Routing and Bridging Guide vA1(7), Cisco ACE 4700 Series Application Control Engine Appliance
Configuring Ethernet Interfaces
Downloads: This chapterpdf (PDF - 305.0KB) The complete bookPDF (PDF - 2.43MB) | Feedback

Configuring Ethernet Interfaces

Table Of Contents

Configuring Ethernet Interfaces

Ethernet Interface Configuration Quick Start

Configuring a Layer 2 Ethernet Port

Adding a Description for an Ethernet Port

Configuring the Ethernet Interface Speed and Duplex Mode

Configuring the Ethernet Interface Speed

Setting the Interface Duplex Mode

Designating an Ethernet Port as an FT VLAN Port

Configuring an Ethernet Port in a Port-Channel Group

Enabling or Disabling the Ethernet Interface

Configuring Layer 2 EtherChannels

Configuring a Port-Channel Interface

Adding a Description for a Port Channel

Designating a Port-Channel Interface as an FT VLAN Interface

Configuring Port-Channel Load Balancing

Enabling or Disabling a Port-Channel Interface

Configuring a VLAN Access Port

Configuring VLAN Trunks

Allocating an Ethernet Port or Port-Channel Interface to a VLAN Trunk

Completing the VLAN Trunking Configuration

Specifying the 802.1Q Native VLAN For a Trunk

Displaying Ethernet Interface Configuration, Status, and Statistics

Clearing Ethernet Interface Configuration Information


Configuring Ethernet Interfaces


The Cisco 4700 Series Application Control Engine (ACE) appliance provides physical Ethernet ports that allow you to connect servers, PCs, routers, and other devices to the ACE. The ACE supports four Layer 2 Ethernet ports for Layer 2 switching.

You can configure the four Ethernet ports to provide an interface for connecting to 10-Mbps, 100-Mbps, or 1000-Mbps networks. Each Layer 2 Ethernet port supports autonegotiate, full-duplex, or half-duplex operation on an Ethernet LAN and can have traffic within a designated VLAN.

A Layer 2 Ethernet port can be configured as follows:

Member of Port-Channel Group—Associates a physical port on the ACE to a logical port to create a port-channel logical interface. The VLAN association is derived from the port-channel configuration. The port is configured as a Layer 2 EtherChannel, where each EtherChannel bundles the individual physical Ethernet ports into a single logical link that provides the aggregate bandwidth of up to four physical links on the ACE.

Access VLAN—Provides a connection for end users or node devices, such as a router or server. The access VLAN port is assigned to a single VLAN.

Trunk port—Allocates VLANs to ports and passes VLAN information (including VLAN identification) between switches for all Ethernet channels defined in a Layer 2 Ethernet port or a Layer 2 EtherChannel (port-channel) group on the ACE. The port is associated with IEEE 802.1Q encapsulation-based VLAN trunking.

This chapter describes how to configure the Ethernet ports on the ACE. It contains the following major sections:

Ethernet Interface Configuration Quick Start

Configuring a Layer 2 Ethernet Port

Configuring Layer 2 EtherChannels

Configuring a VLAN Access Port

Configuring VLAN Trunks

Displaying Ethernet Interface Configuration, Status, and Statistics

Clearing Ethernet Interface Configuration Information

After you configure the Ethernet ports on the ACE and allocate VLANs to configured Ethernet ports, you create the corresponding VLAN interfaces on the ACE as described in Chapter 2, Configuring VLAN Interfaces.

Ethernet Interface Configuration Quick Start

Table 1-1 provides a quick overview of the steps required to configure Ethernet interface ports on the ACE. Each step includes the CLI command or a reference to the procedure required to complete the task. For a complete description of each feature and all the options associated with the CLI commands, see the sections following Table 1-1.

Table 1-1 Ethernet Interface Configuration Quick Start 

Task and Command Example

1. Enter global configuration mode.

host1/Admin# config
host1/Admin(config)#

2. Configure a Layer 2 Ethernet port on the ACE. You enter the interface mode.

host1/Admin(config)# interface gigabitEthernet 1/3
host1/Admin(config-if)#

Note Only users authenticated in the Admin context can use the interface gigabitEthernet command.

3. (Optional) Add a description about the Ethernet port to help you remember its function.

host1/Admin(config-if)# description Ethernet port 3 is configured 
for speeds of 1000 Mbps

4. Configure the interface duplex and speed (the default is autonegotiate).

host1/Admin(config-if)# speed 1000M
host1/Admin(config-if)# duplex full

5. (Optional) Configure one of the Ethernet ports on the ACE for fault tolerance using a dedicated fault-tolerant (FT) VLAN for communication between the members of an FT group.

host1/Admin(config-if)# ft-port vlan 60

6. (Optional) Map the physical Ethernet port to a port channel to automatically create a port-channel logical interface (see Table 1-2 for more information).

host1/Admin(config-if)# channel-group 255

7. Enable the Ethernet port to put the interface in the Up administrative state.

host1/Admin(config-if)# no shutdown
host1/Admin(config-if)# exit
host1/Admin(config)#

8. (Optional) Assign an access port to a specific VLAN for the Ethernet port. For example, to specify VLAN 101 as an access port for Ethernet port 3, enter:

host1/Admin(config)# interface gigabitEthernet 1/3
host1/Admin(config-if)# switchport access vlan 101

Note If you assign a VLAN as the access port for a specific Ethernet port, the VLAN is reserved and cannot be configured for a VLAN trunk.

9. Selectively allocate individual VLANs to a trunk link. For example, to add VLANs 200 and 266 to the defined list of VLANs currently set for Ethernet port 3, enter:

host1/Admin(config)# interface gigabitEthernet 1/3
host1/Admin(config-if)# switchport trunk allowed vlan 200,266

Note When allocating VLANs to ports, overlapping is not allowed. For example, if VLAN 200 is associated with Ethernet port 3, you cannot associate VLAN 200 with another Ethernet port or port channel.

