-
CSS Administration Guide (Software Version 7.20)
-
Index
-
Preface
-
Booting, Logging In, and Getting Started
-
Configuring CSS Basics
-
Managing the CSS Software
-
Specifying the CSS Boot Configuration
-
Configuring Interfaces and Circuits
-
Configuring CSS Network Protocols
-
Configuring Open Shortest Path First (OSPF)
-
Using the CSS Logging Features
-
Configuring Flow and Port Mapping Parameters
-
Configuring User Profiles
-
Configuring CSS Remote Access Methods
-
Configuring Simple Network Management Protocol (SNMP)
-
Configuring Remote Monitoring (RMON)
-
Upgrading Your CSS Software
-
Using the Offline Diagnostic Monitor Menu
-
Troubleshooting the Boot Process
-
Table Of Contents
Configuring Interfaces and Circuits
Interface and Circuit Overview
Interface and Circuit Configuration Quick Start
Entering a Description for the Interface
Configuring Interface Duplex and Speed
Setting Interface Maximum Idle Time
Bridging an Interface to a VLAN
Specifying VLAN Trunking for an Interface
Selecting a Default VLAN in a Trunk
Configuring Spanning-Tree Bridging for a VLAN or a Trunked Interface
Configuring Spanning-Tree Bridge Pathcost
Configuring Spanning-Tree Bridge Priority
Configuring Spanning-Tree Bridge State
Configuring Port Fast on an Interface
Showing Interface Configurations
Showing Trunking Configurations
Showing Interface Duplex and Speed
Showing Ethernet Interface Errors
Entering Circuit Configuration Mode
Configuring a Circuit IP Interface
Configuring a Circuit IP Address
Configuring a Circuit-IP Broadcast Address
Configuring Circuit-IP Redirects
Configuring Circuit-IP Unreachables
Configuring Router-Discovery Preference for a Circuit IP Interface
Enabling and Disabling a Circuit IP
Configuring Router-Discovery Protocol Settings for a Circuit
Configuring the Router-Discovery Lifetime
Configuring Router-Discovery Limited-Broadcast
Configuring the Router-Discovery Max-Advertisement-Interval
Configuring the Router-Discovery Min-Advertisement-Interval
Configuring RIP for an IP Interface
Enabling RIP on an IP Interface
Configuring a RIP Default Route
Configuring a RIP Receive Version
Configuring RIP Packet Logging
Showing RIP Configurations for IP Addresses
Configuring the Switched Port Analyzer Feature
Verifying the SPAN Configuration on a CSS
Configuring Interfaces and Circuits
This chapter describes how to configure the CSS interfaces and circuits and how to bridge interfaces to Virtual LANs (VLANs). Information in this chapter applies to all CSS models, except where noted.
This chapter contains the following major sections:
•
Interface and Circuit Overview
•
•
Interface and Circuit Overview
The CSS provides Ethernet interfaces (ports) that enable you to connect servers, PCs, routers, and other devices to the CSS.
Using the bridge command, you assign the Ethernet interfaces to a specific VLAN. Each VLAN circuit requires an IP address. Assigning an IP address to each VLAN circuit allows the CSS to route Ethernet interfaces from VLAN to VLAN.
Using the trunk command, you can assign multiple VLANs to a CSS Ethernet interface port (Fast Ethernet port or Gigabit Ethernet port). A trunk is a point-to-point link carrying the traffic of several VLANs. The advantage of a trunk is to save ports by creating a link between two CSSs implementing VLANs. A trunk bundles virtual links over one physical link. The unique physical link between the two CSSs is able to carry traffic for the specified VLANs.
Note
The CSS forwards VLAN circuit traffic to the IP interface. The IP interface passes the traffic to the IP forwarding function where the CSS compares the destination of each packet to information contained in the routing table. Once the CSS resolves the packet addresses, it forwards the packet to the appropriate VLAN and destination port.
With trunking enabled, the CSS automatically inserts a tag in every frame transmitted over the trunk link to identify the originating VLAN. When the VLAN-aware CSS receives the frame, it reviews the VLAN-tagged packet to identify the transmitting VLAN. If the VLAN is recognized, the frame is routed to the proper port and VLAN destination. If the frame is from a VLAN that is not assigned to the trunk port, the packet is ignored. By default, the CSS discards untagged packets.
