS 4-14

Default DNS Configuration 4-15 Setting Up DNS 4-15 Displaying the DNS Configuration 4-16

Creating a Banner 4-16

Default Banner Configuration 4-16 Configuring a Message-of-the-Day Login Banner 4-16 Configuring a Login Banner 4-18

Managing the MAC Address Table 4-18

Building the Address Table 4-19 MAC Addresses and VLANs 4-19 Default MAC Address Table Configuration 4-20 Changing the Address Aging Time 4-20 Removing Dynamic Address Entries 4-20 Configuring MAC Address Notification Traps 4-21 Adding and Removing Static Address Entries 4-23 Displaying Address Table Entries 4-24

Contents

CHAPTER

Managing the ARP Table 4-24

5 Configuring Switch-Based Authentication 5-1

Preventing Unauthorized Access to Your Switch 5-1

Protecting Access to Privileged EXEC Commands 5-2

Default Password and Privilege Level Configuration 5-2 Setting or Changing a Static Enable Password 5-3 Protecting Enable and Enable Secret Passwords with Encryption 5-4 Setting a Telnet Password for a Terminal Line 5-5 Configuring Username and Password Pairs 5-6 Configuring Multiple Privilege Levels 5-6

Setting the Privilege Level for a Command 5-7 Changing the Default Privilege Level for Lines 5-8 Logging into and Exiting a Privilege Level 5-8

Controlling Switch Access with TACACS+ 5-9

Understanding TACACS+ 5-9 TACACS+ Operation 5-11 Configuring TACACS+ 5-11

Default TACACS+ Configuration 5-12

24R9746

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

Contents

Identifying the TACACS+ Server Host and Setting the Authentication Key 5-12 Configuring TACACS+ Login Authentication 5-13 Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 5-15 Starting TACACS+ Accounting 5-16

Displaying the TACACS+ Configuration 5-16

Controlling Switch Access with RADIUS 5-16

Understanding RADIUS 5-17 RADIUS Operation 5-18 Configuring RADIUS 5-19

Default RADIUS Configuration 5-19 Identifying the RADIUS Server Host 5-19 Configuring RADIUS Login Authentication 5-22 Defining AAA Server Groups 5-24 Configuring RADIUS Authorization for User Privileged Access and Network Services 5-26 Starting RADIUS Accounting 5-27 Configuring Settings for All RADIUS Servers 5-28 Configuring the Switch to Use Vendor-Specific RADIUS Attributes 5-28 Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 5-29

Displaying the RADIUS Configuration 5-30

CHAPTER

Configuring the Switch for Local Authentication and Authorization 5-31

Configuring the Switch for Secure Shell 5-32

Understanding SSH 5-32

SSH Servers, Integrated Clients, and Supported Versions 5-32 Limitations 5-33

Configuring SSH 5-33

Configuration Guidelines 5-33 Cryptographic Software Image Guidelines 5-34 Setting Up the Switch to Run SSH 5-34 Configuring the SSH Server 5-35

Displaying the SSH Configuration and Status 5-36

6 Configuring IEEE 802.1x Port-Based Authentication 6-1

Understanding IEEE 802.1x Port-Based Authentication 6-1

Device Roles 6-2 Authentication Initiation and Message Exchange 6-3 Ports in Authorized and Unauthorized States 6-4 IEEE 802.1x Accounting 6-5 IEEE 802.1x Accounting Attribute-Value Pairs 6-5 IEEE 802.1x Host Mode 6-6

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

Using IEEE 802.1x with Port Security 6-7 Using IEEE 802.1x with Voice VLAN Ports 6-8 Using IEEE 802.1x with VLAN Assignment 6-8 Using IEEE 802.1x with Guest VLAN 6-9 Using IEEE 802.1x with Wake-on-LAN 6-10

Unidirectional State 6-10 Bidirectional State 6-10

Configuring IEEE 802.1x Authentication 6-11

Default IEEE 802.1x Configuration 6-11 IEEE 802.1x Configuration Guidelines 6-12 Enabling IEEE 802.1x Authentication 6-13 Configuring the Switch-to-RADIUS-Server Communication 6-14 Configuring IEEE 802.1x Authentication Using a RADIUS Server 6-16 Enabling Periodic Re-Authentication 6-16 Manually Re-Authenticating a Client Connected to a Port 6-17 Changing the Quiet Period 6-17 Changing the Switch-to-Client Retransmission Time 6-18 Setting the Switch-to-Client Frame-Retransmission Number 6-19 Configuring the Host Mode 6-20 Configuring a Guest VLAN 6-20 Resetting the IEEE 802.1x Configuration to the Default Values 6-22 Configuring IEEE 802.1x Authentication 6-22 Configuring IEEE 802.1x Accounting 6-24

Contents

CHAPTER

24R9746

Displaying IEEE 802.1x Statistics and Status 6-25

7 Configuring Interface Characteristics 7-1

Understanding Interface Types 7-1

Access Ports 7-2 Trunk Ports 7-2 Port-Based VLANs 7-3 EtherChannel Port Groups 7-3 Connecting Interfaces 7-4

Using the Interface Command 7-4

Procedures for Configuring Interfaces 7-5 Configuring a Range of Interfaces 7-6 Configuring and Using Interface-Range Macros 7-7

