Table Of Contents
Manually Assigning and Removing Switch IP Information
Using DHCP-Based Autoconfiguration
Understanding DHCP-Based Autoconfiguration
Configuring the Domain Name and the DNS
Assigning Passwords and Privilege Levels
Setting the System Date and Time
Configuring Daylight Saving Time
Configuring the Network Time Protocol
Configuring the Switch as an NTP Client
Configuring the Switch for NTP Broadcast-Client Mode
Configuring CDP for Extended Discovery
Managing the MAC Address Tables
Changing the Address Aging Time
Removing Dynamic Address Entries
Configuring Static Addresses for EtherChannel Port Groups
Enabling the Fast Leave Feature
Disabling the CGMP Fast Leave Feature
Changing the CGMP Router Hold-Time
Setting the Maximum Number of IGMP Groups
Using MVR in a Multicast Television Application
Configuration Guidelines and Limitations
Using STP to Support Redundant Connectivity
Accelerating Aging to Retain Connectivity
Configuring STP and UplinkFast in a Cascaded Cluster
Configuring Redundant Links By Using STP UplinkFast
Configuring Cross-Stack UplinkFast
Events that Cause Fast Convergence
Configuring Cross-Stack UplinkFast
Changing the STP Parameters for a VLAN
Changing the STP Implementation
Changing the BPDU Message Interval
Changing the Hello BPDU Interval
Changing the Forwarding Delay Time
Enabling the Port Fast Feature
Configuring the TACACS+ Server Host
Configuring Login Authentication
Specifying TACACS+ Authorization for EXEC Access and Network Services
Configuring a Switch for Local AAA
Configuring the System
This chapter provides these topics about changing switch-wide configuration settings:
•
Assigning Passwords and Privilege Levels
•
•
For information about configuring these settings from Cluster Management Suite (CMS), refer to the online help.
This switch software release is based on Cisco IOS Release 12.0. It has been enhanced to support a set of features for the Catalyst 2900 XL and Catalyst 3500 XL switches. This chapter provides procedures for using only the commands that have been created or changed for these switches. The Catalyst 2900 Series XL and Catalyst 3500 Series XL Command Reference provides complete descriptions of these commands. This guide does not provide Cisco IOS Release 12.0 commands and information already documented in the Cisco IOS Release 12.0 documentation on Cisco.com.
Changing IP Information
You can assign and change the IP information of your switch in these ways:
•
•
•
Caution
Note
Manually Assigning and Removing Switch IP Information
You can manually assign an IP address, mask, and default gateway to the switch. The mask identifies the bits that denote the network number in the IP address. When you use the mask to subnet a network, the mask is then referred to as a subnet mask. The broadcast address is reserved for sending messages to all hosts. The CPU sends traffic to an unknown IP address through the default gateway.
Beginning in privileged EXEC mode, follow these steps to enter the IP information:
Use this procedure to remove the IP information from a switch.
Note
Beginning in privileged EXEC mode, follow these steps to remove an IP address:
Using DHCP-Based Autoconfiguration
The Dynamic Host Configuration Protocol (DHCP) provides configuration information to Internet hosts and internetworking devices. With DHCP-based autoconfiguration, your switch (DHCP client) can be automatically configured during bootup with IP address information and a configuration file that it receives during DHCP-based autoconfiguration.
Note
Understanding DHCP-Based Autoconfiguration
The DHCP provides configuration information to internet hosts and internetworking devices. This protocol consists of two components: one for delivering configuration parameters from a DHCP server to a device and one for allocating network addresses to devices. DHCP is built on a client-server model, where designated DHCP servers allocate network addresses and deliver configuration parameters to dynamically configured devices.
With DHCP-based autoconfiguration, your switch (DHCP client) can be automatically configured at startup with IP address information and a configuration file that it receives during DHCP-based autoconfiguration. No DHCP client-side configuration is required on your switch.
However, you need to configure the DHCP server for various lease options. You might also need to configure a TFTP server, a Domain Name System (DNS) server, and possibly a relay device if the servers are on a different LAN than your switch. A relay device forwards broadcast traffic between two directly connected LANs. A router does not forward broadcast packets, but it forwards packets based on the destination IP address in the received packet. DHCP-based autoconfiguration replaces the BOOTP client functionality on your switch.
DHCP Client Request Process
When you boot your switch, the DHCP client can be invoked and automatically request configuration information from a DHCP server under these conditions:
•
•
•
Figure 6-1 shows the sequence of messages that are exchanged between the DHCP client and the DHCP server.
Figure 6-1 DHCP Request for IP Information from a DHCP Server
The client, Switch A, broadcasts a DHCPDISCOVER message to locate a DHCP server. The DHCP server offers configuration parameters (such as an IP address, subnet mask, gateway IP address, DNS IP address, a lease for the IP address, and so forth) to the client in a DHCPOFFER unicast message.
