catalyst 6500 release 12.2sxf and rebuilds software configuration guide

Catalyst 6500 Series Switch Cisco IOS Software Configuration GuideRelease 12.2(18)SXF and Rebuilds and Earlier Releases

Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100

Text Part Number: OL-3999-08

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SXF and Rebuilds and Erarlier Releases 20012009, Cisco Systems, Inc. All rights reserved.

CONTENTSPreface30 30 30

Audience Conventions

Related Documentation31 1

Product Overview User Interfaces

Supported Hardware and Software1

1

Configuring Embedded CiscoView Support 2 Understanding Embedded CiscoView 2 Installing and Configuring Embedded CiscoView 2 Displaying Embedded CiscoView Information 3 Software Features Supported in Hardware by the PFC and DFC Command-Line Interfaces1 3

Accessing the CLI 2 Accessing the CLI through the EIA/TIA-232 Console Interface Accessing the CLI through Telnet 2 Performing Command Line Processing Performing History Substitution Cisco IOS Command Modes Securing the CLI6 7 1 4 5 4 3

2

Displaying a List of Cisco IOS Commands and Syntax ROM-Monitor Command-Line Interface Configuring the Switch for the First Time Default Configuration2

Configuring the Switch 2 Using the Setup Facility or the setup Command 2 Using Configuration Mode 10 Checking the Running Configuration Before Saving 10 Saving the Running Configuration Settings 11

Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SXF OL-3999-08

1

Contents

Reviewing the Configuration 11 Configuring a Default Gateway 12 Configuring a Static Route 12 Configuring a BOOTP Server 14 Protecting Access to Privileged EXEC Commands 15 Setting or Changing a Static Enable Password 15 Using the enable password and enable secret Commands 15 Setting or Changing a Line Password 16 Setting TACACS+ Password Protection for Privileged EXEC Mode Encrypting Passwords 17 Configuring Multiple Privilege Levels 17 Recovering a Lost Enable Password19

16

Modifying the Supervisor Engine Startup Configuration 20 Understanding the Supervisor Engine Boot Configuration Configuring the Software Configuration Register 21 Specifying the Startup System Image 24 Understanding Flash Memory 24 CONFIG_FILE Environment Variable 25 Controlling Environment Variables 26 Configuring a Supervisor Engine 7201 2

20

Using the Bootflash or Bootdisk on a Supervisor Engine 720 Using the Slots on a Supervisor Engine 720 Configuring Supervisor Engine 720 Ports2 2

Configuring and Monitoring the Switch Fabric Functionality 2 Understanding How the Switch Fabric Functionality Works Configuring the Switch Fabric Functionality 4 Monitoring the Switch Fabric Functionality 4 Configuring a Supervisor Engine 32 Supervisor Engine 32 Ports2 1 2

3

Flash Memory on a Supervisor Engine 32

Configuring the Supervisor Engine 2 and the Switch Fabric Module Using the Slots on a Supervisor Engine 21 2

1

Understanding How the Switch Fabric Module Works


2

Contents

Switch Fabric Module Overview 2 Switch Fabric Module Slots 2 Switch Fabric Redundancy 2 Forwarding Decisions for Layer 3-Switched Traffic Switching Modes 3 Configuring the Switch Fabric Module 3 Configuring the Switching Mode 4 Configuring Fabric-Required Mode 4 Configuring an LCD Message 5

2

Monitoring the Switch Fabric Module 5 Displaying the Module Information 7 Displaying the Switch Fabric Module Redundancy Status Displaying Fabric Channel Switching Modes 7 Displaying the Fabric Status 8 Displaying the Fabric Utilization 8 Displaying Fabric Errors 8 Configuring NSF with SSO Supervisor Engine Redundancy

7

1

Understanding NSF with SSO Supervisor Engine Redundancy 2 NSF with SSO Supervisor Engine Redundancy Overview 2 SSO Operation 3 NSF Operation 3 Cisco Express Forwarding 3 Multicast MLS NSF with SSO 4 Routing Protocols 4 NSF Benefits and Restrictions 8 Supervisor Engine Configuration Synchronization 9 Supervisor Engine Redundancy Guidelines and Restrictions 10 Redundancy Configuration Guidelines and Restrictions 10 Hardware Configuration Guidelines and Restrictions 10 Configuration Mode Restrictions 11 NSF Configuration Tasks 11 Configuring SSO 12 Configuring Multicast MLS NSF with SSO Verifying Multicast NSF with SSO 13 Configuring CEF NSF 13 Verifying CEF NSF 13 Configuring BGP NSF 14

12


3

Contents

Verifying BGP NSF 14 Configuring OSPF NSF 15 Verifying OSPF NSF 15 Configuring IS-IS NSF 16 Verifying IS-IS NSF 17 Configuring EIGRP NSF 19 Verifying EIGRP NSF 19 Synchronizing the Supervisor Engine Configurations Copying Files to the Redundant Supervisor Engine20

20

Configuring RPR and RPR+ Supervisor Engine Redundancy Understanding RPR and RPR+ 2 Supervisor Engine Redundancy Overview 2 RPR Operation 2 RPR+ Operation 3 Supervisor Engine Configuration Synchronization

1

3

Supervisor Engine Redundancy Guidelines and Restrictions 4 Redundancy Guidelines and Restrictions 4 RPR+ Guidelines and Restrictions 5 Hardware Configuration Guidelines and Restrictions 5 Configuration Mode Restrictions 6 Configuring Supervisor Engine Redundancy 6 Configuring Redundancy 6 Synchronizing the Supervisor Engine Configurations Displaying the Redundancy States 7 Performing a Fast Software Upgrade Copying Files to an MSFC Configuring Interfaces1 2 9 8

7

Understanding Interface Configuration Using the Interface Command2 4

Configuring a Range of Interfaces

Defining and Using Interface-Range Macros

6

Configuring Optional Interface Features 6 Configuring Ethernet Interface Speed and Duplex Mode Configuring Jumbo Frame Support 10

7


4

Contents

Configuring IEEE 802.3x Flow Control Configuring the Port Debounce Timer Adding a Description for an Interface

13 14 16 16

Understanding Online Insertion and Removal Monitoring and Maintaining Interfaces 17 Monitoring Interface Status 17 Clearing Counters on an Interface 17 Resetting an Interface 18 Shutting Down and Restarting an Interface Checking the Cable Status Using the TDR19

18

Configuring LAN Ports for Layer 2 Switching

1

Understanding How Layer 2 Switching Works 1 Understanding Layer 2 Ethernet Switching 2 Understanding VLAN Trunks 3 Layer 2 LAN Port Modes 4 Default Layer 2 LAN Interface Configuration5 5

Layer 2 LAN Interface Configuration Guidelines and Restrictions Configuring LAN Interfaces for Layer 2 Switching 6 Configuring a LAN Port for Layer 2 Switching 7 Configuring a Layer 2 Switching Port as a Trunk 8 Configuring a LAN Interface as a Layer 2 Access Port 14 Configuring a Custom IEEE 802.1Q EtherType Field Value 15 Configuring Flex Links1 1

Understanding Flex Links

Configuring Flex Links 2 Flex Links Default Configuration 2 Flex Links Configuration Guidelines and Restrictions Configuring Flex Links 3 Monitoring Flex Links4 1

2

Configuring EtherChannels

Understanding How EtherChannels Work 1 EtherChannel Feature Overview 2 Understanding How EtherChannels Are Configured

2


5

Contents

Understanding Port Channel Interfaces Understanding Load Balancing 5

5

EtherChannel Feature Configuration Guidelines and Restrictions

5

Configuring EtherChannels 7 Configuring Port Channel Logical Interfaces for Layer 3 EtherChannels Configuring Channel Groups 8 Configuring the LACP System Priority and System ID 10 Configuring EtherChannel Load Balancing 11 Configuring the EtherChannel Min-Links Feature 12 Configuring VTP1

7

Understanding How VTP Works 1 Understanding the VTP Domain 2 Understanding VTP Modes 2 Understanding VTP Advertisements Understanding VTP Version 2 3 Understanding VTP Pruning 4 VTP Default Configuration5

3

VTP Configuration Guidelines and Restrictions Configuring VTP 6 Configuring VTP Global Parameters Configuring the VTP Mode 9 Displaying VTP Statistics 10 Configuring VLANs1 6

5

Understanding How VLANs Work 1 VLAN Overview 2 VLAN Ranges 2 Configurable VLAN Parameters 3 Understanding Token Ring VLANs 3 VLAN Default Configuration6 8

VLAN Configuration Guidelines and Restrictions

Configuring VLANs 9 VLAN Configuration Options 9 Creating or Modifying an Ethernet VLAN 10 Assigning a Layer 2 LAN Interface to a VLAN 12


6

Contents

Configuring the Internal VLAN Allocation Policy Configuring VLAN Translation 13 Mapping 802.1Q VLANs to ISL VLANs 16 Saving VLAN Information 17 Configuring Private VLANs1

12

Understanding How Private VLANs Work 1 Private VLAN Domains 2 Private VLAN Ports 3 Primary, Isolated, and Community VLANs 3 Private VLAN Port Isolation 4 IP Addressing Scheme with Private VLANs 4 Private VLANs Across Multiple Switches 5 Private VLAN Interaction with Other Features 5 Private VLAN Configuration Guidelines and Restrictions Secondary and Primary VLAN Configuration 7 Private VLAN Port Configuration 9 Limitations with Other Features 96