10. (Optional) Set the 802.1Q native VLAN for a trunk. For example, to specify VLAN 266 as the 802.1Q native VLAN for the trunk, enter:

host1/Admin(config)# interface gigabitEthernet 1/3
host1/Admin(config-if)# switchport trunk native vlan 266

11. Enable VLAN trunking in a Layer 2 Ethernet port.

host1/Admin(config-if)# no shutdown
host1/Admin(config-if)# exit
host1/Admin(config)# 

12. Create the corresponding VLAN interfaces on the ACE. For details, see Chapter 2, Configuring VLAN Interfaces.

13. (Optional) Save your configuration changes to Flash memory.

host1/Admin# copy running-config startup-config

Table 1-2 provides a quick overview of the steps required to configure an Ethernet interface port on the ACE as a Layer 2 EtherChannel (port channel). Each step includes the CLI command or a reference to the procedure required to complete the task. For a complete description of each feature and all the options associated with the CLI commands, see the sections following Table 1-2.

Table 1-2 EtherChannel (Port Channel) Configuration Quick Start 

Task and Command Example

1. Enter global configuration mode.

host1/Admin# config
host1/Admin(config)#

2. (Optional) Create a port-channel interface to group physical ports together on the ACE to form an EtherChannel.

host1/Admin(config)# interface port-channel 255
host1/Admin(config-if)# 

Note Only users authenticated in the Admin context can use the interface port-channel command.

3. (Optional) Add a description about a port-channel interface to help you remember its function.

host1/Admin(config-if)# description A port-channel interface with 
a channel number of 255

4. (Optional) Configure a port-channel interface on the ACE for fault tolerance using a dedicated fault-tolerant (FT) VLAN for communication between the members of an FT group.

host1/Admin(config-if)# ft-port vlan 60

5. (Optional) Set the load-distribution method among the ports in the EtherChannel bundle. For example, to configure an EtherChannel to balance the traffic load across the links using source or destination IP addresses, enter:

host1/Admin(config-if)# port-channel load-balance src-dst-ip

6. (Optional) Enable the port-channel interface to put the interface in the Up administrative state.

host1/Admin(config-if)# no shutdown
host1/Admin(config-if)# exit
host1/Admin(config)#

7. (Optional) Assign an access port to a specific VLAN for the Layer 2 port-channel interface. For example, to specify VLAN 101 as an access port for port-channel interface 255, enter:

host1/Admin(config)# interface port-channel 255
host1/Admin(config-if)# switchport access vlan 101

Note If you assign a VLAN as the access port for a specific port-channel interface, the VLAN is reserved and cannot be configured for a VLAN trunk.

8. Selectively allocate individual VLANs to a trunk link. For example, to add VLANs 200 and 266 to the defined list of VLANs currently set for port-channel interface 255, enter:

host1/Admin(config)# interface port-channel 255
host1/Admin(config-if)# switchport trunk allowed vlan 200,266

Note When allocating VLANs to ports, overlapping is not allowed. For example, if VLAN 200 is associated with port-channel 255 you cannot associate VLAN 200 with another Ethernet port or port channel.

9. (Optional) Set the 802.1Q native VLAN for a trunk. For example, to specify VLAN 266 as the 802.1Q native VLAN for the trunk, enter:

host1/Admin(config)# interface port-channel 255
host1/Admin(config-if)# switchport trunk native vlan 266

10. Enable VLAN trunking in a Layer 2 port-channel interface.

host1/Admin(config-if)# no shutdown
host1/Admin(config-if)# exit
host1/Admin(config)# 

11. Create the corresponding VLAN interfaces on the ACE. For details, see Chapter 2, Configuring VLAN Interfaces.

12. (Optional) Save your configuration changes to the Flash memory.

host1/Admin# copy running-config startup-config

Configuring a Layer 2 Ethernet Port

Four Ethernet ports allow you to connect servers, PCs, routers, and other devices to the ACE. You can configure the four Ethernet ports to provide an interface for connecting to 10-Mbps, 100-Mbps, or 1000-Mbps networks. Each Layer 2 Ethernet port supports autonegotiation (default), full-duplex, or half-duplex operation on an Ethernet LAN and can have traffic within a designated VLAN.

To configure a Layer 2 Ethernet port on the ACE, use the interface gigabitEthernet command in configuration mode. The ACE enters the interface configuration mode. Only users authenticated in the Admin context can use the interface gigabitEthernet command.

The syntax for the command is as follows:

interface gigabitEthernet slot_number/port_number

The keywords, arguments, and options are as follows:

slot_numberPhysical slot on the ACE containing the Ethernet ports. This selection is always 1, which is the location of the daughter card in the ACE. The daughter card includes the four Layer 2 Ethernet ports that allow you to perform Layer 2 switching.

port_number—Physical Ethernet port on the ACE. Valid selections are from 1 through 4, which allow you to specify one of the four Ethernet ports (1, 2, 3, or 4) associated with the slot 1 (daughter card) selection.

For example, to configure Ethernet port 3 and access the interface configuration mode, enter:

host1/Admin(config)# interface gigabitEthernet 1/3
host1/Admin(config-if)#

You can use the additional CLI commands in interface configuration mode to configure specific Ethernet port settings for the ACE.

This section contains the following topics:

Adding a Description for an Ethernet Port

Configuring the Ethernet Interface Speed and Duplex Mode

Designating an Ethernet Port as an FT VLAN Port

Configuring an Ethernet Port in a Port-Channel Group

Enabling or Disabling the Ethernet Interface

You can also configure an Ethernet port using the following CLI commands in interface mode:

Use the interface port-channel command to group physical ports on the ACE to form an EtherChannel (or port-channel) interface. See the "Configuring Layer 2 EtherChannels" section.

Use the switchport access vlan command to configure an access port to a specific VLAN for an Ethernet port. See the "Configuring a VLAN Access Port" section.