Configuring Ethernet Interfaces 7-9

Default Ethernet Interface Configuration 7-9 Configuring Interface Speed and Duplex Mode 7-10

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

vii

Contents

Configuration Guidelines 7-11 Setting the Interface Speed and Duplex Parameters 7-11

Adding a Description for an Interface 7-12

Monitoring and Maintaining the Interfaces 7-13

Monitoring Interface and Controller Status 7-13 Clearing and Resetting Interfaces and Counters 7-15 Shutting Down and Restarting the Interface 7-15

CHAPTER

8 Configuring Smartports Macros 8-1

Understanding Smartports Macros 8-1

Configuring Smartports Macros 8-2

Default Smartports Macro Configuration 8-2 Smartports Macro Configuration Guidelines 8-2 Creating Smartports Macros 8-4 Applying Smartports Macros 8-5 Applying Cisco-Default Smartports Macros 8-6

Displaying Smartports Macros 8-8

9 Configuring STP 9-1

Understanding Spanning-Tree Features 9-1

STP Overview 9-2 Spanning-Tree Topology and BPDUs 9-3 Bridge ID, Switch Priority, and Extended System ID 9-4 Spanning-Tree Interface States 9-4

Blocking State 9-5 Listening State 9-6 Learning State 9-6 Forwarding State 9-6

Disabled State 9-7 How a Switch or Port Becomes the Root Switch or Root Port 9-7 Spanning Tree and Redundant Connectivity 9-8 Spanning-Tree Address Management 9-8 Accelerated Aging to Retain Connectivity 9-8 Spanning-Tree Modes and Protocols 9-9 Supported Spanning-Tree Instances 9-9 Spanning-Tree Interoperability and Backward Compatibility 9-10 STP and IEEE 802.1Q Trunks 9-10 Spanning Tree Considerations for Cisco Systems Intelligent Gigabit Ethernet Switch Modules 9-11

viii

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

Configuring Spanning-Tree Features 9-11

Default Spanning-Tree Configuration 9-12 Spanning-Tree Configuration Guidelines 9-12 Changing the Spanning-Tree Mode 9-13 Disabling Spanning Tree 9-14 Configuring the Root Switch 9-15 Configuring a Secondary Root Switch 9-17 Configuring the Port Priority 9-17 Configuring the Path Cost 9-19 Configuring the Switch Priority of a VLAN 9-20 Configuring Spanning-Tree Timers 9-21

Configuring the Hello Time 9-21 Configuring the Forwarding-Delay Time for a VLAN 9-22 Configuring the Maximum-Aging Time for a VLAN 9-22

Displaying the Spanning-Tree Status 9-23

Contents

CHAPTER

10 Configuring MSTP 10-1

Understanding MSTP 10-2

Multiple Spanning-Tree Regions 10-2 IST, CIST, and CST 10-2

Operations Within an MST Region 10-3 Hop Count 10-4 Interoperability with IEEE 802.1D STP 10-4

Understanding RSTP 10-5

Port Roles and the Active Topology 10-5 Rapid Convergence 10-6 Synchronization of Port Roles 10-7 Bridge Protocol Data Unit Format and Processing 10-8

Processing Superior BPDU Information 10-9

Processing Inferior BPDU Information 10-9 Topology Changes 10-9

Configuring MSTP Features 10-10

Default MSTP Configuration 10-11 MSTP Configuration Guidelines 10-11 Specifying the MST Region Configuration and Enabling MSTP 10-12 Configuring the Root Switch 10-13 Configuring a Secondary Root Switch 10-15 Configuring the Port Priority 10-15 Configuring the Path Cost 10-17

24R9746

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

Contents

Configuring the Switch Priority 10-18 Configuring the Hello Time 10-18 Configuring the Forwarding-Delay Time 10-19 Configuring the Maximum-Aging Time 10-20 Configuring the Maximum-Hop Count 10-20 Specifying the Link Type to Ensure Rapid Transitions 10-21 Restarting the Protocol Migration Process 10-21

Displaying the MST Configuration and Status 10-22

CHAPTER

11 Configuring Optional Spanning-Tree Features 11-1

Understanding Optional Spanning-Tree Features 11-1

Understanding Port Fast 11-2 Understanding BPDU Guard 11-3 Understanding BPDU Filtering 11-3 Understanding UplinkFast 11-4 Understanding BackboneFast 11-5 Understanding EtherChannel Guard 11-8 Understanding Root Guard 11-8 Understanding Loop Guard 11-9

Configuring Optional Spanning-Tree Features 11-9

Default Optional Spanning-Tree Configuration 11-10 Optional Spanning-Tree Configuration Guidelines 11-10 Enabling Port Fast 11-10 Enabling BPDU Guard 11-11 Enabling BPDU Filtering 11-12 Enabling UplinkFast for Use with Redundant Links 11-13 Enabling BackboneFast 11-14 Enabling EtherChannel Guard 11-15 Enabling Root Guard 11-15 Enabling Loop Guard 11-16