Configuring Private VLANs 11 Configuring a VLAN as a Private VLAN 11 Associating Secondary VLANs with a Primary VLAN 12 Mapping Secondary VLANs to the Layer 3 VLAN Interface of a Primary VLAN Configuring a Layer 2 Interface as a Private VLAN Host Port 14 Configuring a Layer 2 Interface as a Private VLAN Promiscuous Port 15 Monitoring Private VLANs17 1

13

Configuring Cisco IP Phone Support

Understanding Cisco IP Phone Support 1 Cisco IP Phone Connections 2 Cisco IP Phone Voice Traffic 2 Cisco IP Phone Data Traffic 3 Cisco IP Phone Power Configurations 3 Other Cisco IP Phone Features 4 Default Cisco IP Phone Support Configuration Configuring Cisco IP Phone Support6 5 5

Cisco IP Phone Support Configuration Guidelines and Restrictions


7

Contents

Configuring Voice Traffic Support 6 Configuring Data Traffic Support 7 Configuring Inline Power Support 8 Configuring IEEE 802.1Q Tunneling1 1 3

Understanding How 802.1Q Tunneling Works

802.1Q Tunneling Configuration Guidelines and Restrictions Configuring 802.1Q Tunneling 6 Configuring 802.1Q Tunnel Ports 6 Configuring the Switch to Tag Native VLAN Traffic Configuring Layer 2 Protocol Tunneling1 1

6

Understanding How Layer 2 Protocol Tunneling Works Configuring Support for Layer 2 Protocol Tunneling Configuring Standard-Compliant IEEE MST1 2

Understanding MST 1 MST Overview 2 MST Regions 2 IST, CIST, and CST 3 Hop Count 6 Boundary Ports 6 Standard-Compliant MST Implementation 7 Interoperability with IEEE 802.1D-1998 STP 9 Understanding RSTP 9 Port Roles and the Active Topology 10 Rapid Convergence 11 Synchronization of Port Roles 12 Bridge Protocol Data Unit Format and Processing Topology Changes 15

13

Configuring MST 15 Default MST Configuration 16 MST Configuration Guidelines and Restrictions 16 Specifying the MST Region Configuration and Enabling MST Configuring the Root Bridge 19 Configuring a Secondary Root Bridge 20 Configuring Port Priority 21 Configuring Path Cost 22

17


8

Contents

Configuring the Switch Priority 23 Configuring the Hello Time 24 Configuring the Forwarding-Delay Time 25 Configuring the Transmit Hold Count 25 Configuring the Maximum-Aging Time 26 Configuring the Maximum-Hop Count 26 Specifying the Link Type to Ensure Rapid Transitions Designating the Neighbor Type 27 Restarting the Protocol Migration Process 28 Displaying the MST Configuration and Status28 1

26

Configuring STP and Prestandard IEEE 802.1s MST Understanding How STP Works 2 STP Overview 2 Understanding the Bridge ID 2 Understanding Bridge Protocol Data Units Election of the Root Bridge 4 STP Protocol Timers 5 Creating the Spanning Tree Topology 5 STP Port States 6 STP and IEEE 802.1Q Trunks 12 Understanding How IEEE 802.1w RSTP Works IEEE 802.1w RSTP Overview 13 RSTP Port Roles 13 RSTP Port States 14 Rapid-PVST 14

4

13

Understanding How Prestandard IEEE 802.1s MST Works IEEE 802.1s MST Overview 15 MST-to-PVST Interoperability 16 Common Spanning Tree 18 MST Instances 18 MST Configuration Parameters 18 MST Regions 19 Message Age and Hop Count 20 Default STP Configuration Configuring STP 22 Enabling STP 2221

14

STP and MST Configuration Guidelines and Restrictions

21


9

Contents

Enabling the Extended System ID 24 Configuring the Root Bridge 24 Configuring a Secondary Root Bridge 26 Configuring STP Port Priority 26 Configuring STP Port Cost 28 Configuring the Bridge Priority of a VLAN 30 Configuring the Hello Time 31 Configuring the Forward-Delay Time for a VLAN 32 Configuring the Maximum Aging Time for a VLAN 32 Enabling Rapid-PVST 33 Configuring Prestandard IEEE 802.1s MST 33 Enabling MST 34 Displaying MST Configurations 35 Configuring MST Instance Parameters 39 Configuring MST Instance Port Parameters 40 Restarting Protocol Migration 40 Configuring Optional STP Features Understanding How PortFast Works1 2 2 2

Understanding How BPDU Guard Works Understanding How UplinkFast Works3

Understanding How PortFast BPDU Filtering Works Understanding How BackboneFast Works Understanding How Root Guard Works Understanding How Loop Guard Works Enabling PortFast8 10 7 7 4 6

Understanding How EtherChannel Guard Works

Enabling PortFast BPDU Filtering Enabling BPDU Guard Enabling UplinkFast Enabling BackboneFast Enabling Root Guard Enabling Loop Guard14 15 12 12 13 14

Enabling EtherChannel Guard


10

Contents

Configuring Layer 3 Interfaces

1 2

Layer 3 Interface Configuration Guidelines and Restrictions Configuring Subinterfaces on Layer 3 Interfaces Configuring IPv4 Routing and Addresses4 8 9 2

Configuring IPX Routing and Network Numbers Configuring Other Protocols on Layer 3 Interfaces Configuring UDE and UDLR1

Configuring AppleTalk Routing, Cable Ranges, and Zones10

Understanding UDE and UDLR 1 UDE and UDLR Overview 1 Supported Hardware 2 Understanding UDE 2 Understanding UDLR 3 Configuring UDE and UDLR Configuring UDE 3 Configuring UDLR 63

Configuring PFC3BXL and PFC3B Mode Multiprotocol Label Switching PFC3BXL and PFC3B Mode MPLS Label Switching 1 Understanding MPLS 2 Understanding PFC3BXL and PFC3B Mode MPLS Label Switching Supported Hardware Features 5 Supported Cisco IOS Features 5 MPLS Guidelines and Restrictions 7 PFC3BXL and PFC3B Mode MPLS Supported Commands 7 Configuring MPLS 8 MPLS Per-Label Load Balancing 8 MPLS Configuration Examples 8 PFC3BXL or PFC3B Mode VPN Switching 10 PFC3BXL or PFC3B Mode VPN Switching Operation 10 MPLS VPN Guidelines and Restrictions 11 PFC3BXL or PFC3B Mode MPLS VPN Supported Commands Configuring MPLS VPN 11 MPLS VPN Sample Configuration 12 Any Transport over MPLS 13 AToM Load Balancing 14

1

2

11


11

Contents

Understanding EoMPLS 14 EoMPLS Guidelines and Restrictions Configuring EoMPLS 16 Configuring IPv4 Multicast VPN Support

14

1

Understanding How MVPN Works 1 MVPN Overview 2 Multicast Routing and Forwarding and Multicast Domains Multicast Distribution Trees 2 Multicast Tunnel Interfaces 5 PE Router Routing Table Support for MVPN 6 Multicast Distributed Switching Support 6 Hardware-Assisted IPv4 Multicast 6 MVPN Configuration Guidelines and Restrictions7

2

Configuring MVPN 8 Forcing Ingress Multicast Replication Mode (Optional) 8 Configuring a Multicast VPN Routing and Forwarding Instance Configuring Multicast VRF Routing 15 Configuring Interfaces for Multicast Routing to Support MVPN Sample Configurations for MVPN 22 MVPN Configuration with Default MDTs Only 22 MVPN Configuration with Default and Data MDTs 24 Configuring IP Unicast Layer 3 Switching1

9

20

Understanding How Layer 3 Switching Works 2 Understanding Hardware Layer 3 Switching 2 Understanding Layer 3-Switched Packet Rewrite Default Hardware Layer 3 Switching Configuration Configuration Guidelines and Restrictions Configuring Hardware Layer 3 Switching5 6 4 4

2

Displaying Hardware Layer 3 Switching Statistics

Configuring IPv6 Multicast PFC3 and DFC3 Layer 3 Switching Features that Support IPv6 Multicast2 2 3 3

1

IPv6 Multicast Guidelines and Restrictions New or Changed IPv6 Multicast Commands Configuring IPv6 Multicast Layer 3 Switching


12

Contents

Using show Commands to Verify IPv6 Multicast Layer 3 Switching 3 Verifying MFIB Clients 4 Displaying the Switching Capability 5 Verifying the (S,G) Forwarding Capability 5 Verifying the (*,G) Forwarding Capability 5 Verifying the Subnet Entry Support Status 5 Verifying the Current Replication Mode 5 Displaying the Replication Mode Auto Detection Status 6 Displaying the Replication Mode Capabilities 6 Displaying Subnet Entries 6 Displaying the IPv6 Multicast Summary 6 Displaying the NetFlow Hardware Forwarding Count 7 Displaying the FIB Hardware Bridging and Drop Counts 7 Displaying the Shared and Well-Known Hardware Adjacency Counters Configuring IPv4 Multicast Layer 3 Switching1 2

8

Understanding How IPv4 Multicast Layer 3 Switching Works IPv4 Multicast Layer 3 Switching Overview 2 Multicast Layer 3 Switching Cache 2 Layer 3-Switched Multicast Packet Rewrite 3 Partially and Completely Switched Flows 4 Non-RPF Traffic Processing 5 Multicast Boundary 7 Understanding How IPv4 Bidirectional PIM Works7 7