In a DHCPREQUEST broadcast message, the client returns a request for the offered configuration information to the DHCP server. The request is broadcast so that all other DHCP servers that received the DHCPDISCOVER broadcast message from the client can reclaim the IP addresses that they offered to the client.
The DHCP server confirms that the IP address has been allocated to the client by returning a DHCPACK unicast message to the client. With this message, the client and server are bound, and the client uses configuration information received from the server. The amount of information the switch receives depends on how you configure the DHCP server. For more information, see the "Configuring the DHCP Server" section.
If the configuration parameters sent to the client in the DHCPOFFER unicast message by the DHCP server are invalid (a configuration error exists), the client returns a DHCPDECLINE broadcast message to the DHCP server.
The DHCP server sends the client a DHCPNAK denial broadcast message, which means the offered configuration parameters have not been assigned, an error has occurred during the negotiation of the parameters, or the client has been slow in responding to the DHCPOFFER message (the DHCP server assigned the parameters to another client) of the DHCP server.
A DHCP client might receive offers from multiple DHCP or BOOTP servers and can accept any one of the offers; however, the client usually accepts the first offer it receives. The offer from the DHCP server is not a guarantee that the IP address will be allocated to the client; however, the server usually reserves the address until the client has had a chance to formally request the address. If the switch accepts replies from a BOOTP server and configures itself, the switch will broadcast, instead of unicast, TFTP requests to obtain the switch configuration file.
Configuring the DHCP Server
You should configure the DHCP servers with reserved leases that are bound to each switch by the switch hardware address. If the DHCP server does not support reserved leases, the switch can obtain different IP addresses and configuration files at different boot instances. You should configure the DHCP server with these lease options:
•
•
•
•
•
•
•
If you do not configure the DHCP server with the lease options described earlier, then it replies to client requests with only those parameters that have available values. If the IP address and subnet mask are not in the reply, the switch is not configured. If the DNS server IP address, router IP address, or TFTP server name are not found, the switch might broadcast TFTP requests. Unavailability of other lease options does not affect autoconfiguration.
Note
The DHCP server can be on the same or a different LAN as the switch. If it is on a different LAN, the switch must be able to access it through a relay device. The DHCP server can be running on a UNIX or Linux operating system; however, the Windows NT operating system is not supported in this release.
For more information, see the "Configuring the Relay Device" section. You must also set up the TFTP server with the switch configuration files; for more information, see the next section.
For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Configuring the TFTP Server
The TFTP server must contain one or more configuration files in its base directory. The files can include the following:
•
•
•
You must specify the TFTP server name in the DHCP server lease database. You must also specify the TFTP server name-to-IP-address mapping in the DNS server database.
The TFTP server can be on the same or a different LAN as the switch. If it is on a different LAN, the switch must be able to access it through a relay device or a router. For more information, see the "Configuring the Relay Device" section.
If the configuration filename is provided in the DHCP server reply, the configuration files for a switch can be spread over multiple TFTP servers. However, if the configuration filename is not provided, then the configuration files must reside on a single TFTP server.
For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Configuring the Domain Name and the DNS
Each unique IP address can have a host name associated with it. The IOS software maintains a cache of host name-to-address mappings for use by the EXEC mode connect, telnet, and ping commands, and related Telnet support operations. This cache speeds the process of converting names to addresses.
IP defines a hierarchical naming scheme that allows a device to be identified by its location or domain. Domain names are pieced together with periods (.) as the delimiting characters. For example, Cisco Systems is a commercial organization that IP identifies by a com domain name, so its domain name is cisco.com. A specific device in this domain, the File Transfer Protocol (FTP) system for example, is identified as ftp.cisco.com.
To keep track of domain names, IP has defined the concept of a Domain Name Server (DNS), which holds a cache (or database) of names mapped to IP addresses. To map domain names to IP addresses, you must first identify the host names and then specify a name server and enable the DNS, the Internet's global naming scheme that uniquely identifies network devices.
You can specify a default domain name that the software uses to complete domain name requests. You can specify either a single domain name or a list of domain names. When you specify a domain name, any IP host name without a domain name will have that domain name appended to it before being added to the host table.
If your network devices require connectivity with devices in networks for which you do not control name assignment, you can assign device names that uniquely identify your devices within the entire internetwork. The Internet's global naming scheme, the DNS, accomplishes this task. This service is enabled by default.
The switch uses the DNS server to resolve the TFTP server name to a TFTP server IP address. You must configure the TFTP server name-to-IP address map on the DNS server. The TFTP server contains the configuration files for the switch.
You must configure the IP addresses of the DNS servers in the lease database of the DHCP server from where the DHCP replies will retrieve them. You can enter up to two DNS server IP addresses in the lease database.