For an 802.1Q trunk, you can use the default-vlan command to:
•
•
By using this method, the CSS can determine which VLAN transmitted an untagged frame. This capability allows VLAN-aware CSSs and VLAN-unaware CSSs to transmit and receive information on the same cable.
Figure 5-1 illustrates the interfaces, circuits, and VLANs in a CSS, and Figure 5-2 illustrates trunking between VLANs.
Figure 5-1 CSS Interfaces and Circuits
Figure 5-2 Interface Trunking Between VLANs
Interface and Circuit Configuration Quick Start
Table 5-1 provides a quick overview of the steps required to configure interfaces and circuits. Each step includes the CLI command required to complete the task. For a complete description of each feature and all the options associated with the CLI command, see the sections following Table 5-1.
Configuring Interfaces
Interfaces are ports that enable you to connect devices to the CSS and connect the CSS to the Internet. The commands to configure interfaces on the CSS 11501 differ slightly from the commands to configure interfaces on the CSS 11503 and CSS 11506 because they require a slot/port designation. The CSS 11501 does not use the slot/port designation.
This section includes the following topics:
•
•
•
•
•
•
•
•
Configuring an Interface
Use the interface command to configure an Ethernet interface. Enter the interface name as follows:
•
•
For example, to configure interface port 1 on a CSS 11501, access interface mode for the port by entering:
(config)# interface e1(config-if[e1])#For example, to configure interface 1 on a CSS 11503 or CSS 11506, access interface mode for the I/O module in slot 2 by entering:
(config)# interface 2/1(config-if[2/1])#Note in both examples that the CSS changes from configuration mode to the specific interface mode.
Entering a Description for the Interface
Use the description command to identify the Ethernet interface. Enter a quoted text string from 1 to 255 characters including spaces.
For example:
(config-if[2/1])# description "Connects to server17"To view an interface description, use the show running-config interface command. For example:
(config-if[2/1])# show running-config interface 2/1!************************ INTERFACE ************************interface 2/1description "Connects to server17"bridge vlan 2To remove an interface description, enter:
(config-if[2/1])# no descriptionConfiguring Interface Duplex and Speed
By default, the CSS Fast Ethernet interface and Gigabit Ethernet interface are configured to auto-negotiate. The CSS automatically detects the network line speed (Fast Ethernet only) and duplex of incoming signals, and synchronizes those parameters during data transfer. Auto-negotiation enables the CSS and the other devices on the link to achieve the maximum common level of operation.
When using Fast Ethernet ports with older equipment that cannot transmit the duplex and speed with the signals, you can manually configure the speed (10 Mbps, 100 Mbps) and duplex (half or full duplex) of the CSS port to match the transmitting equipment.
When you use Gigabit Ethernet ports, if the link does not come up (perhaps due to traffic congestion), you may need to force the CSS and its link partner in to a specific mode. The CSS allows you to manually select a full duplex and flow control (pause frame) mode. Flow control allows the CSS to control traffic during congestion by notifying the other port to stop transmitting until the congestion clears. When the other device receives the pause frame, it temporarily stops transmitting data packets. When the CSS detects local congestion and becomes overwhelmed with data, the Gigabit Ethernet ports transmits a pause frame. Both the CSS Gigabit Ethernet and its link partner must be configured with the same pause method (asymmetric, symmetric, or both). By default, all Gigabit Ethernet ports are configured to full duplex mode with symmetric pause (pause frames transmitted and received by the CSS).
Use the phy command to configure the duplex, speed (Fast Ethernet ports only), and flow control (Gigabit Ethernet ports only) for the interface ports, as follows:
•
Note
•
Gigabit Ethernet port auto-negotiation remains enabled when a pause mode command is specified so the Gigabit Ethernet interface ports can act upon the link partner's flow control capability. If it is necessary to disable auto-negotiation for the Gigabit Ethernet port when using a pause mode, enter the phy auto-negotiate disable command.
•
•
•
•
•
•
•
•
For example, to configure Fast Ethernet interface 1 on the I/O module in slot 2 of the CSS 11503 to 100 Mbps and half-duplex mode, enter:
(config-if[2/1])# phy 100Mbits-HDFor example, to configure gigabit interface 1 on the SCM in slot 1 of the CSS 11503 to full-duplex mode with asymmetric pause, enter:
(config-if[1/1])# phy auto-negotiate disable(config-if[1/1])# phy 1Gbits-FD-asymSetting Interface Maximum Idle Time
Use the max-idle command as a troubleshooting tool to verify an interface's ability to receive traffic. If the interface does not receive traffic within the configured idle time, the CSS reinitializes the interface automatically.