CHAPTER

Displaying the Spanning-Tree Status 11-17

12 Configuring VLANs 12-1

Understanding VLANs 12-1

Supported VLANs 12-2 VLAN Port Membership Modes 12-3

Configuring Normal-Range VLANs 12-4

Token Ring VLANs 12-5 Normal-Range VLAN Configuration Guidelines 12-5

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

VLAN Configuration Mode Options 12-6

VLAN Configuration in config-vlan Mode 12-6

VLAN Configuration in VLAN Configuration Mode 12-6 Saving VLAN Configuration 12-7 Default Ethernet VLAN Configuration 12-7 Creating or Modifying an Ethernet VLAN 12-8 Deleting a VLAN 12-10 Assigning Static-Access Ports to a VLAN 12-10

Configuring Extended-Range VLANs 12-11

Default VLAN Configuration 12-12 Extended-Range VLAN Configuration Guidelines 12-12 Creating an Extended-Range VLAN 12-12

Displaying VLANs 12-13

Configuring VLAN Trunks 12-14

Trunking Overview 12-14

IEEE 802.1Q Configuration Considerations 12-16 Default Layer 2 Ethernet Interface VLAN Configuration 12-17 Configuring an Ethernet Interface as a Trunk Port 12-17

Interaction with Other Features 12-18

Configuring a Trunk Port 12-18

Defining the Allowed VLANs on a Trunk 12-19

Changing the Pruning-Eligible List 12-20

Configuring the Native VLAN for Untagged Traffic 12-21 Load Sharing Using STP 12-22

Load Sharing Using STP Port Priorities 12-22

Load Sharing Using STP Path Cost 12-24

Contents

24R9746

Configuring VMPS 12-25

Understanding VMPS 12-26

Dynamic Port VLAN Membership 12-26

VMPS Database Configuration File 12-27 Default VMPS Client Configuration 12-27 VMPS Configuration Guidelines 12-27 Configuring the VMPS Client 12-28

Entering the IP Address of the VMPS 12-28

Configuring Dynamic Access Ports on VMPS Clients 12-28

Reconfirming VLAN Memberships 12-29

Changing the Reconfirmation Interval 12-30

Changing the Retry Count 12-30

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

Contents

Monitoring the VMPS 12-30 Troubleshooting Dynamic Port VLAN Membership 12-31 VMPS Configuration Example 12-31

CHAPTER

13 Configuring VTP 13-1

Understanding VTP 13-1

The VTP Domain 13-2 VTP Modes 13-3 VTP Advertisements 13-3 VTP Version 2 13-4 VTP Pruning 13-4

Configuring VTP 13-6

Default VTP Configuration 13-6 VTP Configuration Options 13-7

VTP Configuration in Global Configuration Mode 13-7 VTP Configuration in VLAN Configuration Mode 13-7

VTP Configuration Guidelines 13-8

Domain Names 13-8 Passwords 13-8 VTP Version 13-8

Configuration Requirements 13-9 Configuring a VTP Server 13-9 Configuring a VTP Client 13-10 Disabling VTP (VTP Transparent Mode) 13-11 Enabling VTP Version 2 13-12 Enabling VTP Pruning 13-13 Adding a VTP Client Switch to a VTP Domain 13-14

CHAPTER

xii

Monitoring VTP 13-15

14 Configuring IGMP Snooping and MVR 14-1

Understanding IGMP Snooping 14-2

IGMP Versions 14-2 Joining a Multicast Group 14-3 Leaving a Multicast Group 14-5 Immediate-Leave Processing 14-6 IGMP Configurable-Leave Timer 14-6 IGMP Report Suppression 14-6 Source-Only Networks 14-7

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

Configuring IGMP Snooping 14-7

Default IGMP Snooping Configuration 14-8 Enabling or Disabling IGMP Snooping 14-8 Setting the Snooping Method 14-9 Configuring a Multicast Router Port 14-10 Configuring a Host Statically to Join a Group 14-10 Enabling IGMP Immediate-Leave Processing 14-11 Configuring the IGMP Leave Timer 14-12 Disabling IGMP Report Suppression 14-12 Disabling IP Multicast-Source-Only Learning 14-13 Configuring the Aging Time 14-14

Displaying IGMP Snooping Information 14-14

Understanding Multicast VLAN Registration 14-15

Using MVR in a Multicast Television Application 14-16

Configuring MVR 14-17

Default MVR Configuration 14-18 MVR Configuration Guidelines and Limitations 14-18 Configuring MVR Global Parameters 14-18 Configuring MVR Interfaces 14-20

Contents

CHAPTER

Displaying MVR Information 14-21

Configuring IGMP Filtering and Throttling 14-21

Default IGMP Filtering and Throttling Configuration 14-22 Configuring IGMP Profiles 14-23 Applying IGMP Profiles 14-24 Setting the Maximum Number of IGMP Groups 14-25 Configuring the IGMP Throttling Action 14-25

Displaying IGMP Filtering and Throttling Configuration 14-27

15 Configuring Port-Based Traffic Control 15-1

Configuring Storm Control 15-1

Understanding Storm Control 15-1 Default Storm Control Configuration 15-2 Configuring Storm Control and Threshold Levels 15-2

Configuring Protected Ports 15-3

Configuring Port Security 15-4

Understanding Port Security 15-4

Secure MAC Addresses 15-5 Security Violations 15-5

24R9746

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

xiii

Contents

Default Port Security Configuration 15-6 Port Security Configuration Guidelines 15-6 Enabling and Configuring Port Security 15-7 Enabling and Configuring Port Security Aging 15-9