Default IPv4 Multicast Layer 3 Switching Configuration

IPv4 Multicast Layer 3 Switching Configuration Guidelines and Restrictions Restrictions 8 Unsupported Features 9 Configuring IPv4 Multicast Layer 3 Switching 9 Source-Specific Multicast with IGMPv3, IGMP v3lite, and URD 10 Enabling IPv4 Multicast Routing Globally 10 Enabling IPv4 PIM on Layer 3 Interfaces 10 Enabling IP Multicast Layer 3 Switching Globally 11 Enabling IP Multicast Layer 3 Switching on Layer 3 Interfaces 11 Configuring the Replication Mode 12 Enabling Local Egress Replication 14 Configuring the Layer 3 Switching Global Threshold 15 Enabling Installation of Directly Connected Subnets 15

8


13

Contents

Specifying the Flow Statistics Message Interval 16 Enabling Shortcut-Consistency Checking 16 Configuring ACL-Based Filtering of RPF Failures 17 Displaying RPF Failure Rate-Limiting Information 17 Configuring Multicast Boundary 18 Displaying IPv4 Multicast Layer 3 Hardware Switching Summary Displaying the IPv4 Multicast Routing Table 21 Displaying IPv4 Multicast Layer 3 Switching Statistics 22 Configuring IPv4 Bidirectional PIM 23 Enabling IPv4 Bidirectional PIM Globally 23 Configuring the Rendezvous Point for IPv4 Bidirectional PIM Groups Setting the IPv4 Bidirectional PIM Scan Interval 24 Displaying IPv4 Bidirectional PIM Information 25 Using IPv4 Debug Commands 27 Clearing IPv4 Multicast Layer 3 Switching Statistics 27 Redundancy for Multicast Traffic 28 Configuring MLDv2 Snooping for IPv6 Multicast Traffic Understanding How MLDv2 Snooping Works 2 MLDv2 Snooping Overview 2 MLDv2 Messages 3 Source-Based Filtering 3 Explicit Host Tracking 3 MLDv2 Snooping Proxy Reporting 4 Joining an IPv6 Multicast Group 4 Leaving a Multicast Group 6 Understanding the MLDv2 Snooping Querier Default MLDv2 Snooping Configuration8 8 8 1

18

24

7

MLDv2 Snooping Configuration Guidelines and Restrictions Enabling the MLDv2 Snooping Querier9

MLDv2 Snooping Querier Configuration Guidelines and Restrictions Configuring MLDv2 Snooping 10 Enabling MLDv2 Snooping 10 Configuring a Static Connection to a Multicast Receiver Configuring a Multicast Router Port Statically 11 Configuring the MLD Snooping Query Interval 12 Enabling Fast-Leave Processing 13

11

Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SXF

14

OL-3999-08

Contents

Enabling SSM Safe Reporting 13 Configuring Explicit Host Tracking 14 Configuring Report Suppression 14 Displaying MLDv2 Snooping Information

15 1

Configuring IGMP Snooping for IPv4 Multicast Traffic Understanding How IGMP Snooping Works 1 IGMP Snooping Overview 2 Joining a Multicast Group 2 Leaving a Multicast Group 4 Understanding the IGMP Snooping Querier 5 Understanding IGMP Version 3 Support 5 Default IGMP Snooping Configuration7

IGMP Snooping Configuration Guidelines and Restrictions Enabling the IGMP Snooping Querier9

8 8

IGMP Snooping Querier Configuration Guidelines and Restrictions Configuring IGMP Snooping 9 Enabling IGMP Snooping 10 Configuring a Static Connection to a Multicast Receiver 11 Configuring a Multicast Router Port Statically 11 Configuring the IGMP Snooping Query Interval 11 Enabling IGMP Fast-Leave Processing 12 Configuring Source Specific Multicast (SSM) Mapping 12 Enabling SSM Safe Reporting 13 Configuring IGMPv3 Explicit Host Tracking 13 Displaying IGMP Snooping Information 14 Configuring PIM Snooping1 1

Understanding How PIM Snooping Works Default PIM Snooping Configuration4

PIM Snooping Configuration Guidelines and Restrictions Configuring PIM Snooping 5 Enabling PIM Snooping Globally 5 Enabling PIM Snooping in a VLAN 5 Disabling PIM Snooping Designated-Router Flooding

4

6


15

Contents

Configuring RGMP

1 1

Understanding How RGMP Works Default RGMP Configuration2

RGMP Configuration Guidelines and Restrictions Enabling RGMP on Layer 3 Interfaces Configuring Network Security Configuring TCP Intercept2 1 3

2

Configuring MAC Address-Based Traffic Blocking

2

Configuring Unicast Reverse Path Forwarding Check 2 Understanding PFC3 Unicast RPF Check Support 2 Understanding PFC2 Unicast RPF Check Support 3 Unicast RPF Check Guidelines and Restrictions 3 Configuring Unicast RPF Check 3 Understanding Cisco IOS ACL Support Hardware and Software ACL Support Configuring IPv6 Address Compression Optimized ACL Logging with a PFC3 5 Understanding OAL 5 OAL Guidelines and Restrictions 5 Configuring OAL 6 Guidelines and Restrictions for Using Layer 4 Operators in ACLs Determining Layer 4 Operation Usage 8 Determining Logical Operation Unit Usage 8 Configuring VLAN ACLs1 7 1 1

Cisco IOS ACL Configuration Guidelines and Restrictions2 3

Understanding VACLs 1 VACL Overview 2 Bridged Packets 2 Routed Packets 3 Multicast Packets 4 Configuring VACLs 4 VACL Configuration Overview 5 Defining a VLAN Access Map 5 Configuring a Match Clause in a VLAN Access Map Sequence 6 Configuring an Action Clause in a VLAN Access Map Sequence 7


16

OL-3999-08

Contents

Applying a VLAN Access Map 8 Verifying VLAN Access Map Configuration 8 VLAN Access Map Configuration and Verification Examples Configuring a Capture Port 9 Configuring VACL Logging11 1 2

9

Configuring Denial of Service Protection Understanding How DoS Protection Works DoS Protection with a PFC2 2 DoS Protection with a PFC3 10 DoS Protection Default Configuration21

DoS Protection Configuration Guidelines and Restrictions PFC2 22 PFC3 23 Monitoring Packet Drop Statistics 24 Displaying Rate-Limiter Information 26 Understanding How Control Plane Policing Works CoPP Default Configuration Configuring CoPP Monitoring CoPP29 31 28 28 28

22

CoPP Configuration Guidelines and Restrictions

Defining Traffic Classification 32 Traffic Classification Overview 32 Traffic Classification Guidelines 33 Sample Basic ACLs for CoPP Traffic Classification Configuring Sticky ARP34 1

33

Configuring DHCP Snooping

Understanding DHCP Snooping 1 Overview of DHCP Snooping 2 Trusted and Untrusted Sources 2 DHCP Snooping Binding Database 2 Packet Validation 3 DHCP Snooping Option-82 Data Insertion 3 Overview of the DHCP Snooping Database Agent Default Configuration for DHCP Snooping6

5


17

Contents

DHCP Snooping Configuration Restrictions and Guidelines DHCP Snooping Configuration Restrictions 7 DHCP Snooping Configuration Guidelines 7 Minimum DHCP Snooping Configuration 8

7

Configuring DHCP Snooping 9 Enabling DHCP Snooping Globally 9 Enabling DHCP Option-82 Data Insertion 10 Enabling the DHCP Option-82 on Untrusted Port Feature 10 Enabling DHCP Snooping MAC Address Verification 11 Enabling DHCP Snooping on VLANs 12 Configuring the DHCP Trust State on Layer 2 LAN Interfaces 13 Configuring DHCP Snooping Rate Limiting on Layer 2 LAN Interfaces Configuring the DHCP Snooping Database Agent 14 Configuration Examples for the Database Agent 15 Displaying a Binding Table 18 Configuring Dynamic ARP Inspection1

14

Understanding DAI 1 Understanding ARP 2 Understanding ARP Spoofing Attacks 2 Understanding DAI and ARP Spoofing Attacks 2 Interface Trust States and Network Security 3 Rate Limiting of ARP Packets 4 Relative Priority of ARP ACLs and DHCP Snooping Entries Logging of Dropped Packets 5 Default DAI Configuration5 6

4

DAI Configuration Guidelines and Restrictions

Configuring DAI 6 Enabling DAI on VLANs 7 Configuring the DAI Interface Trust State 8 Applying ARP ACLs for DAI Filtering 8 Configuring ARP Packet Rate Limiting 9 Enabling DAI Error-Disabled Recovery 11 Enabling Additional Validation 11 Configuring DAI Logging 13 Displaying DAI Information 15 DAI Configuration Samples16


18

OL-3999-08

Contents

Sample One: Two Switches Support DAI 16 Sample Two: One Switch Supports DAI 21 Configuring Traffic Storm Control1 1 3 3

Understanding Traffic Storm Control

Default Traffic Storm Control Configuration Enabling Traffic Storm Control4 5

Traffic Storm Control Guidelines and Restrictions Displaying Traffic Storm Control Settings

Unknown Unicast and Multicast Flood Blocking Understanding UUFB or UMFB Configuring UUFB Configuring PFC QoS2 1 1

1

Understanding How PFC QoS Works 2 Port Types Supported by PFC QoS 2 Overview 2 Component Overview 6 Understanding Classification and Marking 17 Policers 20 Understanding Port-Based Queue Types 23 PFC QoS Default Configuration 30 PFC QoS Global Settings 30 Default Values With PFC QoS Enabled 31 Default Values With PFC QoS Disabled 50 PFC QoS Configuration Guidelines and Restrictions 50 General Guidelines 51 PFC3 Guidelines 53 PFC2 Guidelines 53 Class Map Command Restrictions 54 Policy Map Command Restrictions 54 Policy Map Class Command Restrictions 54 Supported Granularity for CIR and PIR Rate Values 55 Supported Granularity for CIR and PIR Token Bucket Sizes IP Precedence and DSCP Values 56 Configuring PFC QoS56