Set the idle time to a value greater than the interval over which the interface is receiving traffic. For example, if the interface receives traffic every 90 seconds, set the idle time to a value greater than 90 seconds. If you set the idle time to less than 90 seconds, the CSS would continuously reinitialize the interface before the interface was able to receive traffic.
Enter an idle time from 15 to 65535 seconds. The default is 0, which disables the idle timer.
For example, to set the maximum idle time to 180 seconds for interface port 1 on a CSS 11503, the I/O module in slot 2, enter:
(config-if[2/1])# max-idle 180To reset the idle time for an interface to its default value of 0, enter:
(config-if[2/1])# no max-idleBridging an Interface to a VLAN
Use the bridge vlan command to specify a VLAN and associate it with the specified Ethernet interface. Enter an integer from 1 to 4094 as the VLAN identifier. The default is 1. All interfaces are assigned to VLAN1 by default.
The following list defines the maximum number of VLANs supported by the specific CSS models:
•
•
When you specify the bridge vlan command, enter the word vlan in lowercase letters and include a space before the VLAN number (for example, vlan 2).
For example, to configure e1 to VLAN2 on the CSS 11501, enter:
(config-if[e1])# bridge vlan 2The CSS Gigabit Ethernet and Fast Ethernet interface ports support trunking to multiple VLANs through the trunk command. In this configuration, use the trunk command for the Ethernet interface instead of the bridge vlan command (and the other associated bridge CLI commands). See "Showing Interface Configurations" for details.
To restore the default VLAN1 on the CSS 11501, enter:
(config-if[e7])# no bridge vlanTo display all interfaces and the VLANs to which they are configured, use the show circuit command. In the show circuit display, VLANs appear as VLAN (uppercase, with no space before the VLAN number). See the "Showing Circuits" section for information about the show circuits command.
Specifying VLAN Trunking for an Interface
Use the trunk command to activate VLAN trunking for a CSS interface. You specify all VLANs that include the specified port as part of the VLAN. The trunk command also converts the link in to a trunk link. Use the vlan command to specify the number of each VLAN to be associated with the Gigabit Ethernet or Fast Ethernet port. Enter an integer from 1 to 4094 as the VLAN identifier.
The following list defines the maximum number of VLANs supported by the specific CSS models:
•
•
The CSS software has a dependency when using the trunk command. For trunking to be enabled, all VLAN bridging commands for any active VLAN must first be disabled for the Gigabit Ethernet or Fast Ethernet interface by using the no bridge vlan, no bridge priority, no bridge state, and no bridge pathcost commands. If you do not disable VLAN bridging on an interface, the CSS software instructs you to do so.
When you specify the trunk command, enter the word vlan in lowercase letters and include a space before the VLAN number (for example, vlan 2). The CSS automatically prompts you to create the specified VLAN (where y instructs the software to create the VLAN and n cancels the VLAN creation).
For example, to configure Gigabit Ethernet port 1 in slot 1 for use in VLAN2, VLAN3, and VLAN9, enter:
(config-if[1/1])# trunk(config-if[1/1])# vlan 2Create VLAN<2>, [y/n]:y(config-if-vlan[1/1-2])# vlan 3Create VLAN<3>, [y/n]:y(config-if-vlan[1/1-3])# vlan 9Create VLAN<9>, [y/n]:y(config-if-vlan[1/1-9])#The no trunk command turns off all trunking, removes all specified vlan commands associated with the interface, and deletes this information from the running configuration. The interface is returned to VLAN1 by default.
To disable trunking on the specified interface and associated VLANs, enter:
(config-trunkif[2/3])# no trunkTo display all interfaces and the VLANs to which they are configured, use the show circuit command. In the show circuit output, VLANs appear as VLAN (uppercase, with no space before the VLAN number). For an interface that has trunking enabled, an "-n" (where n is the associated VLAN number) is appended to the prefix. In this example, 1/4-1 indicates slot 1, port 4, VLAN1. See the "Showing Circuits" section for information about the show circuits command.
Selecting a Default VLAN in a Trunk
To define a default VLAN to accept packets that arrive untagged on the interface, include the default-vlan command as part of the trunk/VLAN definition. The command also specifies that the packets transmitted from this VLAN will be untagged. The default VLAN must be explicitly set if you want untagged packets to be processed by the CSS. Otherwise, these packets are discarded.