Displaying Port-Based Traffic Control Settings 15-11

CHAPTER

16 Configuring UDLD 16-1

Understanding UDLD 16-1

Modes of Operation 16-1 Methods to Detect Unidirectional Links 16-2

Configuring UDLD 16-4

Default UDLD Configuration 16-4 Configuration Guidelines 16-4 Enabling UDLD Globally 16-5 Enabling UDLD on an Interface 16-6 Resetting an Interface Shut Down by UDLD 16-6

Displaying UDLD Status 16-7

17 Configuring CDP 17-1

Understanding CDP 17-1

Configuring CDP 17-2

Default CDP Configuration 17-2 Configuring the CDP Characteristics 17-2 Disabling and Enabling CDP 17-3 Disabling and Enabling CDP on an Interface 17-4

CHAPTER

xiv

Monitoring and Maintaining CDP 17-5

18 Configuring SPAN and RSPAN 18-1

Understanding SPAN and RSPAN 18-1

SPAN and RSPAN Concepts and Terminology 18-3

SPAN Session 18-3

Traffic Types 18-3

Source Port 18-4

Destination Port 18-4

Reflector Port 18-5

SPAN Traffic 18-5 SPAN and RSPAN Interaction with Other Features 18-6

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

SPAN and RSPAN Session Limits 18-7 Default SPAN and RSPAN Configuration 18-7

Configuring SPAN 18-7

SPAN Configuration Guidelines 18-7 Creating a SPAN Session and Specifying Ports to Monitor 18-8 Creating a SPAN Session and Enabling Ingress Traffic 18-9 Removing Ports from a SPAN Session 18-11

Configuring RSPAN 18-12

RSPAN Configuration Guidelines 18-12 Configuring a VLAN as an RSPAN VLAN 18-13 Creating an RSPAN Source Session 18-14 Creating an RSPAN Destination Session 18-15 Removing Ports from an RSPAN Session 18-16

Displaying SPAN and RSPAN Status 18-17

Contents

CHAPTER

19 Configuring RMON 19-1

Understanding RMON 19-1

Configuring RMON 19-2

Default RMON Configuration 19-3 Configuring RMON Alarms and Events 19-3 Configuring RMON Collection on an Interface 19-5

Displaying RMON Status 19-6

20 Configuring System Message Logging 20-1

Understanding System Message Logging 20-1

Configuring System Message Logging 20-2

System Log Message Format 20-2 Default System Message Logging Configuration 20-3 Disabling and Enabling Message Logging 20-4 Setting the Message Display Destination Device 20-4 Synchronizing Log Messages 20-6 Enabling and Disabling Timestamps on Log Messages 20-7 Enabling and Disabling Sequence Numbers in Log Messages 20-8 Defining the Message Severity Level 20-8 Limiting Syslog Messages Sent to the History Table and to SNMP 20-10

24R9746

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

Contents

Configuring UNIX Syslog Servers 20-10

Logging Messages to a UNIX Syslog Daemon 20-11

Configuring the UNIX System Logging Facility 20-11

Displaying the Logging Configuration 20-12

CHAPTER

21 Configuring SNMP 21-1

Understanding SNMP 21-1

SNMP Versions 21-2 SNMP Manager Functions 21-3 SNMP Agent Functions 21-3 SNMP Community Strings 21-4 Using SNMP to Access MIB Variables 21-4 SNMP Notifications 21-4

Configuring SNMP 21-5

Default SNMP Configuration 21-5 SNMP Configuration Guidelines 21-6 Disabling the SNMP Agent 21-6 Configuring Community Strings 21-7 Configuring SNMP Groups and Users 21-8 Configuring SNMP Notifications 21-10 Setting the Agent Contact and Location Information 21-13 Limiting TFTP Servers Used Through SNMP 21-13 SNMP Examples 21-14

CHAPTER

xvi

Displaying SNMP Status 21-15

22 Configuring Network Security with ACLs 22-1

Understanding ACLs 22-2

Handling Fragmented and Unfragmented Traffic 22-3 Understanding Access Control Parameters 22-4 Guidelines for Applying ACLs to Physical Interfaces 22-5

Configuring ACLs 22-6

Unsupported Features 22-6 Creating Standard and Extended IP ACLs 22-7

ACL Numbers 22-7

Creating a Numbered Standard ACL 22-8

Creating a Numbered Extended ACL 22-9

Creating Named Standard and Extended ACLs 22-12

Applying Time Ranges to ACLs 22-14

Including Comments About Entries in ACLs 22-16

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

Creating Named MAC Extended ACLs 22-17 Creating MAC Access Groups 22-18

Applying ACLs to Terminal Lines or Physical Interfaces 22-18

Applying ACLs to a Terminal Line 22-19 Applying ACLs to a Physical Interface 22-19

Displaying ACL Information 22-20

Displaying ACLs 22-20 Displaying Access Groups 22-21

Examples for Compiling ACLs 22-22

Numbered ACL Examples 22-23 Extended ACL Examples 22-23 Named ACL Example 22-23 Commented IP ACL Entry Examples 22-23