Use the switchport trunk allowed vlan command to allocate VLANs to a Layer 2 Ethernet port. See the "Allocating an Ethernet Port or Port-Channel Interface to a VLAN Trunk" section.

Use the switchport trunk native vlan command to set the 802.1Q native VLAN for a trunk. See the "Specifying the 802.1Q Native VLAN For a Trunk" section.

Adding a Description for an Ethernet Port

You can add a description about an Ethernet port to help you remember its function. The interface description appears in the output of the show running-config and show interfaces commands in Exec mode.

The syntax for the command is as follows:

description text

Use the text argument to enter an unquoted text string with a maximum of 240 alphanumeric characters.

For example, to add a description for Ethernet port 1, enter:

host1/Admin(config)# interface gigabitEthernet 1/3
host1/Admin(config-if)# description Ethernet port 3 is configured for 
speeds of 1000 Mbps

To remove the interface description, enter:

host1/Admin(config-if)# no description

Configuring the Ethernet Interface Speed and Duplex Mode

By default, the ACE automatically uses the autonegotiate setting for Ethernet port speed and duplex mode parameters to allow the ACE to negotiate the speed and duplex mode between ports. If you manually configure the port speed and duplex modes, follow these guidelines:

The ACE prevents you from making a duplex setting when you configure the speed of an Ethernet port to auto. You can configure the speed command with a nonauto setting of 10, 100, or 1000 Mbps to configure duplex mode for the Ethernet port.

If you configure an Ethernet port speed to a value other than auto (for example, 10, 100, or 1000 Mbps), ensure that you configure the connecting port to match. Do not configure the connecting port to negotiate the speed through the auto keyword.

The ports on both ends of a link must have the same setting. The link will not come up if the ports at each end of the connecting interface has a different setting. For example, if you configure the Ethernet port speed and duplex setting to a nonauto setting of 10, 100, or 1000 Mbps on one side of a link, you must configure the matching speed and duplex on the other side of the link to ensure proper communication.

If you enter the no speed command, the ACE automatically configures both the speed and duplex settings to auto.

The ACE cannot automatically negotiate the interface speed and duplex mode if either connecting interface is configured to a value other than auto.


Caution Changing the Ethernet port speed and duplex mode configuration may shut down and reenable the interface during the reconfiguration.

This section contains the following topics:

Configuring the Ethernet Interface Speed

Setting the Interface Duplex Mode

Configuring the Ethernet Interface Speed

You can configure the Ethernet port speed for a setting of 10, 100, or 1000 Mbps. Use the speed command in interface configuration mode to configure the port speed. The default speed for an ACE interface is autonegotiate.

The syntax for the command is as follows:

speed {1000M | 100M | 10M | auto}

The keywords, arguments, and options are as follows:

1000M—Initiates 1000 Mbps operation.

100M—Initiates 100 Mbps operation.

10M—Initiates 10 Mbps operation.

auto—Enables the ACE to autonegotiate with other devices for speeds of 10, 100, or 1000 Mbps. If you set the Ethernet port speed to auto, the ACE automatically sets the duplex mode to auto; auto is the default setting.


Note If you configure the Ethernet port speed to auto, the ACE automatically sets the duplex mode to auto.


For example, to set the speed to 1000 Mbps on Ethernet port 3, enter:

host1/Admin(config)# interface gigabitEthernet 1/3
host1/Admin(config-if)# speed 1000M

To restore the default setting of autonegotiate for an Ethernet port, enter:

host1/Admin(config-if)# no speed

Note If you enter the no speed command, the ACE automatically configures both the speed and duplex settings to autonegotiate.


Setting the Interface Duplex Mode

To configure an Ethernet port for full or half duplex operation, use the duplex command in interface configuration mode. The default configuration for an ACE interface is autonegotiate.


Note If you configure the Ethernet port speed to auto on a 10/100/1000-Mbps Ethernet port, both speed and duplex are autonegotiated. You cannot change the duplex mode of autonegotiation ports.


The syntax for the command is as follows:

duplex {full | half}

The keywords, arguments, and options are as follows:

full—Configures the specified Ethernet port for full-duplex operation, which allows data to travel in both directions at the same time.

half—Configures the specified Ethernet port for half-duplex operation. A half-duplex setting ensures that data only travels in one direction at any given time.

For example, to set the duplex mode to full on Ethernet port 3, enter:

host1/Admin(config)# interface gigabitEthernet 1/3
host1/Admin(config-if)# duplex full

To restore the default setting of autonegotiate for an Ethernet port, enter:

host1/Admin(config-if)# no duplex

Designating an Ethernet Port as an FT VLAN Port

Peer ACE appliances can communicate with each other over a dedicated fault-tolerant (FT) VLAN. These redundant peers use an FT VLAN to transmit and receive heartbeat packets and state and configuration replication packets. To configure one of the Ethernet ports on the ACE for fault tolerance using a dedicated FT VLAN for communication between the members of an FT group, use the ft-port vlan command in interface configuration mode.


Note You cannot use this dedicated FT VLAN Ethernet port for normal network traffic; it must be dedicated for redundancy only.


When you specify an Ethernet port as a dedicated FT VLAN, you have the option to either configure the dedicated VLAN as the only VLAN associated with the Ethernet port or to include it as part of a VLAN trunk link (see the "Allocating an Ethernet Port or Port-Channel Interface to a VLAN Trunk" section). Note that the ACE automatically includes the FT VLAN in the VLAN trunk link. If you choose to configure VLAN trunking, it is not necessary for you to assign the FT VLAN in the trunk link along with the other VLANs.

On both peer ACE appliances, you must configure the same Ethernet port as the FT VLAN port. For example, if you configure ACE appliance 1 to use Ethernet port 4 as the FT VLAN port, then be sure to configure ACE appliance 2 to use Ethernet port 4 as the FT VLAN port.