The default-vlan command can be specified only for a single VLAN. If you attempt to use this command for another VLAN, the CSS instructs you to disable the current default VLAN using the no default-vlan command.
For example:
(config-if[1/1])# trunk(config-if[1/1])# vlan 2Create VLAN<2>, [y/n]:y(config-if-vlan[1/1-2])# vlan 3Create VLAN<3>, [y/n]:y(config-if-vlan[1/1-3])# default-vlanTo remove the default VLAN selection, enter:
(config-if-vlan[1/1-3])# no default-vlanConfiguring Spanning-Tree Bridging for a VLAN or a Trunked Interface
The CSS supports configuration of Spanning-Tree Protocol (STP) bridging for an Ethernet interface in a VLAN or for a trunked Ethernet interface. Spanning-tree bridging is used to detect, and then prevent, loops in the network. You can define the bridge spanning-tree path cost, priority, and state for an Ethernet interface or for a trunked Ethernet interface. Ensure you configure the spanning-tree bridging parameters the same on all switches running STP in the network.
Note
This section includes the following topics:
•
•
•
For details about globally configuring spanning-tree bridging paremeters for the CSS (such as bridge aging time, forward delay time, hello time interval, and maximum age), refer to Chapter 6, Configuring CSS Network Protocols.
Configuring Spanning-Tree Bridge Pathcost
Use the bridge pathcost command to set the spanning-tree path cost for an Ethernet interface or for a trunked Ethernet interface. The cost is the contribution of the interface to the vast path cost towards the spanning-tree root. Enter an integer from 1 to 65535. The default is dynamically configured based on the interface speed.
For example, to set a path cost of 9 for e7 on the CSS 11501, enter:
(config-if[e7])# bridge pathcost 9For example, to set a path cost of 2 for the I/O module in slot 1, Ethernet port 1, in VLAN3, enter:
(config-if-vlan[1/1-3])# bridge pathcost 2To restore the default path cost, enter:
(config-if-vlan[1/1-3])# no bridge pathcostConfiguring Spanning-Tree Bridge Priority
Use the bridge priority command to set the spanning-tree bridge priority for an Ethernet interface or for a trunked Ethernet interface. If the CSS has a bridge priority that is lower than all other switches, it will be automatically selected by the other switches as the root switch. Enter an integer from 0 to 255. The default is 128.
For example, to set a bridge priority of 100 for e7 on the CSS 11501, enter:
(config-if[e7])# bridge priority 100For example, to set a bridge priority of 100 for the I/O module in slot 1, Ethernet port 1, in VLAN3, enter:
(config-if-vlan[1/1-3])# bridge priority 100To restore the default priority of 128, enter:
(config-if-vlan[1/1-3])# no bridge priorityConfiguring Spanning-Tree Bridge State
Use the bridge state command to set the spanning-tree bridge state for an Ethernet interface or for a trunked Ethernet interface. By default, an Ethernet interface is set to the enabled bridge state.
For example, to enable the bridge state for e7 on the CSS 11501, enter:
(config-if[e7])# bridge state enableFor example, to enable the bridge state for the I/O module in slot 1, Ethernet port 1, in VLAN3, enter:
(config-if-vlan[1/1-3])# bridge state enableTo disable the bridge state, enter:
(config-if-vlan[1/1-3])# bridge state disableConfiguring Port Fast on an Interface
The Port Fast feature immediately brings a CSS Ethernet interface (port) to the Spanning Tree Protocol (STP) forwarding state from a blocking state, bypassing the listening and learning states. You can specify Port Fast for ports connected to a single workstation or server to allow those devices to immediately connect to the network, rather than waiting for the STP to converge.
Ports connected to a single workstation or server should not receive bridge protocol data units (BPDUs).
Caution
This section includes the following topics:
•
Enabling Port Fast
A port with the Port Fast feature enabled is moved directly to the spanning-tree forwarding state without waiting for the standard forward-time delay.
Caution
To enable Port Fast on a non-trunked port, use the interface mode bridge port-fast enable command. You cannot configure Port Fast on a trunked port. By default, Port Fast is disabled on the port.
(config-if[2/1])# bridge port-fast enableTo disable the Port Fast feature, use the interface mode bridge port-fast disable command.
