ME 3800x and ME 3600x Switches Software Configuration Guide, Release 15.2(4)S
Overview
Downloads: This chapterpdf (PDF - 194.0KB) The complete bookPDF (PDF - 11.82MB) | Feedback

Overview

Table Of Contents

Overview

Software Licenses and Features

Features

Performance Features

Management Options

Manageability Features

Availability Features

VLAN Features

Security Features

Switch Security

Network Security

Quality of Service and Class of Service Features

Layer 2 Virtual Private Network Services

Layer 3 Features

Layer 3 VPN Services

Monitoring Features

Feature Support per License

Where to Go Next


Overview


This chapter provides these topics about the Cisco Metro Ethernet (ME) 3800X and 3600X switch software:

Software Licenses and Features

Features

Where to Go Next

In this document, IP refers to IP Version 4 (IPv4).

Software Licenses and Features

If you have a service support contract and order a software license or if you order a switch, you receive the universal software image, available in crypto and noncrypto versions. If you do not have a service support contract, such as a SMARTnet contract, download the software image from Cisco.com.

The ME 3600X supports these licenses:

Metro IP access is the universal image.

Advanced Metro IP access license.

10 Gigabit Ethernet upgrade license—enables 10 Gigabit Ethernet on the SFP+ uplink ports.

For differences in feature support for each license, see Table 1-1 and Table 1-2.

The ME 3800X supports these licenses plus a scaled license that can be installed with any of these licenses to increase the supported values for that license (for example, more MAC addresses, VLANs, and IPv4 routes).

Metro Ethernet services is the universal image.

Metro IP services license.

Metro Aggregation services license.

For differences in feature support for each license, see Table 1-2 and Table 1-4.

To install a software image, see the switch release notes and the "Working with the Cisco IOS File System, Configuration Files, and Software Images" chapter in the software configuration guide.

To install a software license, see the "Cisco IOS Software Activation Tasks and Commands" chapter in the Cisco IOS Software Activation Configuration Guide:

http://www.cisco.com/en/US/docs/ios-xml/ios/csa/configuration/12-4t/csa-12-4t-book.html

An emergency evaluation license is embedded in the software image and does not require the installation of a license file. Specify which evaluation license to enable by using the license boot level command.

Enabling evaluation license on an ME 3800X:

ME3800X# configure terminal
ME3800X(conf)# license boot level <MetroEthServices|MetroIPServices|MetroAggrServices>

Note Only MetroAggrServices is supported during evaluation. Accept the EULA.


ME3800X(conf)# exit
ME3800X# write memory
ME3800X# reload
Note: This evaluation license will be validated only after reload.
 
   

Enabling evaluation license on an ME 3600X:

ME3600X# configure terminal
ME3600X(conf)# license boot level <MetroIPAccess|AdvancedMetroIPAccess>

Note Only AdvancedMetroIPAccess is supported during evaluation. Accept the EULA.


ME3600X(conf)# exit
ME3600X# write memory
ME3600X# reload
Note: This evaluation license will be validated only after a reload.
 
   

After entering the license boot level command, you are prompted to accept the End-User Licensing Agreement (EULA). After accepting the EULA, exiting configuration mode, and saving the running configuration to memory, reload the switch to apply the evaluation license.


Note Note: The evaluation period is valid for 60 days. When the 60 day evaluation period ends, the evaluation license will be unusable after the next reload.


Upon installation of a license file, the license will automatically update to the new license type. There is no need to clear the evaluation license.

Features

Some features noted in this chapter are available only on the cryptographic (that is, supports encryption) versions of the switch software image. You must obtain authorization to use this feature and to download the cryptographic version of the software from Cisco.com. Other features require a specific license. For more information, see the release notes for this release.