Contents

CHAPTER

23 Configuring QoS 23-1

Understanding QoS 23-2

Basic QoS Model 23-3 Classification 23-4

Classification Based on QoS ACLs 23-5

Classification Based on Class Maps and Policy Maps 23-6 Policing and Marking 23-6 Mapping Tables 23-7 Queueing and Scheduling 23-7

How Class of Service Works 23-7

Port Priority 23-7

Port Scheduling 23-8

Egress CoS Queues 23-8

Configuring Auto-QoS 23-9

Generated Auto-QoS Configuration 23-9 Effects of Auto-QoS on the Configuration 23-11 Configuration Guidelines 23-11 Enabling Auto-QoS for VoIP 23-12

24R9746

Displaying Auto-QoS Information 23-13

Auto-QoS Configuration Example 23-14

Configuring Standard QoS 23-16

Default Standard QoS Configuration 23-16 Configuration Guidelines 23-16 Configuring Classification Using Port Trust States 23-17

Configuring the Trust State on Ports within the QoS Domain 23-18

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

xvii

Contents

Configuring the CoS Value for an Interface 23-19 Configuring Trusted Boundary 23-20 Enabling Pass-Through Mode 23-22

Configuring a QoS Policy 23-23

Classifying Traffic by Using ACLs 23-23 Classifying Traffic by Using Class Maps 23-27 Classifying, Policing, and Marking Traffic by Using Policy Maps 23-28

Configuring CoS Maps 23-31

Configuring the CoS-to-DSCP Map 23-32 Configuring the DSCP-to-CoS Map 23-33

Configuring the Egress Queues 23-34

Configuring CoS Priority Queues 23-34 Configuring WRR Priority 23-35 Enabling the Expedite Queue and Configuring WRR Priority 23-35

Displaying Standard QoS Information 23-36

CHAPTER

Standard QoS Configuration Examples 23-36

QoS Configuration for the Existing Wiring Closet 23-37 QoS Configuration for the Intelligent Wiring Closet 23-38

24 Configuring EtherChannels and Layer 2 Trunk Failover 24-1

Understanding EtherChannels 24-1

Understanding Port-Channel Interfaces 24-2 Understanding the Port Aggregation Protocol and Link Aggregation Protocol 24-3

PAgP and LACP Modes 24-4 Physical Learners and Aggregate-Port Learners 24-5

PAgP and LACP Interaction with Other Features 24-5 EtherChannel On Mode 24-6 Understanding Load Balancing and Forwarding Methods 24-6

Configuring EtherChannels 24-8

Default EtherChannel Configuration 24-8 EtherChannel Configuration Guidelines 24-8 Configuring Layer 2 EtherChannels 24-9 Configuring EtherChannel Load Balancing 24-11 Configuring the PAgP Learn Method and Priority 24-12 Configuring the LACP Port Priority 24-13 Configuring Hot Standby Ports 24-13 Configuring the LACP System Priority 24-14

xviii

Displaying EtherChannel, PAgP, and LACP Status 24-15

Understanding Layer 2 Trunk Failover 24-15

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

Configuring Layer 2 Trunk Failover 24-16

Default Layer 2 Trunk Failover Configuration 24-16 Layer 2 Trunk Failover Configuration Guidelines 24-17 Configuring Layer 2 Trunk Failover 24-17

Displaying Layer 2 Trunk Failover Status 24-18

Contents

CHAPTER

25 Troubleshooting 25-1

Using Recovery Procedures 25-1

Recovering from a Software Failure 25-1 Recovering from Lost or Forgotten Passwords 25-2

Password Recovery with Password Recovery Enabled 25-4 Procedure with Password Recovery Disabled 25-5

Preventing Autonegotiation Mismatches 25-7

SFP Module Security and Identification 25-7

Diagnosing Connectivity Problems 25-7

Using Ping 25-8

Understanding Ping 25-8 Executing Ping 25-8

Using Layer 2 Traceroute 25-9

Understanding Layer 2 Traceroute 25-9 Usage Guidelines 25-9 Displaying the Physical Path 25-10

Using Debug Commands 25-11

Enabling Debugging on a Specific Feature 25-11 Enabling All-System Diagnostics 25-12 Redirecting Debug and Error Message Output 25-12 Using the debug auto qos Command 25-12

APPENDIX

24R9746

Using the crashinfo File 25-13

A Supported MIBs A-1

MIB List A-1

Using FTP to Access the MIB Files A-3

B Working with the Cisco IOS File System, Configuration Files, and Software Images B-1

Working with the Flash File System B-1

Displaying Available File Systems B-2 Setting the Default File System B-3 Displaying Information about Files on a File System B-3

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

xix

Contents

Changing Directories and Displaying the Working Directory B-4 Creating and Removing Directories B-4 Copying Files B-5 Deleting Files B-6 Creating, Displaying, and Extracting tar Files B-6

Creating a tar File B-6

Displaying the Contents of a tar File B-7

Extracting a tar File B-7 Displaying the Contents of a File B-8

Working with Configuration Files B-8

Guidelines for Creating and Using Configuration Files B-9 Configuration File Types and Location B-10 Creating a Configuration File By Using a Text Editor B-10 Copying Configuration Files By Using TFTP B-10