(config-if[2/1])# bridge port-fast disableEnabling BPDU Guard
Use the BPDU guard feature to prevent a Port Fast port on the CSS from participating in the spanning tree. When you globally enable BPDU guard on the Port Fast ports, spanning tree shuts down the ports that receive BPDUs. For information to enable Port Fast on an interface port, see the "Configuring Port Fast on an Interface" section.
In a valid configuration, the enabled Port Fast ports do not receive BPDUs. Receiving a BPDU on a Port Fast-enabled port signals an invalid configuration, such as the connection of an unauthorized device, and the BPDU guard feature puts the port in the disabled state. The BPDU guard feature provides a secure response to invalid configurations because you must manually put the port back in service.
To enable the BPDU guard on the CSS, use the global configuration bridge bdpu-guard enabled command:
#(config) bridge bpdu-guard enabledTo disable BPDU guard, use the global configuration bridge bpdu-guard disabled command:
#(config) bridge bpdu-guard disabledShowing Port Fast Information
To display whether Port Fast is enabled or disabled on all interfaces, use the show bridge port-fast command. This command is available in all modes. This command also displays whether the BPDU guard feature is enabled or disabled on the CSS, and the state of the interfaces.
Table 5-2 describes the fields in the show bridge port-fast command output.
Showing Interface Configurations
This CSS includes a series of show interface mode commands that enable you to view interface configuration information about the CSS. This information includes VLAN bridging, VLAN trunk status, list of valid Ethernet interfaces, interface duplex and speed values, interface statistics, and errors on an Ethernet interface.
This section includes the following topics:
•
•
•
•
•
Showing Bridge Configurations
The CSS enables you to show bridging information for a specific VLAN in the CSS. Use the show bridge command to display this bridging information.
The syntax for this command is:
show bridge [forwarding|status] {vlan_number}
The options and variables are as follows:
•
•
•
To display bridge forwarding or bridge status for a specific VLAN in the CSS, enter the show bridge forwarding or the show bridge status command with the VLAN number. Entering the show bridge command with a VLAN number returns a list of available VLANs.
Table 5-3 describes the fields in the show bridge forwarding command output.
Table 5-4 describes the fields in the show bridge status command output.
Showing Trunking Configurations
The CSS enables you to show VLAN trunk status information for Gigabit Ethernet and Fast Ethernet ports. To display this information, use the show trunk command.
Table 5-5 describes the fields in the show trunk command output.
Showing Interface Information
To display a list of valid interfaces for the CSS, use the show interface command. For example:
(config)# show interfaceTo display information for a specific interface, enter the show interface command and the interface name. Enter the interface name as follows:
•
•
For example, to show interface information for port 1 on a CSS 11503, the I/O module in slot 2, enter:
(config)# show interface 2/1Table 5-6 describes the fields in the show interface command output.
Showing Interface Duplex and Speed
Use the show phy command to show duplex and speed values for all interfaces. For example:
(config)# show phyTo show duplex and speed value for a specific interface, specify the show phy command and the interface name. Enter the interface name as follows:
•
•
For example, to show the interface and duplex speed for interface port 1 on a CSS 11506, the I/O module in slot 2, enter:
(config)# show phy 2/1Table 5-7 describes the fields in the show phy command output.
Showing Interface Statistics
Use the show mibii command to display the extended 64-bit MIB-II statistics for a specific interface, or for all interfaces in the CSS. The CSS Enterprise ap64Stats MIB defines these statistics. The Gigabit Ethernet module port statistics are an aggregation of all ports on the module.
To display the RFC 1213 32-bit statistics, include the -32 suffix.
To display extended MIB-II statistics for a specific interface in the CSS, enter the show mibii command with the interface name. To see a list of interfaces in the CSS, enter show mibii ?.
Note
Table 5-8 describes the fields in the show mibii command output.
To clear interface statistics, use the clear statistics command in SuperUser mode. For example:
# clear statisticsShowing Ethernet Interface Errors
To list the errors on an Ethernet interface, use the show ether-errors command and options. When required, enter the interface name as a case-sensitive unquoted text string. To see a list of interfaces, enter show ether-errors ?.
The command provides the following options:
•
•
•
•
•
•
Table 5-9 describes the fields in the show ether-errors command output.
Shutting Down an Interface
Use the admin-shutdown command to shut down an interface.
Caution
To shut down interface e3 on the CSS 11501 enter:
(config-if[e3]) admin-shutdownShutting Down All Interfaces
Use the admin-shutdown command to shut down all interfaces simultaneously. This command is only available in the SuperUser mode. The admin-shutdown command provides a quick way to shut down all physical devices in the CSS except the console and Ethernet management ports.