55


19

Contents

Enabling PFC QoS Globally 57 Enabling Ignore Port Trust 58 Configuring DSCP Transparency 59 Enabling Queueing-Only Mode 60 Enabling Microflow Policing of Bridged Traffic 60 Enabling VLAN-Based PFC QoS on Layer 2 LAN Ports 61 Enabling Egress ACL Support for Remarked DSCP 62 Creating Named Aggregate Policers 63 Configuring a PFC QoS Policy 65 Configuring Egress DSCP Mutation on a PFC3 83 Configuring Ingress CoS Mutation on IEEE 802.1Q Tunnel Ports 85 Configuring DSCP Value Maps 87 Configuring the Trust State of Ethernet LAN and OSM Ports 91 Configuring the Ingress LAN Port CoS Value 93 Configuring Standard-Queue Drop Threshold Percentages 93 Mapping QoS Labels to Queues and Drop Thresholds 99 Allocating Bandwidth Between Standard Transmit Queues 109 Setting the Receive-Queue Size Ratio 111 Configuring the Transmit-Queue Size Ratio 112 Common QoS Scenarios 113 Sample Network Design Overview 113 Classifying Traffic from PCs and IP Phones in the Access Layer Accepting the Traffic Priority Value on Interswitch Links 117 Prioritizing Traffic on Interswitch Links 118 Using Policers to Limit the Amount of Traffic from a PC 121 PFC QoS Glossary123 1

114

Configuring PFC3BXL or PFC3B Mode MPLS QoS Terminology2 3

PFC3BXL or PFC3B Mode MPLS QoS Features MPLS Experimental Field 3 Trust 3 Classification 4 Policing and Marking 4 Preserving IP ToS 4 EXP Mutation 4 MPLS DiffServ Tunneling Modes 4


20

OL-3999-08

Contents

PFC3BXL or PFC3B Mode MPLS QoS Overview 5 Specifying the QoS in the IP Precedence Field

5

PFC3BXL or PFC3B Mode MPLS QoS 5 LERs at the Input Edge of an MPLS Network 6 LSRs in the Core of an MPLS Network 7 LERs at the Output Edge of an MPLS Network 7 Understanding PFC3BXL or PFC3B Mode MPLS QoS LERs at the EoMPLS Edge 8 LERs at the IP Edge (MPLS, MPLS VPN) 9 LSRs at the MPLS Core 13 PFC3BXL or PFC3B MPLS QoS Default Configuration MPLS QoS Commands16 17 8

15

PFC3BXL or PFC3B Mode MPLS QoS Restrictions and Guidelines

Configuring PFC3BXL or PFC3B Mode MPLS QoS 18 Enabling QoS Globally 18 Enabling Queueing-Only Mode 19 Configuring a Class Map to Classify MPLS Packets 20 Configuring the MPLS Packet Trust State on Ingress Ports 22 Configuring a Policy Map 23 Displaying a Policy Map 28 Configuring PFC3BXL or PFC3B Mode MPLS QoS Egress EXP Mutation Configuring EXP Value Maps 31 MPLS DiffServ Tunneling Modes 32 Short Pipe Mode 32 Uniform Mode 33 MPLS DiffServ Tunneling Restrictions and Usage Guidelines Configuring Short Pipe Mode 35 Ingress PE RouterCustomer Facing Interface 35 Configuring Ingress PE RouterP Facing Interface 36 Configuring the P RouterOutput Interface 38 Configuring the Egress PE RouterCustomer Facing Interface

29

35

39

Configuring Uniform Mode 40 Configuring the Ingress PE RouterCustomer Facing Interface 40 Configuring the Ingress PE RouterP Facing Interface 41 Configuring the Egress PE RouterCustomer Facing Interface 42


21

Contents

Configuring PFC QoS Statistics Data Export Understanding PFC QoS Statistics Data Export Configuring PFC QoS Statistics Data Export

1 1 2

PFC QoS Statistics Data Export Default Configuration2 1 1 2

Configuring the Cisco IOS Firewall Feature Set Cisco IOS Firewall Feature Set Support Overview Cisco IOS Firewall Guidelines and Restrictions Additional CBAC Configuration3 1

Configuring Network Admission Control Understanding NAC 1 NAC Overview 2 NAC Device Roles 3 AAA Down Policy 4 NAC Layer 2 IP Validation

4

Configuring NAC 12 Default NAC Configuration 12 NAC Layer 2 IP Guidelines, Limitations, and Restrictions Configuring NAC Layer 2 IP Validation 13 Configuring EAPoUDP 17 Configuring Identity Profiles and Policies 17 Configuring a NAC AAA Down Policy 18 Monitoring and Maintaining NAC 22 Clearing Table Entries 22 Displaying NAC Information 22 Configuring IEEE 802.1X Port-Based Authentication Understanding 802.1X Port-Based Authentication 1 Device Roles 2 Authentication Initiation and Message Exchange Ports in Authorized and Unauthorized States 4 Supported Topologies 5 Default 802.1X Port-Based Authentication Configuration Configuring 802.1X Port-Based Authentication7 1

12

3

6 6

802.1X Port-Based Authentication Guidelines and Restrictions


22

OL-3999-08

Contents

Enabling 802.1X Port-Based Authentication 7 Configuring Switch-to-RADIUS-Server Communication 9 Enabling Periodic Reauthentication 10 Manually Reauthenticating the Client Connected to a Port 11 Initializing Authentication for the Client Connected to a Port 11 Changing the Quiet Period 12 Changing the Switch-to-Client Retransmission Time 12 Setting the Switch-to-Client Retransmission Time for EAP-Request Frames 13 Setting the Switch-to-Authentication-Server Retransmission Time for Layer 4 Packets Setting the Switch-to-Client Frame Retransmission Number 14 Enabling Multiple Hosts 15 Resetting the 802.1X Configuration to the Default Values 15 Displaying 802.1X Status Configuring Port Security1 16

14

Understanding Port Security 1 Port Security with Dynamically Learned and Static MAC Addresses Port Security with Sticky MAC Addresses 3 Default Port Security Configuration3 3

2

Port Security Guidelines and Restrictions

Configuring Port Security 4 Enabling Port Security 5 Configuring the Port Security Violation Mode on a Port 6 Configuring the Port Security Rate Limiter 7 Configuring the Maximum Number of Secure MAC Addresses on a Port Enabling Port Security with Sticky MAC Addresses on a Port 10 Configuring a Static Secure MAC Address on a Port 11 Configuring Secure MAC Address Aging on a Port 12 Displaying Port Security Settings Configuring CDP1 1 13

9

Understanding How CDP Works

Configuring CDP 2 Enabling CDP Globally 2 Displaying the CDP Global Configuration Enabling CDP on a Port 3

2


23

Contents

Displaying the CDP Interface Configuration Monitoring and Maintaining CDP 3 Configuring UDLD1 1

3

Understanding How UDLD Works UDLD Overview 2 UDLD Aggressive Mode 3 Default UDLD Configuration3

Configuring UDLD 3 Enabling UDLD Globally 4 Enabling UDLD on Individual LAN Interfaces 4 Disabling UDLD on Fiber-Optic LAN Interfaces 5 Configuring the UDLD Probe Message Interval 5 Displaying Disabled LAN Interfaces 5 Displaying UDLD Neighbor Interfaces 5 Resetting Disabled LAN Interfaces 6 Configuring NetFlow1

Understanding NetFlow 1 NetFlow Overview 2 NetFlow on the MSFC 2 NetFlow on the PFC 3 Default NetFlow Configuration5 5

NetFlow Configuration Guidelines and Restrictions Configuring NetFlow 6 Configuring NetFlow on the PFC 6 Configuring NetFlow on the MSFC 10 Configuring NDE1

Understanding NDE 2 NDE Overview 2 NDE on the MSFC 2 NDE on the PFC 3 Default NDE Configuration10 10

NDE Configuration Guidelines and Restrictions Configuring NDE 10 Configuring NDE on the PFC 11 Configuring NDE on the MSFC 13


24

OL-3999-08

Contents

Enabling NDE for Ingress-Bridged IP Traffic 15 Displaying the NDE Address and Port Configuration Configuring NDE Flow Filters 16 Displaying the NDE Configuration 18 Configuring Local SPAN, RSPAN, and ERSPAN1

15

Understanding How Local SPAN, RSPAN, and ERSPAN Work Local SPAN, RSPAN, and ERSPAN Overview 2 Local SPAN, RSPAN, and ERSPAN Sources 5 Local SPAN, RSPAN, and ERSPAN Destination Ports 6

1

Local SPAN, RSPAN, and ERSPAN Configuration Guidelines and Restrictions General Guidelines and Restrictions 6 Feature Incompatiblities 7 Local SPAN, RSPAN, and ERSPAN Session Limits 8 Local SPAN, RSPAN, and ERSPAN Guidelines and Restrictions 10 VSPAN Guidelines and Restrictions 11 RSPAN Guidelines and Restrictions 11 ERSPAN Guidelines and Restrictions 12 Configuring Local SPAN, RSPAN, and ERSPAN 14 Configuring Destination Port Permit Lists (Optional) 14 Configuring Local SPAN 15 Configuring RSPAN 16 Configuring ERSPAN 19 Configuring Source VLAN Filtering for Local SPAN and RSPAN Configuring a Destination Port as an Unconditional Trunk 24 Configuring Destination Trunk Port VLAN Filtering 25 Verifying the Configuration 26 Configuration Examples 27 Configuring SNMP IfIndex Persistence Understanding SNMP IfIndex Persistence1 1