Preparing to Download or Upload a Configuration File By Using TFTP B-10

Downloading the Configuration File By Using TFTP B-11

Uploading the Configuration File By Using TFTP B-12 Copying Configuration Files By Using FTP B-12

Preparing to Download or Upload a Configuration File By Using FTP B-13

Downloading a Configuration File By Using FTP B-13

Uploading a Configuration File By Using FTP B-14 Copying Configuration Files By Using RCP B-15

Preparing to Download or Upload a Configuration File By Using RCP B-16

Downloading a Configuration File By Using RCP B-17

Uploading a Configuration File By Using RCP B-18 Clearing Configuration Information B-19

Clearing the Startup Configuration File B-19

Deleting a Stored Configuration File B-19

Working with Software Images B-19

Image Location on the Switch B-20 tar File Format of Images on a Server or IBM.com B-20 Copying Image Files By Using TFTP B-21

Preparing to Download or Upload an Image File By Using TFTP B-21

Downloading an Image File By Using TFTP B-22

Uploading an Image File By Using TFTP B-23 Copying Image Files By Using FTP B-24

Preparing to Download or Upload an Image File By Using FTP B-24

Downloading an Image File By Using FTP B-25

Uploading an Image File By Using FTP B-27

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

Copying Image Files By Using RCP B-28

Preparing to Download or Upload an Image File By Using RCP B-28 Downloading an Image File By Using RCP B-29 Uploading an Image File By Using RCP B-31

Contents

APPENDIX

NDEX

C Getting Help and Technical Assistance C-1

Before You Call C-1

Using the Documentation C-2

Getting Help and Information from the World Wide Web C-2

Software Service and Support C-2

Hardware Service and Support C-2

D Notices D-1

Edition Notice D-2

Trademarks D-2

24R9746

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

xxi

Contents

xxii

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

Audience

Preface

This guide is for the networking professional managing the Cisco Systems Intelligent Gigabit Ethernet Switch Modules, hereafter referred to as the switch. Before using this guide, you should have experience working with the Cisco IOS and be familiar with the concepts and terminology of Ethernet and local area networking.

Purpose

This guide provides the information you need to configure software features on your switch.

Use this guide with other documents for information about these topics:

• Requirements—This guide assumes that you have met the hardware and software requirements

described in the release notes.

• Start-up information—This guide assumes that you have assigned switch IP information and

passwords by using the BladeCenter Management Module WEB page described in the IBM BladeCenter QuickStart Guide.

• Embedded device manager graphical user interface (GUI)—This guide does not provide detailed

information on the GUI. However, the concepts in this guide are applicable to the GUI user. For information about the device manager, see the switch online help.

• CLI command information—This guide provides an overview for using the CLI. For complete

syntax and usage information about the commands that have been specifically created or changed for the switches, see the command reference for this release.

This guide provides procedures for using the commands that have been created or changed for use with the switch. It does not provide detailed information about these commands. For detailed information about these commands, see the command reference for this release.

This guide does not repeat the concepts and CLI procedures provided in the standard Cisco IOS Release 12.1 documentation. For information about the standard Cisco IOS Release 12.1 commands, see the Cisco IOS documentation set available from the Cisco.com home page at Service and Support >

Technical Documents. On the Cisco Product Documentation home page, select Release 12.1 from the Cisco IOS Software drop-down list.

This guide does not describe system messages you might encounter or how to install your switch. For this information, see the system message guide for this release and to the hardware installation guide.

24R9746

For documentation updates, see the release notes for this release.

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

xxiii

Conventions

This publication uses these conventions to convey instructions and information:

Command descriptions use these conventions:

Interactive examples use these conventions:

Notes, cautions, and timesavers use these conventions and symbols:

Preface

• Commands and keywords are in boldface text.

• Arguments for which you supply values are in italic.

• Square brackets ([ ]) mean optional elements.

• Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements.

• Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional

element.

• Terminal sessions and system displays are in screen font.

• Information you enter is in boldface screen font.

• Nonprinting characters, such as passwords or tabs, are in angle brackets (< >).

Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in

this manual.

Caution Means reader be careful. In this situation, you might do something that could result equipment damage

or loss of data.

Timesaver Means the following will help you solve a problem. The tips information might not be troubleshooting

or even an action, but could be useful information.

xxiv

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

Preface

Related Publications

In addition to this document, the following related documentation comes with the Gigabit Ethernet switch module:

• Cisco Systems Intelligent Gigabit Ethernet Switch Module for the IBM BladeCenter System Release

Notes

Note Switch requirements and procedures for initial configurations and software upgrades tend to change and

therefore appear only in the release notes. Before installing, configuring, or upgrading the switch, see the release notes for the latest information.

• Cisco Systems Intelligent Gigabit Ethernet Switch Module for the IBM BladeCenter System

Command Reference

This document is in PDF form on the IBM BladeCenter Documentation CD. It includes:

–

Command-line interface (CLI) modes

–

CLI commands and examples

Related Publications

–

Syntax description

–

Defaults

–

Command history

–

Usage guidelines

–

Related commands

• Cisco Systems Intelligent Gigabit Ethernet Switch Module for the IBM BladeCenter System

Message Guide

This document is in PDF on the IBM BladeCenter Documentation CD. It has information about the switch-specific system messages. During operation, the system software sends these messages to the console or logging server on another system. Not all system messages indicate problems with the system. Some messages are informational, and others can help diagnose problems with communication lines, internal hardware, or the system software. This document also includes error messages that appear when the system fails.