Caution
To shut down all interfaces, enter:
# admin-shutdownRestarting an Interface
Use the no admin-shutdown command to restart the interface. For example to restart interface e3 on the CSS 11501 enter:
(config-if[e3])# no admin-shutdown
Note
Restarting All Interfaces
To restart all interfaces, enter:
# no admin-shutdown
Note
Configuring Circuits
A circuit on the CSS is a logical entity that maps IP interfaces to a logical port or group of logical ports, for example, a VLAN. Each VLAN circuit requires an IP address. Assigning an IP address to each VLAN circuit allows the CSS to route Ethernet interfaces from VLAN to VLAN. Router Discovery Protocol (RDP) settings can also be configured for each circuit VLAN to advertise the CSS to hosts.
This section includes the following topics:
•
•
•
Entering Circuit Configuration Mode
Use the circuit command to enter the circuit configuration mode. Enter the specific VLAN in uppercase letters. Do not include a space between VLAN and the VLAN number. For example:
(config)# circuit VLAN7(config-circuit[VLAN7])#Configuring a Circuit IP Interface
This section includes the following topics:
•
•
•
•
•
•
Configuring a Circuit IP Address
Use the ip address command to assign an IP address to a circuit. Enter the IP address and a subnet mask in CIDR bit-count notation or a mask in dotted-decimal notation. The subnet mask range is 8 to 31.
For example, to configure an IP address and subnet mask for VLAN7, enter:
(config-circuit[VLAN7])# ip address 172.16.6.58/8When you specify an IP address, the mode changes to the specific circuit-ip-VLAN-IP address as shown:
(config-circuit-ip[VLAN7-172.16.6.58])#
Note
To remove a local IP address from a circuit, enter the following command from circuit mode:
(config-circuit[VLAN7])# no ip addressConfiguring a Circuit-IP Broadcast Address
Use the broadcast command to change the broadcast address associated with a circuit. If you leave the broadcast address at zero, the all-ones host is used for numbered interfaces.
The default broadcast address is an all-ones host address (for example, IP address 172.16.6.58/24 has a broadcast address of 172.16.6.58/255). This command is available in IP configuration mode.
For example, to change the broadcast address on circuit VLAN7, enter:
(config-circuit-ip[VLAN7-172.16.6.58])# broadcast 0.0.0.0To reset the broadcast IP address to the default all-ones host address, enter:
(config-circuit[VLAN7-172.16.6.58])# no broadcastConfiguring Circuit-IP Redirects
Use the redirects command to enable the transmission of Internet Control Message Protocol (ICMP) redirect messages. The default state is enabled.
For example:
(config-circuit-ip[VLAN7-172.16.6.58])# redirectsTo disable the transmission of ICMP redirect messages, enter:
(config-circuit-ip[VLAN7-172.16.6.58])# no redirectsConfiguring Circuit-IP Unreachables
Use the unreachables command to enable the transmission of ICMP Destination Unreachable messages. The default state is enabled.
For example:
(config-circuit-ip[VLAN7-172.16.6.58])# unreachablesTo disable the transmission of ICMP Destination Unreachable messages, enter:
(config-circuit-ip[VLAN7-172.16.6.58])# no unreachablesConfiguring Router-Discovery Preference for a Circuit IP Interface
Use the router-discovery command to enable router discovery and configure the router discovery preference value for a circuit IP interface. When enabled, router discovery transmits packets with the "all-hosts" multicast address of 244.0.0.1.
Note
Use the router-discovery preference command to specify the preference level for the advertised CSS circuit IP address, relative to other devices on the same network. The value is an integer from 0 (default) to 65535. If you use the default value, you do not need to use this command.
For example, to specify a router discovery preference value of 100, enter:
(config-circuit-ip[VLAN7-192.168.1.58])# router-discovery(config-circuit-ip[VLAN7-192.168.1.58])# router-discovery preference 100To disable router discovery, enter:
(config-circuit-ip[VLAN7-192.168.1.58])# no router-discoveryTo restore the router discovery preference value to the default of 0, enter:
(config-circuit-ip[VLAN7-192.168.1.58])# no router-discovery preferenceEnabling and Disabling a Circuit IP
Use the enable command to enable or disable the IP interface on a circuit. The default is enabled.