6

24

Configuring SNMP IfIndex Persistence 2 Enabling SNMP IfIndex Persistence Globally 2 Disabling SNMP IfIndex Persistence Globally 2 Enabling and Disabling SNMP IfIndex Persistence on Specific Interfaces 3 Clearing SNMP IfIndex Persistence Configuration from a Specific Interface 3


25

Contents

Power Management and Environmental Monitoring Understanding How Power Management Works 1 Enabling or Disabling Power Redundancy 2 Powering Modules Off and On 3 Viewing System Power Status 4 Power Cycling Modules 5 Determining System Power Requirements 5 Determining System Hardware Capacity 5 Determining Sensor Temperature Threshold 8

1

Understanding How Environmental Monitoring Works 10 Monitoring System Environmental Status 10 Understanding LED Environmental Indications 12 Configuring Generic Online Diagnostics1 1

Understanding How Online Diagnostics Work

Configuring Online Diagnostics 2 Setting Bootup Online Diagnostics Level 2 Configuring On-Demand Online Diagnostics 3 Scheduling Online Diagnostics 4 Configuring Health-Monitoring Diagnostics 5 Running Online Diagnostic Tests 5 Starting and Stopping Online Diagnostic Tests 6 Displaying Online Diagnostic Tests and Test Results Performing Memory Tests Using the Top N Utility1 10

7

Understanding the Top N Utility 1 Top N Utility Overview 1 Understanding Top N Utility Operation

2

Using the Top N Utility 2 Enabling Top N Utility Report Creation 3 Displaying the Top N Utility Reports 3 Clearing Top N Utility Reports 4 Using the Layer 2 Traceroute Utility Usage Guidelines2 3 1 1

Understanding the Layer 2 Traceroute Utility Using the Layer 2 Traceroute Utility


26

OL-3999-08

Contents

APPENDIX

A

Online Diagnostic Tests

1 2

Global Health-Monitoring Tests TestSPRPInbandPing 2 TestScratchRegister 3 TestMacNotification 3

Per-Port Tests 3 TestNonDisruptiveLoopback 4 TestLoopback 4 TestActiveToStandbyLoopback 5 TestTransceiverIntegrity 5 TestNetflowInlineRewrite 6 PFC Layer 2 Forwarding Engine Tests TestNewIndexLearn 7 TestDontConditionalLearn 7 TestBadBpduTrap 8 TestMatchCapture 8 TestStaticEntry 9 DFC Layer 2 Forwarding Engine Tests TestDontLearn 9 TestNewLearn 10 TestIndexLearn 10 TestConditionalLearn 11 TestTrap 11 TestBadBpdu 12 TestProtocolMatchChannel 13 TestCapture 13 TestStaticEntry 14 PFC Layer 3 Forwarding Engine Tests TestFibDevices 14 TestIPv4FibShortcut 15 TestIPv6FibShortcut 15 TestMPLSFibShortcut 16 TestNATFibShortcut 16 TestL3Capture2 17 TestAclPermit 17 TestAclDeny 18 TestNetflowShortcut 18 TestQoS 18 DFC Layer 3 Forwarding Engine Tests7

9

14

19


27

Contents

TestFibDevices 19 TestIPv4FibShortcut TestIPv6FibShortcut TestMPLSFibShortcut TestNATFibShortcut TestL3Capture2 22 TestAclPermit 22 TestAclDeny 23 TestQoS 23 TestNetflowShortcut TestAclFpgaMonitor

20 20 21 21

24 24

Replication Engine Tests 25 TestL3VlanMet 25 TestIngressSpan 25 TestEgressSpan 26 Fabric Tests 26 TestFabricSnakeForward 27 TestFabricSnakeBackward 27 TestSynchedFabChannel 28 TestFabricCh0Health 28 TestFabricCh1Health 28 Exhaustive Memory Tests 29 TestFibTcamSSRAM 29 TestAsicMemory 30 TestAclQosTcam 30 TestNetflowTcam 31 TestQoSTcam 31 IPSEC Services Modules Tests 32 TestIPSecClearPkt 32 TestHapiEchoPkt 32 TestIPSecEncryptDecryptPkt 33 Stress Tests 33 TestTrafficStress 33 TestEobcStressPing 34 Critical Recovery Tests 34 TestL3HealthMonitoring 34 TestTxPathMonitoring 35 TestSynchedFabChannel 35 General Tests36


28

OL-3999-08

Contents

ScheduleSwitchover 36 TestFirmwareDiagStatus 36B

APPENDIX

Acronyms

1

INDEX


29

PrefaceThis preface describes who should read the Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SXF, how it is organized, and its document conventions.

Tip

For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html

AudienceThis guide is for experienced network administrators who are responsible for configuring and maintaining Catalyst 6500 series switches.

Related DocumentationThe following publications are available for the Catalyst 6500 series switches:

Catalyst 6500 Series Switch Installation Guide Catalyst 6500 Series Switch Module Installation Guide Cisco IOS Master Command List, Release 12.2SX Catalyst 6500 Series Switch Cisco IOS System Message Guide, Release 12.2SX Release Notes for Cisco IOS Release 12.2SXF and Rebuilds Cisco IOS Configuration Guides and Command ReferencesUse these publications to help you configure Cisco IOS software features not described in the Catalyst 6500 series switch publications: Configuration Fundamentals Configuration Guide Configuration Fundamentals Command Reference Bridging and IBM Networking Configuration Guide Bridging and IBM Networking Command Reference Interface Configuration Guide


30

Preface Conventions

Interface Command Reference Network Protocols Configuration Guide, Part 1, 2, and 3 Network Protocols Command Reference, Part 1, 2, and 3 Security Configuration Guide Security Command Reference Switching Services Configuration Guide Switching Services Command Reference Voice, Video, and Home Applications Configuration Guide Voice, Video, and Home Applications Command Reference Software Command Summary Software System Error Messages Debug Command Reference Internetwork Design Guide Internetwork Troubleshooting Guide Configuration Builder Getting Started Guide

The Cisco IOS Configuration Guides and Command References are located at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuratio n_guides_list.html

For information about MIBs, go to this URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

ConventionsThis document uses the following conventions: Convention boldface font italic font [ ] {x|y|z} [x|y|z] stringscreen

Description Commands, command options, and keywords are in boldface. Arguments for which you supply values are in italics. Elements in square brackets are optional. Alternative keywords are grouped in braces and separated by vertical bars. Optional alternative keywords are grouped in brackets and separated by vertical bars. A nonquoted set of characters. Do not use quotation marks around the string or the string will include the quotation marks.

font

Terminal sessions and information the system displays are in screen font. Information you must enter is in boldface screen font. Arguments for which you supply values are in italic screen font.This pointer highlights an important line of text in an example.

boldface screen

fontitalic screen

font


31

Preface Conventions

Convention ^

Description The symbol ^ represents the key labeled Controlfor example, the key combination ^D in a screen display means hold down the Control key while you press the D key. Nonprinting characters, such as passwords are in angle brackets.

< >

Notes use the following conventions:

Note

Means reader take note. Notes contain helpful suggestions or references to material not covered in the publication. Cautions use the following conventions:

Caution

Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.

Obtaining Documentation and Submitting a Service RequestFor information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly Whats New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the Whats New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.

Tip



32

OL-3999-08

C H A P T E R

1

Product OverviewThis chapter consists of these sections:

Supported Hardware and Software, page 1-1 User Interfaces, page 1-1 Configuring Embedded CiscoView Support, page 1-2 Software Features Supported in Hardware by the PFC and DFC, page 1-3

Tip


Supported Hardware and SoftwareFor complete information about the chassis, modules, and software features supported by the Catalyst 6500 series switches, refer to the Release Notes for Cisco IOS Release 12.2SXF and Rebuilds:

User InterfacesRelease 12.2SX supports configuration using the following interfaces:

CLISee Chapter 2, Command-Line Interfaces. SNMPRefer to the Release 12.2 IOS Configuration Fundamentals Configuration Guide and Command Reference at this URL: http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/ffun_c.html Cisco IOS web browser interfaceRefer to Using the Cisco Web Browser in the IOS Configuration Fundamentals Configuration Guide at this URL: http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf005.html Embedded CiscoViewSee the Configuring Embedded CiscoView Support section on page 1-2.


1-1

Chapter 1 Configuring Embedded CiscoView Support

Product Overview

Configuring Embedded CiscoView SupportThese sections describe configuring Embedded CiscoView support:

Understanding Embedded CiscoView, page 1-2 Installing and Configuring Embedded CiscoView, page 1-2 Displaying Embedded CiscoView Information, page 1-3

Understanding Embedded CiscoViewThe Embedded CiscoView network management system is a web-based interface that uses HTTP and SNMP to provide a graphical representation of the switch and to provide a GUI-based management and configuration interface. You can download the Java Archive (JAR) files for Embedded CiscoView at this URL: http://www.cisco.com/cgi-bin/Software/CiscoView/cvplanner.cgi

Installing and Configuring Embedded CiscoViewTo install and configure Embedded CiscoView, perform this task: CommandStep 1Router# dir device_name

Purpose Displays the contents of the device. If you are installing Embedded CiscoView for the first time, or if the CiscoView directory is empty, skip to Step 4.