• Cisco Systems Intelligent Gigabit Ethernet Switch Module for the IBM BladeCenter Installation

Guide

This document has installation and configuration instructions for the Gigabit Ethernet switch module. This document also provides general information about your Gigabit Ethernet switch module, including warranty information and how to get help. This document is also on the IBM BladeCenter Documentation CD.

• Cisco Systems Intelligent Gb Fiber Ethernet Switch Module for the IBM BladeCenter Installation

Guide

This document has installation and configuration instructions for the Gb Fiber Ethernet switch module. This document also provides general information about your Gb Fiber Ethernet switch module, including warranty information and how to get help. This document is also on the IBM BladeCenter Documentation CD.

24R9746

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

xxv

Related Publications

• BladeCenter Type 8677 Installation and User’s Guide

This document is in PDF on the IBM BladeCenter Documentation CD. It contains general information about your BladeCenter unit, including:

–

Information about features

–

How to set up, cable, and start the BladeCenter unit

–

How to install options in the BladeCenter unit

–

How to configure the BladeCenter unit

–

How to perform basic troubleshooting of the BladeCenter unit

–

How to get help

• BladeCenter Management Module User’s Guide

This document is in PDF on the IBM BladeCenter Documentation CD. It provides general information about the management module, including:

–

Information about features

–

How to start the management module

–

How to install the management module

–

How to configure and use the management module

Preface

• BladeCenter HS20 Installation and User’s Guide (for each blade server type)

These documents are in PDF on the IBM BladeCenter Documentation CD. Each provides general information about a blade server, including:

–

Information about features

–

How to set up and start your blade server

–

How to install options in your blade server

–

How to configure your blade server

–

How to install an operating system on your blade server

–

How to perform basic troubleshooting of your blade server

–

How to get help

• Cisco IOS Release 12.1 documentation at

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/index.html

• Cisco IOS Release 12.2 documentation at

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/index.html

For information about related products, see these documents:

• Cisco Small Form-Factor Pluggable Modules Installation Notes (order number DOC-7815160=)

• Cisco CWDM GBIC and CWDM SFP Installation Note (not orderable but available on Cisco.com)

xxvi

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

Note In this document, IP refers to IP version 4 (IPv4). Layer 3 IP version 6 (IPv6) packets are treated as

Features

CHAPTER

Overview

This chapter provides these topics about the Cisco Systems Intelligent Gigabit Ethernet Switch Module:

• Features, page 1-1

• Management Options, page 1-6

• Network Configuration Examples, page 1-7

• Where to Go Next, page 1-8

non-IP packets.

This section describes the features supported in this release.

Ease of Use and Ease of Deployment

• User-defined Smartports macros for creating custom switch configurations for simplified

deployment across the network.

• Embedded device manager GUI for configuring and monitoring a single switch through a web

browser. For information about launching the device manager, see the switch hardware installation guide. For more information about the device manager, see the switch online help.

• Real-time status monitoring of a switch from the LEDs on a front-panel image from the device

manager.

Performance

• Autosensing of speed on the 10/100/1000 ports and autonegotiation of duplex mode on the external

ports for optimizing bandwidth

• Fast EtherChannel and Gigabit EtherChannel for enhanced fault tolerance and for providing up

to 4 Gbps of bandwidth among switches, routers, and servers

• Support for frame sizes from 64 to 9216 bytes

24R9746

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

1-1

Features

Chapter 1 Overview

• Port blocking on forwarding unknown unicast and multicast traffic

• Per-port broadcast storm control for preventing faulty end stations from degrading overall system

performance with broadcast storms

• Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for automatic

creation of EtherChannel links

• Internet Group Management Protocol (IGMP) snooping for IGMP versions 1, 2, and 3 to limit

flooding of IP multicast traffic

• IGMP report suppression for sending only one IGMP report per multicast router query to the

multicast devices (supported only for IGMPv1 or IGMPv2 queries)

• IGMP snooping querier support to configure switch to generate periodic IGMP General Query

messages

• Multicast VLAN registration (MVR) to continuously send multicast streams in a multicast VLAN

while isolating the streams from subscriber VLANs for bandwidth and security reasons

• IGMP filtering for controlling the set of multicast groups to which hosts on a switch port can belong

• IGMP throttling for configuring the action when the maximum number of entries is in the IGMP

forwarding table

• Protected port (private VLAN edge port) option for restricting the forwarding of traffic to

designated ports on the same switch

• Dynamic address learning for enhanced security

Manageability

• Address Resolution Protocol (ARP) for identifying a switch through its IP address and its

corresponding MAC address

• Unicast MAC address filtering to drop packets with specific source or destination MAC addresses

• Cisco Discovery Protocol (CDP) versions 1 and 2 for network topology discovery and mapping

between the switch and other Cisco devices on the network

• Network Time Protocol (NTP) for providing a consistent time stamp to all switches from an external

source

• Directed unicast requests to a TFTP server for obtaining software upgrades from a TFTP server