For details on configuring redundant ACE appliances, including an FT VLAN, see the Cisco 4700 Series Application Control Engine Appliance Administration Guide.

The syntax for this command is as follows:

ft-port vlan number

The number argument specifies a unique identifier for the FT VLAN. Valid values are from 2 to 4094.


Note You do not need to create an FT VLAN before you designate an Ethernet port as the FT VLAN port.


For example, to configure FT VLAN identifier 60 for Ethernet port 3, enter:

host1/Admin(config)# interface gigabitEthernet 1/3
host1/Admin(config-if)# ft-port vlan 60

To remove the FT VLAN for the Ethernet port, enter:

host1/Admin(config-if)# no ft-port vlan 60

Configuring an Ethernet Port in a Port-Channel Group

You can group physical ports together on the ACE to form an EtherChannel (or port channel). When configuring Layer 2 EtherChannels, you map the physical Ethernet port to a port channel using the channel-group command. This command configures the Ethernet port in a port-channel group and automatically creates the port-channel logical interface.

For details on creating a Layer 2 EtherChannel interface, see the "Configuring Layer 2 EtherChannels" section.


Note You do not need to configure a port-channel interface before you assign a physical Ethernet port to a channel group through the channel-group command. A port-channel interface is created automatically when the channel group receives its first physical interface, if it is not already created.


The syntax for the command is as follows:

channel-group channel_number

The channel_number argument specifies the channel number assigned to this channel group. Valid values are from 1 to 255.

For example, to create a channel group with a channel number of 255, enter:

host1/Admin(config)# interface gigabitEthernet 1/3
host1/Admin(config-if)# channel-group 255

To remove the channel group assigned to the Ethernet port, enter:

host1/Admin(config-if)# no channel-group 255

Enabling or Disabling the Ethernet Interface

By default, when you configure an interface it remains in the shutdown state (administratively down) until you enable the interface.

To enable an Ethernet port, use the no shutdown command in interface configuration mode. This action puts the interface in the Up administrative state.

To disable an Ethernet port, use the shutdown command in interface configuration mode. This action puts the interface in the Down administrative state.

For example, to enable Ethernet port 3, enter:

host1/Admin(config)# interface gigabitEthernet 1/3
host1/Admin(config-if)# no shutdown

To disable Ethernet port 3, enter:

host1/Admin(config)# interface gigabitEthernet 1/3
host1/Admin(config-if)# shutdown

To check if an interface is disabled, enter the show interface gigabitEthernet command in Exec mode. An interface that has been shut down is shown as administratively down in the show interface gigabitEthernet command display. See the "Specifying the 802.1Q Native VLAN For a Trunk" section for details.

Configuring Layer 2 EtherChannels

An EtherChannel bundles individual Layer 2 Ethernet physical ports into a single logical link that provides the aggregate bandwidth of up to four physical links on the ACE. The EtherChannel provides full-duplex bandwidth up to 4000-Mbps between the ACE and another switch. Ports in an EtherChannel do not have to be contiguous; however, all ports in each EtherChannel must operate at the same speed.

To create the EtherChannel interface, use the interface port-channel command in interface configuration mode. You can base the load-balance policy (frame distribution) on a MAC address (Layer 2), an IP address (Layer 3), or a port number (Layer 4).


Note Only users authenticated in the Admin context can use the interface port-channel command.


The EtherChannel interface (consisting of up to four Ethernet interfaces) is treated as a single interface, which is called a port channel. You configure an EtherChannel on the port-channel interface rather than on the individual member Ethernet interfaces. Each EtherChannel has a numbered port-channel interface, numbered from 1 to 255. After you configure an EtherChannel, the configuration that you apply to the assigned Ethernet ports in the port-channel group affects only those Ethernet ports.


Note You do not need to configure a port-channel interface before you assign a physical Ethernet port to a channel group through the channel-group command. A port-channel interface is created automatically when the channel group receives its first physical interface, if it is not already created.


To change the parameters of all ports in an EtherChannel, apply the configuration commands to the port-channel interface to configure a Layer 2 EtherChannel as a trunk.

In addition, you can configure EtherChannels as trunks (see Chapter 2, Configuring VLAN Interfaces). After a port channel is formed, configuring any port in the channel as a trunk applies the configuration to all ports in the EtherChannel.


Note If you disable a port in a channel, it is treated as a link failure and its traffic is transferred to one or more of the remaining ports in the channel.


You can also configure EtherChannels using the following CLI commands in interface mode:

Use the switchport access vlan command to configure an access port to a specific VLAN for the Layer 2 EtherChannel interface. See the "Configuring a VLAN Access Port" section.

Use the switchport trunk allowed vlan command to allocate VLANs for the Layer 2 EtherChannel interface. See the "Allocating an Ethernet Port or Port-Channel Interface to a VLAN Trunk" section.

Use the switchport trunk native vlan command to set the 802.1Q native VLAN for a trunk. See the "Specifying the 802.1Q Native VLAN For a Trunk" section.

This section contains the following topics:

Configuring a Port-Channel Interface

Adding a Description for a Port Channel

Designating a Port-Channel Interface as an FT VLAN Interface

Configuring Port-Channel Load Balancing

Enabling or Disabling a Port-Channel Interface

Configuring a Port-Channel Interface

You can group physical ports together on the ACE to form an EtherChannel (or port channel). All the ports that belong to the same port channel must be configured with the same values; for example, port parameters, VLAN membership, or trunk configuration. Only one port channel in a channel group is allowed, and a physical port can belong to a single port-channel interface only.

To create a port-channel interface, use the interface port-channel command. Only users authenticated in the Admin context can use the interface port-channel command.

The syntax for the command is as follows:

interface port-channel channel_number

The channel_number argument specifies the channel number assigned to this port-channel interface. Valid values are from 1 to 255.