For example:
(config-circuit-ip[VLAN7-172.16.6.58])# enableTo disable the IP interfaces on a circuit, enter:
(config-circuit-ip[VLAN7-172.16.6.58])# no enableConfiguring Router-Discovery Protocol Settings for a Circuit
The CSS allows you to enable Router Discovery Protocol (RDP) settings and define a router discovery preference for each circuit VLAN. RDP announces the existence of the CSS to hosts by periodically multicasting or broadcasting a router advertisement to each interface.
Use the circuit command to enter the circuit configuration mode before configuring RDP for a circuit VLAN.
This section includes the following topics:
•
•
•
•
Configuring the Router-Discovery Lifetime
Use the router-discovery lifetime command to configure the maximum age, in seconds, that hosts remember router advertisements. Enter an integer between 0 and 9000 seconds. The default is three times the max-advertisement-interval.
For example:
(config-circuit[VLAN7])# router-discovery lifetime 600To reset the time to the default of three times the max-advertisement-interval, enter:
(config-circuit[VLAN7)# no router-discovery lifetimeConfiguring Router-Discovery Limited-Broadcast
Use the router-discovery limited-broadcast command to transmit router discovery packets using the limited broadcast address 255.255.255.255. The default is 224.0.0.1 (the "all-hosts" multicast address).
For example:
(config-circuit[VLAN7])# router-discovery limited-broadcastTo revert to the default of 224.0.0.1, enter:
(config-circuit[VLAN7)# no router-discovery limited-broadcastConfiguring the Router-Discovery Max-Advertisement-Interval
Use the router-discovery max-advertisement-interval command to configure the maximum interval timer used for router discovery advertisement from the circuit VLAN. This command defines the maximum interval, in seconds, between sending advertisements. Enter an integer from 4 to 1800. The default is 600 (10 minutes).
For example:
(config-circuit[VLAN7])# router-discovery max-advertisement-interval 300To restore the router discovery maximum advertisement interval to the default of 600, enter:
(config-circuit[VLAN7])# no router-discovery max-advertisement-intervalConfiguring the Router-Discovery Min-Advertisement-Interval
Use the router-discovery min-advertisement-interval command to configure the minimum interval timer used for router discovery advertisement from the circuit VLAN. This command defines the minimum interval, in seconds, between sending advertisements. Enter an integer from 0 to 1800.
The default is 0.75 times the max-advertisement-interval. If this value is greater than 0, it must be less than the value specified using the router-discovery max-advertisement-interval command.
For example:
(config-circuit[VLAN7])# router-discovery min-advertisement-interval 100To reset the minimum router advertisement interval to the default of 0.75 times the maximum advertisement value, enter:
(config-circuit[VLAN7])# no router-discovery min-advertisement-intervalShowing Circuits
Use the show circuits command to show circuit information. This command provides the following options:
•
•
•
To list all circuits and their interfaces in the Up state, enter:
# show circuitsTo list all circuits and their interfaces regardless of their state, enter:
# show circuits allTo list an individual circuit, enter:
# show circuits name VLAN5Table 5-10 describes the fields in the show circuits command output.
Showing IP Interfaces
Use the show ip interfaces command to display configured IP interfaces on the CSS. The display includes the circuit state, IP address, broadcast address, Internet Control Message Protocol (ICMP) settings, and Router Discovery Program (RDP) settings. For example:
# show ip interfacesTable 5-11 describes the fields in the show ip interfaces command output.
Configuring RIP for an IP Interface
You can configure Routing Information Protocol (RIP) attributes on each IP interface. To configure RIP parameters and run RIP on an IP interface, use the following routing commands within the specific circuit IP mode. The default mode is to send RIP version 2 (v2) and receive either RIP or RIP2.
The timers used by RIP in the CSS include the following default values. These RIP timer values are not user-configurable in the CSS.
•
•
•
This section includes the following topics:
•
•
•
•
•
Enabling RIP on an IP Interface
Use the rip command to start running RIP on an IP interface. For example:
(config-circuit-ip[VLAN7-192.168.1.58)# ripTo stop running the RIP on the interface, enter:
(config-circuit-ip[VLAN7-192.168.1.58])# no ripConfiguring a RIP Default Route
Use the rip default-route command to advertise a default route on an IP interface with a specific metric. You can also specify an optional metric in the command line. The CSS uses this metric when advertising a route. Enter a number from 1 to 15. The default is 1.