Performance Features

Management Options

Manageability Features

Availability Features

VLAN Features

Security Features

Quality of Service and Class of Service Features

Layer 2 Virtual Private Network Services

Layer 3 Features

Layer 3 VPN Services

Monitoring Features

Performance Features

Autosensing of port speed and autonegotiation of duplex mode on all switch ports for optimizing bandwidth

Automatic-medium-dependent interface crossover (auto-MDIX) capability on interfaces that enables the interface to automatically detect the required cable connection type (straight-through or crossover) and to configure the connection appropriately

Support for 9800 byte frames on routed ports and switch ports at all speeds: 10/100/1000/10000 Mb/s.

IEEE 802.3x flow control on all ports (the switch does not send pause frames)

EtherChannel for enhanced fault tolerance

Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for automatic creation of EtherChannel links

Forwarding of Layer 2 and Layer 3 packets at Gigabit and 10 Gigabit line rates

Per-port storm control for preventing broadcast, multicast, and unicast storms

Port blocking on forwarding unknown Layer 2 unknown unicast, multicast, and bridged broadcast traffic

Internet Group Management Protocol (IGMP) snooping for IGMP versions 1,  2, and 3 on switchports for efficiently forwarding multimedia and multicast traffic

IGMP report suppression for sending only one IGMP report per multicast router query to the multicast devices (supported only for IGMPv1 or IGMPv2 queries)

IGMP snooping querier support to configure switch to generate periodic IGMP General Query messages

IGMP throttling for configuring the action when the maximum number of entries is in the IGMP forwarding table

IGMP configurable leave timer to configure the leave latency for the network.

RADIUS server load balancing to allow access and authentication requests to be distributed evenly across a server group.

Management Options

CLI—The Cisco IOS software supports desktop- and multilayer-switching features. You can access the CLI either by connecting your management station directly to the switch console port or by using Telnet from a remote management station. For more information about the CLI, see Chapter 2 "Using the Command-Line Interface."

Cisco Configuration Engine—The Cisco Configuration Engine is a network management device that works with embedded Cisco IOS CNS Agents in the switch software. You can automate initial configurations and configuration updates by generating switch-specific configuration changes, sending them to the switch, executing the configuration change, and logging the results. For more information about using Cisco IOS agents, see Chapter 4 "Configuring Cisco IOS Configuration Engine."

SNMP—SNMP management applications such as CiscoWorks2000 LAN Management Suite (LMS) and HP OpenView. You can manage from an SNMP-compatible management station that is running platforms such as HP OpenView or SunNet Manager. The switch supports a comprehensive set of MIB extensions and four remote monitoring (RMON) groups. For more information about using SNMP, see Chapter 28 "Configuring SNMP."

Manageability Features


Note The encrypted Secure Shell (SSH) feature listed in this section is available only on the cryptographic versions of the switch software image.


Support for synchronous Ethernet (SyncE) to synchronize and send clock information to remote sites on the network for the same clock accuracy, stability, and traceability in the network.

Support for Ethernet Virtual Connections (EVCs), conceptual service pipes for point-to-point or multipoint-to-multipoint paths within the service provider network, for bridge domains, and for Ethernet Flow Points (EFPs) logical interfaces that connect bridge domains to a physical ports in a switch. Some software features are supported on ports only or on EFPs only.

Support for DHCP for configuration of switch information (such as IP address, default gateway, hostname, and Domain Name System [DNS] and TFTP server names)

DHCP relay for forwarding User Datagram Protocol (UDP) broadcasts, including IP address requests, from DHCP clients

DHCP server for automatic assignment of IP addresses and other DHCP options to IP hosts

DHCP-based autoconfiguration and image update to download a specified configuration a new image to a large number of switches

DHCP server port-based address allocation for the preassignment of an IP address to a switch port

Directed unicast requests to a DNS server for identifying a switch through its IP address and its corresponding hostname and to a TFTP server for administering software upgrades from a TFTP server

Address Resolution Protocol (ARP) for identifying a switch through its IP address and its corresponding MAC address

Unicast MAC address filtering to drop packets with specific source or destination MAC addresses