For example, to create a port-channel interface with a channel number of 255, enter:

host1/Admin(config)# interface port-channel 255

Adding a Description for a Port Channel

You can add a description about a port-channel interface to help you remember its function. The port-channel interface description appears in the output of the show running-config and show interfaces commands in Exec mode.

The syntax for the command is as follows:

description text

Use the text argument to enter an unquoted text string with a maximum of 240 alphanumeric characters.

For example, to add a description for port-channel interface 255, enter:

host1/Admin(config)# interface port-channel 255
host1/Admin(config-if)# description A port-channel interface with a 
channel number of 255

To remove the port-channel description, enter:

host1/Admin(config-if)# no description

Designating a Port-Channel Interface as an FT VLAN Interface

Peer ACE appliances can communicate with each other over a dedicated fault-tolerant (FT) VLAN. These redundant peers use an FT VLAN to transmit and receive heartbeat packets and state and configuration replication packets. To configure a port-channel interface on the ACE for fault tolerance using a dedicated FT VLAN for communication between the members of an FT group, use the ft-port vlan command in interface configuration mode.


Note You cannot use this dedicated FT VLAN port-channel interface for normal network traffic; it must be dedicated for redundancy only.


When you specify a port-channel interface as a dedicated FT VLAN, you have the option to either configure the dedicated VLAN as the only VLAN associated with the port-channel interface or to include it as part of a VLAN trunk link (see the "Allocating an Ethernet Port or Port-Channel Interface to a VLAN Trunk"section). Note that the ACE automatically includes the FT VLAN in the VLAN trunk link. If you choose to configure VLAN trunking, it is not necessary for you to assign the FT VLAN in the trunk link with the other VLANs.

On both peer ACE appliances, you must configure the same port-channel interface as the FT VLAN. For example, if you configure ACE appliance 1 to use port-channel interface 255 as the FT VLAN port, you must configure ACE appliance 2 to use port-channel interface 255 as the FT VLAN.

For details on configuring redundant ACE appliances, including an FT VLAN, see the Cisco 4700 Series Application Control Engine Appliance Administration Guide.

The syntax for this command is as follows:

ft-port vlan number

The number argument specifies a unique identifier for the FT VLAN. Valid values are from 2 to 4094.


Note You do not need to create an FT VLAN before you designate a port-channel interface as the FT VLAN port.


For example, to configure FT VLAN identifier 60 for port-channel interface 255, enter:

host1/Admin(config)# interface port-channel 255
host1/Admin(config-if)# ft-port vlan 60

To remove the FT VLAN for the port-channel interface, enter:

host1/Admin(config-if)# no ft-port vlan 60

Configuring Port-Channel Load Balancing

An EtherChannel can balance the traffic load across the links in the designated port channel by reducing part of the binary pattern formed from the addresses in the frame to a numerical value that selects one of the links in the channel. Port-channel load balancing can use MAC addresses or IP addresses, Layer 4 port numbers, source addresses, destination addresses, or both source and destination addresses.

Use the option that provides the load-balance criteria with the greatest variety in your configuration. For example, if the traffic on an EtherChannel is going to a single MAC address only and you use the destination MAC address as the basis of EtherChannel load balancing, the EtherChannel always chooses the same link in the EtherChannel.

To set the load-distribution method among the ports in the EtherChannel bundle, use the port-channel load-balance command.

The syntax for this command is as follows:

port-channel load-balance {dst-ip | dst-mac | dst-port | src-dst-ip | src-dst-mac | src-dst-port | src-ip | src-mac | src-port}

The keywords, arguments, and options are as follows:

dst-ip—Loads the distribution on the destination IP address

dst-mac—Loads the distribution on the destination MAC address

dst-port—Loads the distribution on the destination TCP or UDP port

src-dst-ip—Loads the distribution on the source or destination IP address

src-dst-mac—Loads the distribution on the source or destination MAC address

src-dst-port—Loads the distribution on the source or destination port

src-ip—Loads the distribution on the source IP address

src-mac—Loads the distribution on the source MAC address

src-port—Loads the distribution on the TCP or UDP source port

For example, to configure an EtherChannel to balance the traffic load across the links using source or destination IP addresses, enter:

host1/Admin(config)# interface gigabitEthernet 1/1
host1/Admin(config-if)# port-channel load-balance src-dst-ip

Enabling or Disabling a Port-Channel Interface

By default, when you configure a port-channel interface it remains in the shutdown state (administratively down) until you enable the interface.

To enable a port-channel interface, use the no shutdown command in interface configuration mode. This action puts the interface in the Up administrative state.

To disable a port-channel interface, use the shutdown command in interface configuration mode. This action puts the interface in the Down administrative state.

For example, to enable port-channel interface 255, enter:

host1/Admin(config)# interface port-channel 255
host1/Admin(config-if)# no shutdown

For example, to disable port-channel interface 255, enter:

host1/Admin(config)# interface port-channel 255
host1/Admin(config-if)# shutdown

Configuring a VLAN Access Port

On the ACE, a port that is assigned to a single VLAN is referred to as a VLAN access port and provides a connection for end users or node devices, such as a router or server. By default, all devices are assigned to VLAN 1, known as the default VLAN. To configure an access port to a specific VLAN for either an Ethernet interface or a Layer 2 port-channel interface, use the switchport access vlan command in interface configuration mode.


Note You do not need to create a VLAN interface before you configure an access VLAN. To configure a VLAN interface and access its mode to configure its attributes, use the interface vlan command in configuration mode for the context. See Chapter 2, Configuring VLAN Interfaces, for details.


When you assign a VLAN for a specific Ethernet port or port-channel interface, the VLAN is reserved and cannot be configured for a VLAN trunk (see the "Configuring VLAN Trunks" section). A VLAN access port and a VLAN trunk cannot coexist for the same Ethernet port or port-channel interface. If you specify both configurations for the same Ethernet port or port-channel interface, the most recent configuration will overwrite the older configuration.