Step 2 Step 3 Step 4

Router# delete device_name:cv/* Router# squeeze device_name: Router# archive tar /xtract tftp:// ip_address_of_tftp_server/ciscoview.tar device_name:cv Router# dir device_name:

Removes existing files from the CiscoView directory. Recovers the space in the file system. Extracts the CiscoView files from the tar file on the TFTP server to the CiscoView directory. Displays the contents of the device. In a redundant configuration, repeat Step 1 through Step 5 for the file system on the redundant supervisor engine.

Step 5

Step 6 Step 7 Step 8 Step 9

Router# configure terminal Router(config)# ip http server Router(config)# snmp-server community string ro Router(config)# snmp-server community string rw

Enters global configuration mode. Enables the HTTP web server. Configures the SNMP password for read-only operation. Configures the SNMP password for read/write operation.

Note

The default password for accessing the switch web page is the enable-level password of the switch.


1-2

OL-3999-08

Chapter 1

Product Overview Software Features Supported in Hardware by the PFC and DFC

For more information about web access to the switch, refer to Using the Cisco Web Browser in the IOS Configuration Fundamentals Configuration Guide at this URL: http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf005.html

Displaying Embedded CiscoView InformationTo display the Embedded CiscoView information, enter the following EXEC commands: CommandRouter# show ciscoview package Router# show ciscoview version

Purpose Displays information about the Embedded CiscoView files. Displays the Embedded CiscoView version.

Software Features Supported in Hardware by the PFC and DFCThese sections describe the hardware support provided by Policy Feature Card 3 (PFC3), Policy Feature Card 2 (PFC2), Distributed Forwarding Card 3 (DFC3) and Distributed Forwarding Card (DFC):

Software Features Supported in Hardware by the PFC3, PFC2, DFC3, and DFC, page 1-3 Software Features Supported in Hardware by the PFC3 and DFC3, page 1-4

Software Features Supported in Hardware by the PFC3, PFC2, DFC3, and DFCThe PFC3, PFC2, DFC3, and DFC provide hardware support for these Cisco IOS software features:

Access Control Lists (ACLs) for Layer 3 ports and VLAN interfaces Permit and deny actions of input and output standard and extended ACLs

Note

Flows that require ACL logging are processed in software on the MSFC.

Except on MPLS interfaces, reflexive ACL flows after the first packet in a session is processed

in software on the MSFC Dynamic ACL flows

Note

Idle timeout is processed in software on the MSFC.

For more information about PFC and DFC support for ACLs, see Chapter 34, Understanding Cisco IOS ACL Support. For complete information about configuring ACLs, refer to the Cisco IOS Security Configuration Guide, Release 12.2, Traffic Filtering and Firewalls, at this URL: http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfacls.html

VLAN ACLs (VACLs)To configure VACLs, see Chapter 35, Configuring VLAN ACLs.


1-3

Chapter 1 Software Features Supported in Hardware by the PFC and DFC

Product Overview

Policy-based routing (PBR) for route-map sequences that use the match ip address, set ip next-hop, and ip default next-hop PBR keywords. To configure PBR, refer to the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2, Classification, Configuring Policy-Based Routing, at this URL: http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpbr_ps1835_TSD_Products_C onfiguration_Guide_Chapter.html

Note

If the MSFC3 address falls within the range of a PBR ACL, traffic addressed to the MSFC3 is policy routed in hardware instead of being forwarded to the MSFC3. To prevent policy routing of traffic addressed to the MSFC3, configure PBR ACLs to deny traffic addressed to the MSFC3.

Except on MPLS interfaces, TCP interceptTo configure TCP intercept, see the Configuring TCP Intercept section on page 33-2. Firewall feature set images provide these features: Context-Based Access Control (CBAC) The PFC installs entries in the NetFlow table to

direct flows that require CBAC to the MSFC where the CBAC is applied in software on the MSFC. Authentication ProxyAfter authentication on the MSFC, the PFC provides TCAM support for

the authentication policy. Port-to-Application Mapping (PAM)PAM is done in software on the MSFC.

To configure firewall features, see Chapter 44, Configuring the Cisco IOS Firewall Feature Set.

Hardware-assisted NetFlow AggregationSee Understanding NDE section on page 51-2.

Software Features Supported in Hardware by the PFC3 and DFC3The PFC3 and DFC3 provide hardware support for these Cisco IOS software features:

Bidirectional Protocol Independent Multicast (PIM) in hardwareSee Understanding How IPv4 Bidirectional PIM Works section on page 28-7. Multiple-path Unicast Reverse Path Forwarding (RPF) CheckTo configure Unicast RPF Check, see the Configuring Unicast Reverse Path Forwarding Check section on page 33-2. Except on MPLS interfaces, Network Address Translation (NAT) for IPv4 unicast and multicast traffic. Note the following information about hardware-assisted NAT: NAT of UDP traffic is supported only in PFC3BXL or PFC3B mode. The PFC3 does not support NAT of multicast traffic. The PFC3 does not support NAT configured with a route-map that specifies length. When you configure NAT and NDE on an interface, the PFC3 sends all traffic in fragmented

packets to the MSFC3 to be processed in software. (CSCdz51590) To configure NAT, refer to the Cisco IOS IP Configuration Guide, Release 12.2, IP Addressing and Services, Configuring IP Addressing, Configuring Network Address Translation, at this URL: http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfipadr.html


1-4

OL-3999-08

Chapter 1

Product Overview Software Features Supported in Hardware by the PFC and DFC

To prevent a significant volume of NAT traffic from being sent to the MSFC3, due to either a DoS attack or a misconfiguration, enter the mls rate-limit unicast acl {ingress | egress} command described at this URL: http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_m2.html#mls_rate-limit_u nicast_acl (CSCea23296)

With Release 12.2(18)SXE and later releases, IPv4 Multicast over point-to-point generic route encapsulation (GRE) TunnelsRefer to the publication at this URL: http://www.cisco.com/en/US/docs/ios/12_2/interface/configuration/guide/icflogin.html Releases earlier than Release 12.2(18)SXE support IPv4 multicast over point-to-point GRE tunnels in software on the MSFC.

Note

The PFC3 does not provide hardware acceleration for tunnels configured with the tunnel key command.

GRE Tunneling and IP in IP TunnelingThe PFC3 and DFC3s support the following tunnel commands: tunnel destination tunnel mode gre tunnel mode ipip tunnel source tunnel ttl tunnel tos

Other supported types of tunneling run in software on the MSFC3. The tunnel ttl command (default 255) sets the TTL of encapsulated packets. The tunnel tos command, if present, sets the ToS byte of a packet when it is encapsulated. If the tunnel tos command is not present and QoS is not enabled, the ToS byte of a packet sets the ToS byte of the packet when it is encapsulated. If the tunnel tos command is not present and QoS is enabled, the ToS byte of a packet as modified by PFC QoS sets the ToS byte of the packet when it is encapsulated. To configure GRE Tunneling and IP in IP Tunneling, refer to these publications: http://www.cisco.com/en/US/docs/ios/12_2/interface/configuration/guide/icflogin.html http://www.cisco.com/en/US/docs/ios/12_2/interface/command/reference/irfshoip.html To configure the tunnel tos and tunnel ttl commands, refer to this publication: http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_tos.html


1-5

Chapter 1 Software Features Supported in Hardware by the PFC and DFC

Product Overview

Note the following information about tunnels: Each hardware-assisted tunnel must have a unique source. Hardware-assisted tunnels cannot

share a source even if the destinations are different. Use secondary addresses on loopback interfaces or create multiple loopback interfaces. (CSCdy72539) Each tunnel interface uses one internal VLAN. Each tunnel interface uses one additional router MAC address entry per router MAC address. The PFC3A does not support any PFC QoS features on tunnel interfaces. The PFC3B and PFC3BXL support PFC QoS features on tunnel interfaces. The MSFC3 supports tunnels configured with egress features on the tunnel interface. Examples

of egress features are output Cisco IOS ACLs, NAT (for inside to outside translation), TCP intercept, CBAC, and encryption.

Tip



1-6

OL-3999-08

C H A P T E R

2

Command-Line InterfacesThis chapter describes the command-line interfaces (CLIs) you use to configure the switches supported by Cisco IOS Release 12.2SX.

Note

For complete syntax and usage information for the commands used in this chapter, see these publications:

The Cisco IOS Master Command List, Release 12.2SX at this URL: http://www.cisco.com/en/US/docs/ios/mcl/122sxmcl/12_2sx_mcl_book.html The Release 12.2 publications at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuratio n_guides_list.html

This chapter consists of these sections:

Accessing the CLI, page 2-2 Performing Command Line Processing, page 2-3 Performing History Substitution, page 2-4 Cisco IOS Command Modes, page 2-4 Displaying a List of Cisco IOS Commands and Syntax, page 2-5 Securing the CLI, page 2-6 ROM-Monitor Command-Line Interface, page 2-7

Tip



2-1

Chapter 2 Accessing the CLI

Command-Line Interfaces

Accessing the CLIThese sections describe accessing the CLI:

Accessing the CLI through the EIA/TIA-232 Console Interface, page 2-2 Accessing the CLI through Telnet, page 2-2

Accessing the CLI through the EIA/TIA-232 Console InterfaceNote

EIA/TIA-232 was known as recommended standard 232 (RS-232) before its acceptance as a standard by the Electronic Industries Alliance (EIA) and Telecommunications Industry Association (TIA). Perform initial configuration over a connection to the EIA/TIA-232 console interface. See the Catalyst 6500 Series Switch Module Installation Guide for console interface cable connection procedures. To make a console connection, perform this task:

CommandStep 1 Step 2 Step 3 Step 4

Purpose Brings up the prompt. Initiates enable mode enable. Completes enable mode enable. Exits the session when finished. After making a console connection, you see this display:Press Return for Console prompt Router> enable Password: Router#

Press Return.Router> enable Password: password Router# Router# quit

Accessing the CLI through TelnetNote

Before you can make a Telnet connection to the switch, you must configure an IP address (see the Configuring IPv4 Routing and Addresses section on page 22-4). The switch supports up to eight simultaneous Telnet sessions. Telnet sessions disconnect automatically after remaining idle for the period specified with the exec-timeout command. To make a Telnet connection to the switch, perform this task:


2-2

OL-3999-08

Chapter 2

Command-Line Interfaces Performing Command Line Processing

CommandStep 1 Step 2telnet {hostname | ip_addr}

Purpose Makes a Telnet connection from the remote host to the switch you want to access. Initiates authentication.Note

Password: password Router#

If no password has been configured, press Return.