The DNS server can be on the same or a different LAN as the switch. If it is on a different LAN, the switch must be able to access it through a relay device or router. For more information, see the "Configuring the Relay Device" section.
For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Configuring the Relay Device
You need to use a relay device if the DHCP, DNS, or TFTP servers are on a different LAN than the switch. You must configure this relay device to forward received broadcast packets on an interface to the destination host. This configuration ensures that broadcasts from the DHCP client can reach the DHCP, DNS, and TFTP servers and that broadcasts from the servers can reach the DHCP client.
If the relay device is a Cisco router, you enable IP routing (ip routing global configuration command) and configure it with helper addresses by using the ip helper-address interface configuration command.
For example, in Figure 6-2, you configure the router interfaces as follows:
On interface 10.0.0.2:
router(config-if)# ip helper-address 20.0.0.2router(config-if)# ip helper-address 20.0.0.3router(config-if)# ip helper-address 20.0.0.4On interface 20.0.0.1
router(config-if)# ip helper-address 10.0.0.1Figure 6-2 Relay Device Used in Autoconfiguration
For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Obtaining Configuration Files
Depending on the availability of the IP address and the configuration filename in the DHCP reserved lease, the switch obtains its configuration information in these ways:
•
The switch receives its IP address, subnet mask, and configuration filename from the DHCP server. It also receives a DNS server IP address and a TFTP server name. The switch sends a DNS request to the DNS server, specifying the TFTP server name, to obtain the TFTP server address. Then the switch sends a unicast message to the TFTP server to retrieve the named configuration file from the base directory of the server, and upon receipt, completes its boot-up process.
•
The switch follows the same configuration process described above.
•
The switch receives its IP address and subnet mask from the DHCP server. It also receives a DNS server IP address and a TFTP server name. The switch sends a DNS request to the DNS server, specifying the TFTP server name, to obtain the TFTP server address.
The switch sends a unicast message to the TFTP server to retrieve the network-confg or cisconet.cfg default configuration file. (If the network-confg file cannot be read, the switch reads the cisconet.cfg file.)
The default configuration file contains the host names-to-IP-address mapping for the switch. The switch fills its host table with the information in the file and obtains its host name. If the host name is not found in the file, the switch uses the host name in the DHCP reply. If the host name is not specified in the DHCP reply, the switch uses the default "Switch" as its host name.
After obtaining its host name from the default configuration file or the DHCP reply, the switch reads the configuration file that has the same name as its host name (hostname-confg or hostname.cfg, depending on whether network-confg or cisconet.cfg was read earlier) from the TFTP server. If the cisconet.cfg file is read, the filename of the host is truncated to eight characters.
If the switch cannot read the network-confg, cisconet.cfg, or the host-name file, it reads the router-confg file. If the switch cannot read the router-confg file, it reads the ciscortr.cfg file.
Note
Example Configuration
Figure 6-3 shows a sample network for retrieving IP information using DHCP-based autoconfiguration.
Figure 6-3 DHCP-Based Autoconfiguration Network Example
Table 6-1 shows the configuration of the reserved leases on the DHCP server.
DNS Server Configuration
The DNS server maps the TFTP server name maritsu to IP address 10.0.0.3.
TFTP Server Configuration (on UNIX)
The TFTP server base directory is set to /tftpserver/work/. This directory contains the network-confg file used in the two-file read method. This file contains the host name to be assigned to the switch based on its IP address. The base directory also contains a configuration file for each switch (switch1-confg, switch2-confg, and so forth) as shown in this display:
prompt> cd /tftpserver/work/prompt> lsnetwork-confgswitch1-confgswitch2-confgswitch3-confgswitch4-confgprompt> cat network-confgip host switch1 10.0.0.21ip host switch2 10.0.0.22ip host switch3 10.0.0.23ip host switch4 10.0.0.24DHCP Client Configuration
No configuration file is present on Switch 1 through Switch 4.
Configuration Explanation
In Figure 6-3, Switch 1 reads its configuration file as follows:
•
•
•
•
•
Switches 2 through 4 retrieve their configuration files and IP addresses in the same way.
Assigning Passwords and Privilege Levels
You can assign the password of your switch in these ways:
•
•
Note
Because many privileged EXEC commands are used to set operating parameters, you should password-protect these commands to prevent unauthorized use. Catalyst 2900 XL and Catalyst 3500 XL switches have two commands for setting passwords:
•
•
You must enter one of these passwords to gain access to privileged EXEC mode. We recommend that you use the enable secret password.
Note
•
•
–
–
–
For information about passwords and CMS, see the "Access Modes in CMS" section.
•
Both types of passwords can contain from 1 to 25 uppercase and lowercase alphanumeric characters, and both can start with a number. Spaces are also valid password characters; for example, two words is a valid password. Leading spaces are ignored; trailing spaces are recognized. The password is case sensitive.