Configurable MAC address scaling that allows disabling MAC address learning on a VLAN to limit the size of the MAC address table

Cisco Discovery Protocol (CDP) Versions 1 and 2 for network topology discovery and mapping between the switch and other Cisco devices on the network (supported on NNIs by default, can be enabled on ENIs, not supported on UNIs)

Link Layer Discovery Protocol (LLDP) and LLDP Media Endpoint Discovery (LLDP-MED) for interoperability with third-party IP phones

Support for the LLDP-MED location TLV that provides location information from the switch to the endpoint device

Network Time Protocol (NTP) for providing a consistent time stamp to all switches from an external source

Cisco IOS File System (IFS) for providing a single interface to all file systems that the switch uses

In-band management access for up to 16 simultaneous Telnet connections for multiple CLI-based sessions over the network

In-band management access for up to five simultaneous, encrypted Secure Shell (SSH) connections for multiple CLI-based sessions over the network (requires the cryptographic versions of the switch software).

In-band management access through SNMP Versions 1, 2c, and 3 get and set requests

Out-of-band management access through the switch console port to a directly attached terminal or to a remote terminal through a serial connection or a modem

Out-of-band management access through the Ethernet management port to a PC

User-defined command macros for creating custom switch configurations for simplified deployment across multiple switches

Support for metro Ethernet operation, administration, and maintenance (OAM) IEEE 802.1ag Connectivity Fault Management (CFM), Ethernet Line Management Interface (E-LMI) on customer-edge switches, and IEEE 802.3ah Ethernet OAM discovery, link monitoring, remote fault detection, and remote loopback, and IEEE 802.3ah Ethernet OAM discovery, link monitoring, remote fault detection, and remote loopback

Configuration replacement and rollback to replace the running configuration on a switch with any saved Cisco IOS configuration file

Source Specific Multicast (SSM) mapping for multicast applications to provide a mapping of source to allowing IGMPv2 clients to utilize SSM, allowing listeners to connect to multicast sources dynamically and reducing dependencies on the application

CPU utilization threshold trap monitors CPU utilization.

Availability Features

UniDirectional Link Detection (UDLD) and aggressive UDLD for detecting and disabling unidirectional links on fiber-optic interfaces caused by incorrect fiber-optic wiring or port faults

IEEE 802.1D Spanning Tree Protocol (STP) for redundant backbone connections and loop-free networks. STP has these features:

Up to 1000 supported spanning-tree instances

Per-VLAN spanning-tree plus (PVST+) for balancing load across VLANs

Rapid PVST+ for balancing load across VLANs and providing rapid convergence of spanning-tree instances

IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) for grouping VLANs into a spanning-tree instance and for providing multiple forwarding paths for data traffic and load balancing and rapid per-VLAN Spanning-Tree plus (rapid-PVST+) based on the IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) for rapid convergence of the spanning tree by immediately transitioning root and designated ports to the forwarding state

Optional spanning-tree features available in PVST+, rapid-PVST+, and MSTP modes:

Port Fast for eliminating the forwarding delay by enabling a spanning-tree port to immediately transition from the blocking state to the forwarding state

Bridge protocol data unit (BPDU) guard for shutting down Port Fast-enabled ports that receive BPDUs

BPDU filtering for preventing a Port Fast-enabled ports from sending or receiving BPDUs

Root guard for preventing switches outside the network core from becoming the spanning-tree root

Loop guard for preventing alternate or root ports from becoming designated ports because of a failure that leads to a unidirectional link

Flex Link Layer 2 interfaces to back up one another as an alternative to STP for basic link redundancy in a nonloop network with preemptive switchover and bidirectional fast convergence, also referred to as the MAC address-table move update feature

Flex Link Multicast Fast Convergence to reduce the multicast traffic convergence time after a Flex Link failure

Support for Resilient Ethernet Protocol (REP) for improved convergence times and network loop prevention without the use of spanning tree