• Default configuration storage in flash memory to ensure that the switch can be connected to a

network and can forward traffic with minimal user intervention

• In-band management access through the embedded device manager through a Netscape Navigator

or Internet Explorer session

• In-band management access through up to 16 simultaneous Telnet connections for multiple

command-line interface (CLI)-based sessions over the network

• In-band management access through up to five simultaneous, encrypted Secure Shell (SSH)

connections for multiple CLI-based sessions over the network (only available in the enhanced cryptographic software image)

• In-band management access through SNMP versions 1, 2c, and 3 get and set requests

1-2

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

Chapter 1 Overview

Redundancy

Features

• Out-of-band management access through the switch service port to a directly-attached terminal or

to a remote terminal through a serial connection and a modem

Note For additional descriptions of the management interfaces, see the “Management Options”

section on page 1-6.

• Link state tracking to mirror the state of the external ports on the internal Ethernet links and to allow

the failover of the processor blade traffic to an operational external link on a separate Cisco Ethernet switch

• HSRP for command-switch redundancy

• UniDirectional Link Detection (UDLD) on all Ethernet ports for detecting and disabling

unidirectional links on fiber-optic interfaces caused by incorrect fiber-optic wiring or port faults

• IEEE 802.1D Spanning Tree Protocol (STP) for redundant backbone connections and loop-free

networks.

–

Up to 64 spanning-tree instances supported

–

Per-VLAN spanning-tree plus (PVST+) for load balancing across VLANs

–

Rapid PVST+ for load balancing across VLANs

–

UplinkFast and BackboneFast for fast convergence after a spanning-tree topology change and for achieving load balancing among redundant uplinks, including Gigabit uplinks

• IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) for grouping VLANs into a spanning-tree

instance and for providing multiple forwarding paths for data traffic and load balancing and rapid per-VLAN Spanning-Tree plus (rapid-PVST+), based on the IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) for rapid convergence of the spanning tree by immediately transitioning root and designated ports to the forwarding state

• Optional spanning-tree features available in the PVST+, rapid PVST+, and MSTP modes:

–

Port Fast for eliminating the forwarding delay by enabling a port to immediately transition from the blocking state to the forwarding state

–

BPDU guard for shutting down Port Fast-enabled ports that receive BPDUs

–

BPDU filtering for preventing a Port Fast-enabled port from sending or receiving BPDUs

–

Root guard for preventing switches outside the network core from becoming the spanning-tree root

–

Loop guard for preventing alternate or root ports from becoming designated ports because of a failure that leads to a unidirectional link

Note The switch supports up to 64 spanning-tree instances.

24R9746

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

1-3

Features

VLAN Support

Chapter 1 Overview

• The switches support 250 port-based VLANs for assigning users to VLANs associated with

appropriate network resources, traffic patterns, and bandwidth

• The switch supports up to 4094 VLAN IDs to allow service provider networks to support the number of

VLANs allowed by the IEEE 802.1Q standard

• IEEE 802.1Q trunking protocol on all ports for network moves, adds, and changes; management and

control of broadcast and multicast traffic; and network security by establishing VLAN groups for high-security users and network resources

• VLAN Membership Policy Server (VMPS) for dynamic VLAN membership

• VLAN Trunking Protocol (VTP) pruning for reducing network traffic by restricting flooded traffic

to links destined for stations receiving the traffic

• Dynamic Trunking Protocol (DTP) for negotiating trunking on a link between two devices and for

negotiating the type of trunking encapsulation (IEEE 802.1Q) to be used

• VLAN 1 minimization to reduce the risk of spanning-tree loops or storms by allowing VLAN 1 to

be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent or received. The switch CPU continues to send and receive control protocol frames.

Security

• Multiple management interface support allowing multiple interfaces to be assigned to a unique IP

address.

• Bridge protocol data unit (BPDU) guard for shutting down a Port Fast-configured port when an

invalid configuration occurs

• Protected port option for restricting the forwarding of traffic to designated ports on the same switch

• Password-protected access (read-only and read-write access) to management interfaces (device

manager and CLI) for protection against unauthorized configuration changes

• Port security option for limiting and identifying MAC addresses of the stations allowed to access

the port

• Port security aging to set the aging time for secure addresses on a port

• Multilevel security for a choice of security level, notification, and resulting actions

• MAC-based port-level security for restricting the use of a switch port to a specific group of source

addresses and preventing switch access from unauthorized stations

• TACACS+, a proprietary feature for managing network security through a TACACS server

• IEEE 802.1x port-based authentication to prevent unauthorized devices from gaining access to the

network

• IEEE 802.1x accounting to track network usage

1-4

• IEEE 802.1x with wake-on-LAN to allow dormant PCs to be powered on based on the receipt of a

specific Ethernet frame

• Standard and extended IP access control lists (ACLs) for defining security policies

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

+ 520 hidden pages

IBM Cisco Systems Intelligent Gigabit Ethernet User Manual

CONTENTS

Audience

Preface

Purpose

Conventions

Related Publications

Features

Overview

Ease of Use and Ease of Deployment

Performance

Manageability

Redundancy

VLAN Support

Security