For example:
(config-circuit-ip[VLAN7-192.168.1.58])# ripdefault-route 9Configuring a RIP Receive Version
Use the rip receive command to specify the RIP version that the interface receives. The options for this command are as follows:
•
•
•
•
For example:
(config-circuit-ip[VLAN7-192.168.1.58])# rip receive bothConfiguring RIP Send Version
Use the rip send command to specify the RIP version that the interface transmits. The options for this command are as follows:
•
•
•
For example:
(config-circuit-ip[VLAN7-192.168.1.58])# rip send v1Configuring RIP Packet Logging
Use the rip log command to enable the CSS to log received or transmitted RIP packets on the interface. Use the no form of this command to disable logging (default setting).
The options for this command are as follows:
•
•
For example:
(config-circuit-ip[VLAN7-192.168.1.58])# rip log rxShowing RIP Configurations for IP Addresses
Use the show rip command to show a RIP configuration for one IP address or all IP addresses configured in the CSS. The options for this command are as follows:
•
•
•
•
•
Table 5-12 describes the fields in the show rip command output.
To display global RIP statistics, enter:
# show rip globalsTable 5-13 describes the fields in the show rip globals command output.
To display the RIP interface statistics for all RIP interface entries, enter:
# show rip statisticsTable 5-14 describes the fields in the show rip statistics command output.
Configuring the Switched Port Analyzer Feature
Configure the switched port analyzer (SPAN) feature on your CSS to mirror (copy) traffic passing through one CSS port (Fast Ethernet or Gigabit Ethernet) to another designated port of the same type and on the same CSS module for analysis. You can use SPAN for network troubleshooting or tuning using a network analyzer. SPAN is sometimes referred to as port mirroring or port monitoring.
A SPAN session is the association of a destination port with a source port on the same CSS module. The port that is monitored is called the source SPAN (SSPAN) port. An SSPAN port consists of two components:
•
•
SPAN can monitor the ingress path, the egress path, or both. You can configure only one SSPAN port in a CSS chassis.
The port that monitors the SSPAN port is called the destination SPAN (DSPAN) port. You can configure only one DSPAN port in a CSS chassis and it must have the following characteristics:
•
•
•
Once you configure a port as a DSPAN port, the CSS removes it from all VLANs and ignores ingress traffic on that port. In addition, the DSPAN port does not participate in STP or routing protocols such as RIP and OSPF.
Traffic copied to the DSPAN port is typically forwarded to a network analyzer, protocol analyzer, or an RMON probe. SPAN allows you to monitor CSS ports without:
•
•
•
Figure 5-3 shows an example of SPAN connectivity with a protocol analyzer connected to port 2/13 on a CSS. In this example, the CSS copies all packets received or transmitted on Fast Ethernet (FE) port 2/4 (SSPAN port) to FE port 2/13 (DSPAN port). The analyzer connected to DSPAN port 2/13 receives all network traffic that the SSPAN port receives or transmits.
Figure 5-3 Example of SPAN Connectivity
This section describes how to configure SPAN on a CSS. It includes the following topics:
•
Configuring SPAN on a CSS
To configure SPAN on a CSS, use the setspan command. This command instructs the CSS to monitor all incoming and/or outgoing traffic on a specified SSPAN port by copying the packets to a specified DSPAN port on the same module in the CSS. This feature is disabled by default.
The syntax of this global configuration mode command is:
setspan src_port number dest_port number copyBoth|copyTxOnly|copyRxOnly
The options and variables for this command are as follows:
•
•
Note
•
Note
•
•
For example, to copy all received and transmitted packets on SSPAN port 3 of the I/O module in slot 3 to DSPAN port 12 on the same module, enter:
(config)# setspan src_port 3/3 dest_port 3/12 copyBothTo return the SPAN feature to its default state of disabled, use the no setspan command. For example, to disable SPAN on the source and destination ports on CSS module 3 in the example above, enter:
(config)# no setspan src_port 3/3 dest_port 3/12Verifying the SPAN Configuration on a CSS
To verify the SPAN configuration on a CSS, use the show setspan command. Table 5-15 describes the fields in the show setspan command output.
Where to Go Next
Chapter 6, Configuring CSS Network Protocols describes how to configure Domain Name Service (DNS), Address Resolution Protocol (ARP), Routing Information Protocol (RIP), Internet Protocol (IP), and spanning-tree bridging, and Dynamic Host Configuration Protocol (DHCP).