Support for REP edge ports with the no-neighbor option when the neighbor port is not REP-capable

HSRP for Layer 3 router redundancy

Equal-cost routing for link-level and switch-level redundancy (requires metro IP access image)

VLAN Features

Support for up to 4094 VLANs for assigning users to VLANs associated with appropriate network resources, traffic patterns, and bandwidth

Support for VLAN IDs in the full 1 to 4094 range allowed by the IEEE 802.1Q standard

IEEE 802.1Q trunking encapsulation on all ports for network moves, adds, and changes; management and control of broadcast and multicast traffic; and network security by establishing VLAN groups for high-security users and network resources

VLAN 1 minimization for reducing the risk of spanning-tree loops or storms by allowing VLAN 1 to be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent or received on the trunk. The switch CPU continues to send and receive control protocol frames.

VLAN Flex Link Load Balancing on physical interfaces to provide Layer 2 redundancy without requiring Spanning Tree Protocol (STP). A pair of interfaces configured as primary and backup links can load balance traffic based on VLAN.

Security Features

Switch Security


Note The Kerberos feature listed in this section is only available on the cryptographic versions of the switch software.


Password-protected access (read-only and read-write access) to management interfaces for protection against unauthorized configuration changes

Configuration file security so that only authenticated and authorized users have access to the configuration file, preventing users from accessing the configuration file by using the password recovery process

Multilevel security for a choice of security level, notification, and resulting actions

MAC security option for limiting and identifying MAC addresses of the stations allowed to access Ethernet Flow Points (EFPs)

MAC security aging to set the aging time for secure addresses on a service instance

LLDP (Link Layer Discovery Protocol) and LLLDP-MED (Media Extensions)—Adds support for IEEE 802.1AB link layer discovery protocol for interoperability in multi-vendor networks. Switches exchange speed, duplex, and power settings with end devices such as IP Phones.

TACACS+, a proprietary feature for managing network security through a TACACS server

RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users through authentication, authorization, and accounting (AAA) services

Kerberos security system to authenticate requests for network resources by using a trusted third party (requires the cryptographic versions of the switch software)

Network Security

Standard and extended IP access control lists (ACLs) for defining security policies in both directions on routed interfaces (router ACLs) and VLANs and inbound on Layer 2 interfaces (port ACLs)

Extended MAC access control lists for defining security policies in the inbound direction on Layer 2 interfaces

VLAN ACLs (VLAN maps) for providing intra-VLAN security by filtering traffic based on information in the MAC, IP, and TCP/UDP headers

Source and destination MAC-based ACLs for filtering non-IP traffic

Support for 3DES and AES with version 3 of the Simple Network Management Protocol (SNMPv3). This release adds support for the 168-bit Triple Data Encryption Standard (3DES) and the 128-bit, 192-bit, and 256-bit Advanced Encryption Standard (AES) encryption algorithms to SNMPv3.

Quality of Service and Class of Service Features

Cisco modular quality of service (QoS) command-line (MQC) implementation

Three levels of hierarchical output queueing

Classification based on IP precedence, Differentiated Services Code Point (DSCP), and IEEE 802.1p class of service (CoS) packet fields, ACL lookup, and multiprotocol label switching (MPLS) Experimental bits, or assigning a discard class or QoS label for output classification

Policing

One-rate policing based on average rate and burst rate for a policer

Two-color policing that allows different actions for packets that conform to or exceed the rate

Ingress two-rate, three-color policing for individual or aggregate policers

Weighted tail drop (WTD) as the congestion-avoidance mechanism for managing the queue lengths and providing drop precedences for different traffic classifications

Queuing and Scheduling

Deficit round robin traffic shaping to mix packets from all queues to minimize traffic burst

Class-based traffic shaping to specify a maximum permitted average rate for a traffic class

Port shaping to specify the maximum permitted average rate for a port

Class-based weighted queuing (CBWFQ) to control bandwidth to a traffic class

WTD to adjust queue size for a specified traffic class

Low-latency priority queuing to allow preferential treatment to certain traffic

Per-port, per-VLAN QoS to control traffic carried on a user-specified VLAN for a given interface. You can use hierarchical policy maps for per-VLAN classification and apply the per-port, per-VLAN hierarchical policy maps to trunk ports.