Step 3 Step 4 Step 5

Router> enable Password: password Router# Router# quit

Initiates enable mode enable. Completes enable mode enable. Exits the session when finished.

This example shows how to open a Telnet session to the switch:unix_host% telnet Router_1 Trying 172.20.52.40... Connected to 172.20.52.40. Escape character is '^]'. User Access Verification Password: Router_1> enable Password: Router_1#

Performing Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters if the abbreviations contain enough letters to be different from any other currently available commands or parameters. You can scroll through the last 20 commands stored in the history buffer, and enter or edit the command at the prompt. Table 2-1 lists the keyboard shortcuts for entering and editing commands.Table 2-1 Keyboard Shortcuts

Keystrokes Press Ctrl-B or press the left arrow key1 Press Ctrl-F or press the right arrow key1 Press Ctrl-A Press Ctrl-E Press Esc B Press Esc F

Purpose Moves the cursor back one character. Moves the cursor forward one character. Moves the cursor to the beginning of the command line. Moves the cursor to the end of the command line. Moves the cursor back one word. Moves the cursor forward one word.

1. The arrow keys function only on ANSI-compatible terminals such as VT100s.


2-3

Chapter 2 Performing History Substitution


Performing History SubstitutionThe history buffer stores the last 20 commands you entered. History substitution allows you to access these commands without retyping them, by using special abbreviated commands. Table 2-2 lists the history substitution commands.Table 2-2 History Substitution Commands

Command Ctrl-P or the up arrow key.1

Purpose Recalls commands in the history buffer, beginning with the most recent command. Repeat the key sequence to recall successively older commands. Returns to more recent commands in the history buffer after recalling commands with Ctrl-P or the up arrow key. Repeat the key sequence to recall successively more recent commands. While in EXEC mode, lists the last several commands you have just entered.

Ctrl-N or the down arrow key.1

Router# show history

1. The arrow keys function only on ANSI-compatible terminals such as VT100s.

Cisco IOS Command ModesNote

For complete information about Cisco IOS command modes, see the Cisco IOS Configuration Fundamentals Configuration Guide at this URL: http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/ffun_c.html

The Cisco IOS user interface is divided into many different modes. The commands available to you depend on which mode you are currently in. To get a list of the commands in a given mode, type a question mark (?) at the system prompt. See the Displaying a List of Cisco IOS Commands and Syntax section on page 2-5. When you start a session on the switch, you begin in user mode, often called user EXEC mode. Only a limited subset of the commands are available in EXEC mode. To have access to all commands, you must enter privileged EXEC mode. Normally, you must type in a password to access privileged EXEC mode. From privileged EXEC mode, you can type in any EXEC command or access global configuration mode. The configuration modes allow you to make changes to the running configuration. If you later save the configuration, these commands are stored across reboots. You must start at global configuration mode. From global configuration mode, you can enter interface configuration mode, subinterface configuration mode, and a variety of protocol-specific modes.

Note

With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC mode-level commands by entering the do keyword before the EXEC mode-level command.


2-4

OL-3999-08

Chapter 2

Command-Line Interfaces Displaying a List of Cisco IOS Commands and Syntax

ROM-monitor mode is a separate mode used when the switch cannot boot properly. For example, the switch might enter ROM-monitor mode if it does not find a valid system image when it is booting, or if its configuration file is corrupted at startup. See the ROM-Monitor Command-Line Interface section on page 2-7. Table 2-3 lists and describes frequently used Cisco IOS modes.Table 2-3 Frequently Used Cisco IOS Command Modes

Mode User EXEC

Description of Use

How to Access

PromptRouter>

Connect to remote devices, change Log in. terminal settings on a temporary basis, perform basic tests, and display system information. From the user EXEC mode, enter the enable command and the enable password.

Privileged EXEC (enable) Set operating parameters. The privileged command set includes the commands in user EXEC mode, as well as the configure command. Use this command to access the other command modes. Global configuration Configure features that affect the system as a whole. Many features are enabled for a particular interface. Interface commands enable or modify the operation of an interface. From the directly connected console or the virtual terminal used with Telnet, use this configuration mode to configure the console interface.

Router#

From the privileged EXEC mode, enter the configure terminal command. From global configuration mode, enter the interface type slot/port command.

Router(config)#

Interface configuration

Router(config-if)#

Console configuration

From global configuration mode, Router(config-line)# enter the line console 0 command.

The Cisco IOS command interpreter, called the EXEC, interprets and executes the commands you enter. You can abbreviate commands and keywords by entering just enough characters to make the command unique from other commands. For example, you can abbreviate the show command to sh and the configure terminal command to config t. When you type exit, the switch backs out one level. To exit configuration mode completely and return to privileged EXEC mode, press Ctrl-Z.

Displaying a List of Cisco IOS Commands and SyntaxIn any command mode, you can display a list of available commands by entering a question mark (?).Router> ?

To display a list of commands that begin with a particular character sequence, type in those characters followed by the question mark (?). Do not include a space. This form of help is called word help because it completes a word for you.Router# co? collect configure connect copy


2-5

Chapter 2 Securing the CLI


To display keywords or arguments, enter a question mark in place of a keyword or argument. Include a space before the question mark. This form of help is called command syntax help because it reminds you which keywords or arguments are applicable based on the command, keywords, and arguments you have already entered. For example:Router# configure ? memory network overwrite-network terminal Configure Configure Overwrite Configure from NV memory from a TFTP network host NV memory from TFTP network host from the terminal

To redisplay a command you previously entered, press the up arrow key or Ctrl-P. You can continue to press the up arrow key to see the last 20 commands you entered.

Tip

If you are having trouble entering a command, check the system prompt, and enter the question mark (?) for a list of available commands. You might be in the wrong command mode or using incorrect syntax. Enter exit to return to the previous mode. Press Ctrl-Z or enter the end command in any mode to immediately return to privileged EXEC mode.

Securing the CLISecuring access to the CLI prevents unauthorized users from viewing configuration settings or making configuration changes that can disrupt the stability of your network or compromise your network security. You can create a strong and flexible security scheme for your switch by configuring one or more of these security features:

Protecting access to privileged EXEC commands At a minimum, you should configure separate passwords for the user EXEC and privileged EXEC (enable) IOS command modes. You can further increase the level of security by configuring username and password pairs to limit access to CLI sessions to specific users. For more information, see Configuring Security with Passwords, Privilege Levels, and Login Usernames for CLI Sessions on Networking Devices at this URL: http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_sec_4cli.html Controlling switch access with RADIUS, TACACS+, or Kerberos For a centralized and scalable security scheme, you can require users to be authenticated and authorized by an external security server running either Remote Authentication Dial-In User Service (RADIUS), Terminal Access Controller Access-Control System Plus (TACACS+), or Kerberos. For more information about RADIUS, see Configuring RADIUS at this URL: http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrad.html For more information about TACACS+, see Configuring TACACS+ at this URL: http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scftplus.html For more information about Kerberos, see Configuring Kerberos at this URL: http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfkerb.html Configuring a secure connection with SSH or HTTPS


2-6

OL-3999-08

Chapter 2

Command-Line Interfaces ROM-Monitor Command-Line Interface

To prevent eavesdropping of your configuration session, you can use a Secure Shell (SSH) client or a browser that supports HTTP over Secure Socket Layer (HTTPS) to make an encrypted connection to the switch. For more information about SSH, see Configuring Secure Shell at this URL: http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_secure_shell _ps6017_TSD_Products_Configuration_Guide_Chapter.html For more information about HTTPS, see HTTPS - HTTP Server and Client with SSL 3.0 at this URL: http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftsslsht.html

Copying configuration files securely with SCP To prevent eavesdropping when copying configuration files or image files to or from the switch, you can use the Secure Copy Protocol (SCP) to perform an encrypted file transfer. For more information about SCP, see Secure Copy at this URL: http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_secure_copy_ps 6017_TSD_Products_Configuration_Guide_Chapter.html

For additional information about securing the CLI, see Cisco IOS Security Configuration Guide: Securing User Services, Release 12.2SX at this URL: http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/12_2sx/sec_securing_use r_services_12.2sx_book.html

ROM-Monitor Command-Line InterfaceThe ROM-monitor is a ROM-based program that executes upon platform power-up, reset, or when a fatal exception occurs. The switch enters ROM-monitor mode if it does not find a valid software image, if the NVRAM configuration is corrupted, or if the configuration register is set to enter ROM-monitor mode. From the ROM-monitor mode, you can load a software image manually from flash memory, from a network server file, or from bootflash. You can also enter ROM-monitor mode by restarting and pressing the Break key during the first 60 seconds of startup.