The syntax is as follows:

switchport access vlan number

The number argument specifies the VLAN number that you want to configure as the 802.1Q native VLAN when operating in trunking mode. Valid values are from 1 to 4094. The default is VLAN 1.

For example, to configure VLAN 101 as an access port for Ethernet port 4, enter:

host1/Admin(config)# interface gigabitEthernet 1/4
host1/Admin(config-if)# switchport access vlan 101

For example, to configure VLAN 101 as an access port for port-channel interface 255, enter:

host1/Admin(config)# interface port-channel 255
host1/Admin(config-if)# switchport access vlan 101

To reset the access mode to the default VLAN 1, enter:

host1/Admin(config)# interface gigabitEthernet 1/4
host1/Admin(config-if)# no switchport access vlan 101

Configuring VLAN Trunks

You can use trunk links to pass VLAN information (including VLAN identification) between switches for all Ethernet channels defined in a Layer 2 Ethernet port or a Layer 2 EtherChannel (port-channel) group on the ACE (see Chapter 1, Configuring Ethernet Interfaces). By default, a trunk port is a member of all VLANs that exist on the ACE and carries traffic for those VLANs as they pass between the switches. To distinguish between the traffic flows, a trunk port marks the frames with special tags.

You must enable trunking on both sides of a link. If two switches are connected together, you must configure both switch ports for trunking and with the same tagging mechanism.

The ACE supports 802.1Q encapsulation-based VLAN trunking. The 802.1Q interconnects VLANs between multiple switches, routers, and servers. With 802.1Q, you can define a VLAN topology that spans multiple physical devices. In addition, the ACE supports 802.1Q for Gigabit Ethernet interfaces. An 802.1Q trunk link provides VLAN identification by adding a 2-byte tag to an Ethernet Frame as it leaves a trunk port.

Ports configured in trunk mode can have traffic in more than one VLAN based on the trunk-allowed VLAN list configuration.


Note You can configure a trunk on a single Ethernet port or on an EtherChannel.


Follow these configuration guidelines and restrictions when you use VLAN trunks with the ACE:

If you configure a VLAN on a trunk, you cannot configure the VLAN as the access port for a specific Ethernet port or port-channel interface (see the "Configuring a VLAN Access Port" section). A VLAN access port and a VLAN trunk cannot coexist for the same Ethernet port or port-channel interface. If you specify both configurations for the same Ethernet port or port-channel interface, the most recent configuration will overwrite the older configuration.

When allocating VLANs to ports, overlapping is not allowed. For example, if VLAN 10 is associated with Ethernet port 1 (or with port-channel interface 255), you cannot associate VLAN 10 with another Ethernet port or port channel.

When you specify an Ethernet port or a port-channel interface as a dedicated FT VLAN (see the "Designating an Ethernet Port as an FT VLAN Port"section), the ACE automatically includes the FT VLAN in the VLAN trunk link and assigns the FT VLAN as the 802.1Q native VLAN for the trunk. It is not necessary for you to assign the FT VLAN in the trunk link with the other VLANs.

You do not need to create a VLAN interface before you allocate a VLAN to an Ethernet port or a port-channel interface. To configure a VLAN interface and access its mode to configure its attributes, use the interface vlan command in configuration mode for the context. See Chapter 2, Configuring VLAN Interfaces for details.

When connecting a Cisco switch through an 802.1Q trunk, make sure that the native VLAN for an 802.1Q trunk is the same on both ends of the trunk link. If the native VLAN on one end of the trunk is different from the native VLAN on the other end, spanning tree loops might result.

When you connect two Cisco switches through 802.1Q trunks, the switches exchange spanning tree Bridge Protocol Data Units (BPDUs) on each VLAN allowed on the trunks. The BPDUs on the native VLAN of the trunk are sent untagged to the reserved 802.1D spanning-tree multicast MAC address (01-80-C2-00-00-00). The BPDUs on all other VLANs on the trunk are sent tagged to the reserved Cisco Shared Spanning Tree (SSTP) multicast MAC address (01-00-0c-cc-cc-cd).

Non-Cisco 802.1Q switches maintain only a single instance of spanning-tree (the Mono Spanning Tree, or MST) that defines the spanning-tree topology for all VLANs. When you connect a Cisco switch to a non-Cisco switch through an 802.1Q trunk, the MST of the non-Cisco switch and the native VLAN spanning tree of the Cisco switch combine to form a single spanning-tree topology known as the Common Spanning Tree (CST).

Because Cisco switches transmit BPDUs to the SSTP multicast MAC address on VLANs other than the native VLAN of the trunk, non-Cisco switches do not recognize these frames as BPDUs and flood them on all ports in the corresponding VLAN. Other Cisco switches connected to the non-Cisco 802.1Q cloud receive these flooded BPDUs, which allows them to maintain a per-VLAN spanning-tree topology across a cloud of non-Cisco 802.1Q switches. The non-Cisco 802.1Q cloud that separates the Cisco switches is treated as a single broadcast segment between all switches connected to the non-Cisco 802.1Q cloud through 802.1Q trunks.

Ensure that the native VLAN is the same on all of the 802.1Q trunks that connect the Cisco switches to the non-Cisco 802.1Q cloud.

This section contains the following topics:

Allocating an Ethernet Port or Port-Channel Interface to a VLAN Trunk

Completing the VLAN Trunking Configuration

Specifying the 802.1Q Native VLAN For a Trunk

Allocating an Ethernet Port or Port-Channel Interface to a VLAN Trunk

You can selectively allocate individual VLANs associated with an Ethernet port or a port-channel interface to a VLAN trunk link. Note that all added VLANs are active on a trunk link, and, as long as the VLAN is available for use, traffic for that VLAN is carried across the trunk link. To specify which VLANs are to be allocated to a trunk link, use the switchport trunk allowed vlan command in interface configuration mode.