Layer 2 Virtual Private Network Services

IEEE 802.1Q tunneling on EFPs to enable service providers to offer multiple point Layer 2 VPN services to customers

Layer 2 protocol tunneling on EFPs to enable customers to control protocols, such as BPDU, CDP, VTP, LLDP, MSTP, PAgP, LACP, and UDLD protocols, to be tunneled across service-provider networks.

Support for Ethernet over multiprotocol layer switching (EoMPLS) tunneling mechanism for transporting Ethernet frames over a service-provider MPLS network

Support for Layer 2 transport over MPLS interworking for Ethernet and VLAN interworking.

Pseudowire redundancy to allow service providers to configure their multiprotocol label switching (MPLS) networks to detect network failures and to reroute Layer 2 services to another endpoint.

Layer 3 Features

HSRP Version 1 (HSRPv1) and HSRP Version 2 (HSRPv2) for Layer 3 router redundancy

IP routing protocols for load balancing and for constructing scalable, routed backbones:

RIP Versions 1 and 2

OSPF

EIGRP

BGP Version 4

IS-IS dynamic routing

BFD protocol Bidirectional Forwarding Detection (BFD) Protocol to detect forwarding-path failures for OSPF, IS-IS, BGP, EIGRP, or HSRP routing protocols

IP routing between VLANs (inter-VLAN routing) for full Layer 3 routing between two or more VLANs, allowing each VLAN to maintain its own autonomous data-link domain

Static IP routing for manually building a routing table of network path information

Equal-cost routing for load balancing and redundancy

Internet Control Message Protocol (ICMP) and ICMP Router Discovery Protocol (IRDP) for using router advertisement and router solicitation messages to discover the addresses of routers on directly attached subnets

Protocol-Independent Multicast (PIM) for multicast routing within the network, allowing for devices in the network to receive the multicast feed requested and for switches not participating in the multicast to be pruned. Includes support for PIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), and PIM sparse-dense mode

Support for the SSM PIM protocol to optimize multicast applications, such as video

DHCP relay for forwarding UDP broadcasts, including IP address requests, from DHCP clients

Layer 3 VPN Services

Multiple VPN routing/forwarding (multi-VRF) instances in customer edge devices (multi-VRF CE) to allow service providers to support multiple virtual private networks (VPNs) and overlap IP addresses between VPNs

VRF and EIGRP compatibility

VRF-aware services

Support for MPLS VPNs provides the capability to deploy and administer scalable Layer 3 VPN services to business customers. Each VPN is associated with one or more VPN routing/forwarding (VRF) instances that include routing and forwarding tables and rules that define the VPN membership.

Support for MPLS Operations, Administration, and Maintenance (OAM) functionality for monitoring lab switched paths (LSPs) and isolating MPLS forwarding problems.

Multiple VPN multi-VRF instances in customer edge devices to allow service providers to support multiple VPNs and to overlap IP addresses between VPNs.

Support for MPLS traffic engineering and fast reroute link protection for rerouting LSP traffic around a failed link

Monitoring Features

Switch LEDs that provide port- and switch-level status

Configurable external alarm inputs

MAC address notification traps and RADIUS accounting for tracking users on a network by storing the MAC addresses that the switch has learned or removed

Four groups (history, statistics, alarms, and events) of embedded RMON agents for network monitoring and traffic analysis

Syslog facility for logging system messages about authentication or authorization errors, resource issues, and time-out events

Layer 2 traceroute to identify the physical path that a packet takes from a source device to a destination device