Note

The Break key is always enabled for 60 seconds after rebooting, regardless of whether the Break key is configured to be off by configuration register settings. To access the ROM-monitor mode through a terminal server, you can escape to the Telnet prompt and enter the send break command for your terminal emulation program to break into ROM-monitor mode. Once you are in ROM-monitor mode, the prompt changes to rommon 1>. Enter a question mark (?) to see the available ROM-monitor commands. For more information about the ROM-monitor commands, see the Cisco IOS Master Command List, Release 12.2SX.


2-7

Chapter 2 ROM-Monitor Command-Line Interface


Tip



2-8

OL-3999-08

C H A P T E R

3

Configuring the Switch for the First TimeThis chapter contains information about how to initially configure the Catalyst 6500 series switch, which supplements the administration information and procedures in these publications:

Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.2, at this URL: http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/ffun_c.html Cisco IOS Configuration Fundamentals Configuration Command Reference, Release 12.2, at this URL: http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_book.html

Note

For complete syntax and usage information for the commands used in this chapter, refer to these publications:

The Cisco IOS Master Command List, Release 12.2SX at this URL: http://www.cisco.com/en/US/docs/ios/mcl/122sxmcl/12_2sx_mcl_book.html The Release 12.2 publications at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuratio n_guides_list.html

This chapter consists of these sections:

Default Configuration, page 3-2 Configuring the Switch, page 3-2 Protecting Access to Privileged EXEC Commands, page 3-15 Recovering a Lost Enable Password, page 3-19 Modifying the Supervisor Engine Startup Configuration, page 3-20

Tip



3-1

Chapter 3 Default Configuration

Configuring the Switch for the First Time

Default ConfigurationTable 3-1 shows the default configuration.Table 3-1 Default Configuration

Feature Administrative connection Global information

Default Value Normal mode No value for the following:

System name System contact Location

System clock Passwords Prompt

No value for system clock time No passwords configured for normal mode or enable mode (press the Return key)Router>

Configuring the SwitchThese sections describe how to configure the switch:

Using the Setup Facility or the setup Command, page 3-2 Using Configuration Mode, page 3-10 Checking the Running Configuration Before Saving, page 3-10 Saving the Running Configuration Settings, page 3-11 Reviewing the Configuration, page 3-11 Configuring a Default Gateway, page 3-12 Configuring a Static Route, page 3-12 Configuring a BOOTP Server, page 3-14

Using the Setup Facility or the setup CommandThese sections describe the setup facility and the setup command:

Setup Overview, page 3-2 Configuring the Global Parameters, page 3-3 Configuring Interfaces, page 3-8

Setup OverviewAt initial startup, the switch automatically defaults to the setup facility. (The setup command facility functions exactly the same as a completely unconfigured system functions when you first boot it up.) You can run the setup facility by entering the setup command at the enable prompt (#).


3-2

OL-3999-08

Chapter 3

Configuring the Switch for the First Time Configuring the Switch

When you enter the setup command, current system configuration defaults are displayed in square brackets [ ] as you move through the setup command process and are queried by the system to make changes. For example, you will see this display when you use the setup facility:Configuring interface FastEtherent3/1: Is this interface in use?: yes Configure IP on this interface?: yes

When you use the setup command, you see this display:Configuring interface FastEthernet4/1: Is this interface in use?[yes]: yes Configure IP on this interface?[yes]: yes

Configuring the Global ParametersWhen you first start the setup facility or enter the setup command, you are queried by the system to configure the global parameters, which are used for controlling system-wide settings. To boot the switch and enter the global parameters, follow these steps:Step 1

Connect a console terminal to the console interface on the supervisor engine, and then boot the system to the user EXEC prompt (Router>). The following display appears after you boot the Catalyst 6500 series switch (depending on your configuration, your display might not exactly match the example):System Bootstrap, Version 6.1(2) Copyright (c) 1994-2000 by cisco Systems, Inc. c6k_sup2 processor with 131072 Kbytes of main memory rommon 1 > boot disk0:c6sup22-jsv-mz.121-5c.EX.bin Self decompressing the image : ################################################# ################################################################################ ################################################################################ ################################################################################ ################################################################################ [OK] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706

Cisco Internetwork Operating System Software IOS (tm) c6sup2_sp Software (c6sup2_sp-SPV-M), Version 12.1(5c)EX, EARLY DEPLOYM ENT RELEASE SOFTWARE (fc1) Synced to mainline version: 12.1(5c) TAC:Home:Software:Ios General:CiscoIOSRoadmap:12.1


3-3

Chapter 3 Configuring the Switch


Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Wed 28-Mar-01 18:36 by hqluong Image text-base: 0x30020980, data-base: 0x306B8000 Start as Primary processor 00:00:05: %SYS-3-LOGGER_FLUSHING: System pausing to ensure console debugging out put. 00:00:03: Currently running ROMMON from S (Gold) region 00:00:05: %OIR-6-CONSOLE: Changing console ownership to route processor

System Bootstrap, Version 12.1(3r)E2, RELEASE SOFTWARE (fc1) Copyright (c) 2000 by cisco Systems, Inc. Cat6k-MSFC2 platform with 131072 Kbytes of main memory rommon 1 > boot Self decompressing the image : ################################################# ################################################################################ ## [OK] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706

Cisco Internetwork Operating System Software IOS (tm) MSFC2 Software (C6MSFC2-BOOT-M), Version 12.1(3a)E4, EARLY DEPLOYMENT R ELEASE SOFTWARE (fc1) Copyright (c) 1986-2000 by cisco Systems, Inc. Compiled Sat 14-Oct-00 05:33 by eaarmas Image text-base: 0x30008980, data-base: 0x303B6000 cisco Cat6k-MSFC2 (R7000) processor with 114688K/16384K bytes of memory. Processor board ID SAD04430J9K R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3 Cache Last reset from power-on X.25 software, Version 3.0.0. 509K bytes of non-volatile configuration memory. 16384K bytes of Flash internal SIMM (Sector size 512K).

Press RETURN to get started!

Note

The first two sections of the configuration script (the banner and the installed hardware) appear only at initial system startup. On subsequent uses of the setup command facility, the setup script begins with the following System Configuration Dialog.


3-4

OL-3999-08

Chapter 3

Configuring the Switch for the First Time Configuring the Switch

--- System Configuration Dialog --Continue with configuration dialog? [yes/no]: y At any point you may enter a question mark '?' for help. Use ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'.

Basic management setup configures only enough connectivity for management of the system, extended setup will ask you to configure each interface on the system

Note

The examples in this section are intended as examples only. Your configuration might look differently depending on your system configuration.

Step 2

Enter yes or press Return when asked if you want to enter the configuration dialog and if you want to see the current interface summary. Press Return to accept the default (yes):Would you like to enter the initial configuration dialog? [yes]: First, would you like to see the current interface summary? [yes]:

This example of a yes response (displayed during the setup facility) shows a switch at first-time startup; that is, nothing has been configured:Current interface summary Interface Vlan1 GigabitEthernet1/1 GigabitEthernet1/2 GigabitEthernet3/1 GigabitEthernet3/2 GigabitEthernet3/3 GigabitEthernet3/4 GigabitEthernet3/5 GigabitEthernet3/6 GigabitEthernet3/7 GigabitEthernet3/8 IP-Address unassigned unassigned unassigned unassigned unassigned unassigned unassigned unassigned unassigned unassigned unassigned OK? Method Status Protocol YES TFTP administratively down down YES TFTP YES TFTP YES TFTP YES TFTP YES TFTP YES TFTP YES TFTP YES TFTP YES TFTP YES TFTP administratively down down administratively down down administratively down down administratively down down administratively down down administratively down down administratively down down administratively down down administratively down down administratively down down

(Additional displayed text omitted from this example.)

This example of a yes response (displayed during the setup command facility) shows a switch with some interfaces already configured:Current interface summary Interface Vlan1 IP-Address unassigned OK? Method Status Protocol YES TFTP administratively down down


3-5

Chapter 3 Configuring the Switch


GigabitEthernet1/1 GigabitEthernet1/2 GigabitEthernet3/1 GigabitEthernet3/2 GigabitEthernet3/3 GigabitEthernet3/4 GigabitEthernet3/5 GigabitEthernet3/6 GigabitEthernet3/7 GigabitEthernet3/8

172.20.52.34 unassigned unassigned unassigned unassigned unassigned unassigned unassigned unassigned unassigned

YES NVRAM YES TFTP YES TFTP YES TFTP YES TFTP YES TFTP YES TFTP YES TFTP YES TFTP YES TFTP

up

up

administratively down down administratively down down administratively down down administratively down down administratively down down administratively down down administratively down down administratively down down administratively down down

Step 3

Choose which protocols to support on your interfaces. On IP installations only, you can accept the default values for most of the questions. A typical minimal configuration using IP follows and continues through Step 8:Configuring global parameters: Enter host name [Router]: Router

Step 4

Enter the enable secret password when the following is displayed (remember this password for future reference):The enable secret is a password used to protect access to privileged EXEC and configuration modes. This password, after entered, becomes encrypted in the configuration. Enter enable secret: barney

Step 5

Enter the enable password when the following is displayed (remember this password for future reference):The enable password is used when you do not specify an enable secret password, with some older software versions, and some boot i

catalyst 6500 release 12.2sxf and rebuilds software configuration guide

Documents