To remove a VLAN from the trunk link, use the no form of the command.


Note You do not need to create a VLAN interface before you allocate a VLAN to an Ethernet port or port-channel interface. To configure a VLAN interface and access its mode to configure its attributes, use the interface vlan command in configuration mode for the context. See Chapter 2, Configuring VLAN Interfaces for details.


The syntax is as follows:

switchport trunk allowed vlan vlan_list

The vlan_list argument specifies the allowed VLANs that transmit this Ethernet interface in tagged format when in trunking mode. The vlan_list argument can be one of the following:

Single VLAN number

Range of VLAN numbers separated by a hyphen

Specific VLAN numbers separated by commas

Valid entries are from 1 through 4094. Do not enter any spaces between the dash-specified ranges or the comma-separated numbers in the vlan_list argument.


Note When you specify an Ethernet port or a port-channel interface as a dedicated FT VLAN (see the "Designating an Ethernet Port as an FT VLAN Port"section), the ACE automatically includes the FT VLAN in the VLAN trunk link. It is not necessary to assign the FT VLAN in the trunk link with the other VLANs.


For example, to add VLANs 101, 201, and 250 through 260 to the defined list of VLANs currently set for Ethernet port 4, enter:

host1/Admin(config)# interface gigabitEthernet 1/4
host1/Admin(config-if)# switchport trunk allowed vlan 101,201,250-260

To remove VLANs 101 through 499 from the defined list of VLANs currently set for Ethernet port 4, enter:

host1/Admin(config)# interface gigabitEthernet 1/4
host1/Admin(config-if)# no switchport trunk allowed vlan 101-499

Completing the VLAN Trunking Configuration

By default, when you configure VLAN trunking, the interface is in the shutdown state (administratively down) until you enable it as follows:

To enable VLAN trunking in a Layer 2 Ethernet port or port-channel interface, use the no shutdown command in interface configuration mode. This action puts the interface in the Up administrative state.

To disable VLAN trunking, use the shutdown command in interface configuration mode. This action puts the interface in the Down administrative state.

For example, to enable VLAN trunking for Ethernet port 4, enter:

host1/Admin(config)# interface gigabitEthernet 1/4
host1/Admin(config-if)# switchport trunk allowed vlan 101,201,250-260
host1/Admin(config-if)# no shutdown

For example, to disable VLAN trunking for an interface, enter:

host1/Admin(config-if)# switchport trunk allowed vlan 101,201,250-260
host1/Admin(config-if)# shutdown

Specifying the 802.1Q Native VLAN For a Trunk

On an 802.1Q trunk port, the ACE tags all transmitted and received frames except for those frames configured as the native VLAN for the trunk. Frames on the native VLAN are always transmitted untagged and are normally received untagged.

The native VLAN is the VLAN that is assigned to all ports in the ACE. By default, all interfaces are in VLAN 1 on the ACE, and VLAN 1 is the native VLAN. Depending on your network needs, you may change the native VLAN to be other than VLAN 1.

When configuring 802.1Q trunking, you must match the native VLAN across the link. Because the native VLAN is untagged, the native VLAN must match on both sides of the trunk link for 802.1Q; otherwise, the link will not work.

To set the 802.1Q native VLAN for a trunk, use the switchport trunk native vlan command in interface configuration mode.You can only have one assigned native VLAN.


Note When you specify an Ethernet port or a port-channel interface as a dedicated FT VLAN (see the "Designating an Ethernet Port as an FT VLAN Port"section), the ACE automatically includes the FT VLAN in the VLAN trunk link and assigns the FT VLAN as the 802.1Q native VLAN for the trunk. The ACE prevents you from selecting a different VLAN as the native VLAN.


You do not need to create a VLAN interface to set the 802.1Q native VLAN for a trunk. To configure a VLAN interface and access its mode to configure its attributes, use the interface vlan command in configuration mode for the context. See Chapter 2, Configuring VLAN Interfaces for details.

The syntax is as follows:

switchport trunk native vlan number

The number argument specifies the VLAN number that you want to configure as the 802.1Q native VLAN when operating in trunking mode. Valid values are from 1 to 4094. The default is VLAN 1.

For example, to specify VLAN 3 as the 802.1Q native VLAN for the trunk, enter:

host1/Admin(config)# interface port-channel 255
host1/Admin(config-if)# switchport trunk native vlan 3

To revert to the default of VLAN 1, enter:

host1/Admin(config-if)# no switchport trunk native vlan

Displaying Ethernet Interface Configuration, Status, and Statistics

Use the show interface command in Exec mode to display the following:

Configuration information and counter statistics for an Ethernet port

Configuration information for a port-channel virtual interface

Use the show interface Exec command without a keyword to see a list of all interfaces that are programmed on the ACE. A report is provided for each interface that the device supports.


Note You can display information for the VLAN or Bridged Virtual Interface (BVI) interface through the show interface command. See Chapter 2, Configuring VLAN Interfaces for details.


The syntax for the command is as follows:

show interface {gigabitEthernet slot_number/port_number [counters] | port-channel channel_number}

The keywords, arguments, and options are as follows:

gigabitEthernet—Specifies an Ethernet port.

slot_numberPhysical slot on the ACE that contains the Ethernet ports. This selection is always 1, the location of the daughter card in the ACE. The daughter card includes the four Layer 2 Ethernet ports to perform Layer 2 switching.

port_number—Physical Ethernet port on the ACE. Valid selections are 1 through 4, which specifies one of the four Ethernet ports (1, 2, 3, or 4) associated with the slot 1 (daughter card) selection.

counters—(Optional) Displays a summary of interface counters for the specified Ethernet port related to the receive and transmit queues.

port-channel channel_number—Specifies the channel number assigned to a port-channel interface. Valid values are from 1 to 255.