Time Domain Reflector (TDR) to diagnose and resolve cabling problems on copper Ethernet 10/100 ports

SFP module diagnostic management interface to monitor physical or operational status of an SFP module

Online diagnostics to test the hardware functionality switch while the switch is connected to a live network

On-board failure logging (OBFL) to collect information about the switch and the power supplies connected to it

IP Service Level Agreements (IP SLAs) support to measure network performance by using active traffic monitoring

IP SLAs for Metro Ethernet using IEEE 802.1ag Ethernet Operation, Administration, and Maintenance (OAM) capability to validate connectivity, jitter, and latency in a metro Ethernet network)

Feature Support per License

Table 1-1 ME 3600X Supported Features per License

Metro IP Access (Universal Image)
Advanced Metro IP Access license

Basic Layer 2 features (including 802.1Q)

EVCs

IPv4 routing (RIP, OSFP, EIGRP, IS-IS, and BGP) and BFD

Multicast routing (PIM, DM, SSM and SSM mapping)

Ethernet OAM (802.1ag, 802.3ah, and E-LMI),

MST, REP, Flex Links

Synchronous Ethernet with Ethernet Synchronization Messaging Channel (ESMC)

Multi VRF-CE (VRF-Lite) with service awareness (ARP, ping, SNMP, syslog, traceroute, FTP and TFTP)

All features in the Metro IP Access image

MPLS

MPLS traffic engineering and Fast Reroute

MPLS OAM

MPLS VPN

Ethernet over MPLS (EoMPLS)

Pseudowire redundancy

Virtual Private LAN Services (VPLS)


Table 1-2 ME 3600X License Scaling  

Supported feature
Metro IP Access
Advanced Metro IP Access

MAC addresses

8 K

16 K

IPv4 routes

20 K

20 K

IPv4 multicast groups and routes

1 K

1 K

Layer 2 multicast entries

1 K

1 K

Bridge domains

4 K

4 K

ACL entries

2 K

2 K


Table 1-3 ME 3800X Supported Features per License

Metro Ethernet Services (Universal Image)
Metro IP Services license
Metro Aggregation Services license

Basic Layer 2 features (including 802.1d and 802.1Q)

EVCs

Ethernet OAM (802.1ag, 802.3ah, and E-LMI),

MST, REP, Flex Links

Synchronous Ethernet with Ethernet Synchronization Messaging Channel (ESMC)

All features in the Metro Ethernet Services image

IPv4 routing (RIP, OSFP, EIGRP, IS-IS, and BGP)

BFD

Multicast routing (PIM, DM, SSM and SSM mapping)

Multi VRF-CE (VRF-Lite) with service awareness (ARP, ping, SNMP, syslog, traceroute, FTP and TFTP)

All features in the Metro IP Services license

MPLS

MPLS traffic engineering and Fast Reroute

MPLS OAM

MPLS VPN

Ethernet over MPLS (EoMPLS)

Pseudowire redundancy

Virtual Private LAN Services (VPLS)


Table 1-4 ME 3800X License Scaling

Supported feature
Metro Services
Scaled Metro Services
Metro IP Services
Scaled Metro IP Services
Metro Aggregation Services
Scaled Metro Aggregation Services

MAC table addresses

64 K

128 K

32 K

64 K

128 K

256 K

IPv4 routes

1 K

1 K

42 K

80 K

24 K

32 K

IPv4 multicast groups and routes

0

0

2 K

4 K

2 K

4 K

Layer 2 multicast entries

2 K

4 K

2 K

2 K

2 K

4 K

Bridge domains

4 K

4 K

2 K

2 K

4 K

8 K

ACL entries

4 K

8 K

4 K

8 K

4 K

16 K


Where to Go Next

Before configuring the switch, review these sections for startup information:

Chapter 2 "Using the Command-Line Interface"

Chapter 3 "Assigning the Switch IP Address and Default Gateway"

Chapter 4 "Configuring Cisco IOS Configuration Engine"