For example, to view the configuration status for Ethernet port 4, enter:

host1/Admin# show interface gigabitEthernet 1/4
GigabitEthernet Port 1/4 is ADMIN DOWN, line protocol is UP
  Hardware is ACE Appliance 1000Mb 802.3, address is 00.00.00.00.20.62
  MTU 0 bytes
  Auto-duplex, Auto-speed
    0 packets input, 0 bytes, 0 dropped
    Received 0 broadcasts (0 multicasts)
    0 runts , 0 giants
    0 FCS/Align errors , 0 runt FCS, 0 giant FCS
    0 packets output, 0 bytes
    0 broadcast, 0 multicast, 0 control output packets
    0 underflow, 0 single collision, 0 multiple collision output 
packets
    0 excessive collision and dropped, 0 Excessive Deferral and 
dropped

For example, to view the configuration status for port-channel interface 23, enter:

switch/Admin# show interface port-channel 23
PortChannel 23:
----------------------------
Description:
mode: Access    access vlan: 201
status: (ADMIN DOWN), load-balance scheme: unknown
PortChannel 23 mapped phyport:

For example, to view a summary of interface counters for Ethernet port 3, enter:

switch/Admin# show interface gigabitEthernet 1/3 counters

Table 1-3 describes the fields in the command output.

Table 1-3 Field Descriptions for show interface gigabitEthernet counters Command 

Field
Description

RX RGMII Packets

Total number of packets received on the Reduced Gigabit Media Independent Interface (RGMII).

RX RGMII Control Packets

Total number of octets transmitted on the RGMII.

RX RGMII DMAC filtered Packets

Number of destination MAC address-filtered packets received on the RGMII.

RX RGMII Dropped Packets

Total number of packets dropped on the RGMII.

Note These packets will also be counted in the RX Packets field.

RX RGMII Bad Packets

Total number of bad packets received on the RGMII.

Note These packets will also be counted in the RX Packets field.

RX RGMII Octets

Total number of octets received on the RGMII. This statistic makes up a 64-bit counter that describes the number of good octets received.

RX RGMII Control Octets

Total number of control octets received on the RGMII.

RX RGMII DMAC filtered Octets

Number of destination MAC address-filtered octets received on the RGMII.

RX RGMII Dropped Octets

Total number of octets dropped on the specified Ethernet port.

RX Packets

Total number of packets received on the specified Ethernet port.

RX Octets

Total number of octets received on the specified Ethernet port. This statistic makes up a 64-bit counter that describes the number of good octets received.

RX Dropped Packets

Total number of packets dropped by the specified Ethernet port.

Note These packets will also be counted in the RX Packets field.

RX Broadcasts

Number of broadcast packets received on the specified Ethernet port.

RX Multicasts

Number of multicast packets received on the specified Ethernet port.

RX Runts

Number of packets that are discarded because they are smaller than the minimum packet size allowed by the ACE.

RX Giants

Number of packets that are discarded because they exceed the maximum packet size allowed by the ACE.

RX FCS/Align Errors

Total number of frame check sum (FCS) errors or nonintegral number of octets (alignment errors).

RX Runt FCS

Total number of runt FCS errors.

RX Giant FCS

Total number of giant FCS errors.

Total Inbound Packets

Total number of inbound packets received by the ACE.

Total Inbound Octets

Total number of inbound octets received by the ACE.

Total Inbound Errors

Total number of inbound packets with errors.

TX Packets

Total number of packets transmitted from the specified Ethernet port.

TX Octets

Total number of octets transmitted from the specified Ethernet port. This statistic makes up a 64-bit counter that describes the number of good octets transmitted.

TX Broadcast Packets

Number of broadcast packets transmitted from the specified Ethernet port.

TX Multicast Packets

Number of multicast packets transmitted from the specified Ethernet port.

TX Control Packets

Number of control packets transmitted from the specified Ethernet port.

TX Underflow Packets

Number of underflow packets transmitted from the specified Ethernet port.

TX Single Collision Packets

Number of times that a transmitted packet encountered a single collision.

TX Multiple Collision Packets

Number of times that a transmitted packet encountered multiple collisions.

TX Excessive Collisions and Dropped Packets

Number of times that a transmitted packet encountered excessive collisions, which resulted in dropped packets.

TX Excessive Deferral and Dropped Packets

Number of times that a transmitted packet encountered excessive deferrals, which resulted in dropped packets.

TX Packets with Size 0-63 Octets

Number of packets transmitted that are from 0 to 63 octets.

TX Packets with Size 64 Octets

Number of packets transmitted that are 64 octets.

TX Packets with Size 65-127 Octets

Number of packets transmitted that are from 65 to 127 octets.

TX Packets with Size 128-255 Octets

Number of packets transmitted that are from 128 to 255 octets.

TX Packets with Size 256-511 Octets

Number of packets transmitted that are from 256 to 511 octets.

TX Packets with Size 512-1023 Octets

Number of packets transmitted that are from 512 to 1023 octets.

TX Packets with Size 1024-1518 Octets

Number of packets transmitted that are from 1024 to 1518 octets.

TX Packets with Size > 1518 Octets

Number of packets transmitted that are greater than 1518 octets.


Clearing Ethernet Interface Configuration Information

You can clear the Ethernet port configuration information displayed through the show interface command, by using the clear interface gigabitEthernet command in Exec mode. The syntax for this command is as follows:

clear interface gigabitEthernet slot_number/port_number

The options and arguments are as follows:

slot_numberPhysical slot on the ACE that contains the Ethernet ports. This selection is always 1, the location of the daughter card in the ACE. The daughter card includes the four Layer 2 Ethernet ports that allow you to perform Layer 2 switching.

port_number—Physical Ethernet port on the ACE. Valid selections are from 1 through 4, which specifies one of the four Ethernet ports (1, 2, 3, or 4) associated with the slot 1 (daughter card) selection.

For example to clear the statistics for Ethernet port 3, enter:

host1/Admin# clear interface gigabitEthernet 1/3