If you enter the enable secret command, the text is encrypted before it is written to the config.text file, and it is unreadable. If you enter the enable password command, the text is written as entered to the config.text file where you can read it. To remove a password, use the no version of the commands: no enable secret or no enable password. For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
You can also specify up to 15 privilege levels and define passwords for them by using the enable password [level level] {password} or the enable secret [level level] {password} command. Level 1 is EXEC-mode user privileges. If you do not specify a level, the privilege level defaults to 15 (privileged EXEC-mode privileges).
You can specify a level, set a password, and give the password only to users who need to have access at this level. Use the privilege level global configuration command to specify commands accessible at various levels.
If you lose or forget your enable password, see the "Recovering from a Lost or Forgotten Password" section.
Setting the System Date and Time
You can change the date and a 24-hour clock time setting on the switch. If you are entering the time for an American time zone, enter the three-letter abbreviation for the time zone, such as PST for Pacific standard time. If you are identifying the time zone by referring to Greenwich mean time, enter UTC (universal coordinated time). You then must enter a negative or positive number as an offset to indicate the number of time zones between the switch and Greenwich, England. Enter a negative number if the switch is west of Greenwich, England, and east of the international date line. For example, California is eight time zones west of Greenwich, so you would enter -8. Enter a positive number if the switch is east of Greenwich. You can also enter negative and positive numbers for minutes.
Configuring Daylight Saving Time
You can configure the switch to change to daylight saving time on a particular day every year, on a day that you enter, or not at all.
For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Configuring the Network Time Protocol
In complex networks, it is often prudent to distribute time information from a central server. The Network Time Protocol (NTP) can distribute time information by responding to requests from clients or by broadcasting time information.
For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Configuring the Switch as an NTP Client
You configure the switch as an NTP client by entering the IP addresses of up to ten NTP servers and specifying which server should be used first. You can also enter an authentication key to be used as a password when requests for time information are sent to the server.
Enabling NTP Authentication
To ensure the validity of information received from NTP servers, you can authenticate NTP messages with public-key encryption. This procedure must be coordinated with the administrator of the NTP servers: the information you enter will be matched by the servers to authenticate it.
Configuring the Switch for NTP Broadcast-Client Mode
You can configure the switch to receive NTP broadcast messages if there is an NTP broadcast server, such as a router, broadcasting time information on the network. You can also enter a value to account for any round-trip delay between the client and the NTP broadcast server.
Configuring CDP
Use the Cisco IOS CLI and Cisco Discovery Protocol (CDP) to enable CDP for the switch, set global CDP parameters, and display information about neighboring Cisco devices.
CDP enables the Cluster Management Suite to display a graphical view of the network. For example, the switch uses CDP to find cluster candidates and to maintain information about cluster members and other devices up to three cluster-enabled devices away from the command switch.
If necessary, you can configure CDP to discover switches running the Cluster Management Suite up to seven devices away from the command switch. Devices that do not run clustering software display as edge devices, and CDP cannot discover any device connected to them.
Note
Configuring CDP for Extended Discovery
You can change the default configuration of CDP on the command switch to continue discovering devices up to seven hops away. Figure 6-4 shows a command switch that can discover candidates and cluster members up to seven devices away from it. Figure 6-4 also shows the command switch connected to a Catalyst 5000 series switch. Although the Catalyst 5000 supports CDP, it does not support clustering, and the command switch cannot learn about connected candidate switches connected to it, even if they are running CMS.
Figure 6-4 Discovering Cluster Candidates through CDP
Beginning in privileged EXEC mode, follow these steps to configure the number of hops that CDP uses to discover candidate switches and cluster members.
Managing the MAC Address Tables
You can manage the MAC address tables that the switch uses to forward traffic between ports. All MAC addresses in the address tables are associated with one or more ports. These MAC tables include these types of addresses:
•
•
•
The address tables list the destination MAC address and the VLAN ID, module, and port number associated with the address. Figure 6-5 shows an example list of addresses as they would appear in the dynamic, secure, or static address table. Table 6-2 shows the maximum number of MAC addresses supported on the Catalyst 2900 XL and Catalyst 3500 XL switches.
Figure 6-5 Contents of the Address Table
MAC Addresses and VLANs
All addresses are associated with a VLAN. An address can exist in more than one VLAN and have different destinations in each. Multicast addresses, for example, could be forwarded to port 1 in VLAN 1 and ports 9, 10, and 11 in VLAN 5.
Each VLAN maintains its own logical address table. A known address in one VLAN is unknown in another until it is learned or statically associated with a port in the other VLAN. An address can be secure in one VLAN and dynamic in another. Addresses that are statically entered in one VLAN must be static addresses in all other VLANs.
Changing the Address Aging Time
Dynamic addresses are source MAC addresses that the switch learns and then drops when they are not in use. The aging time parameter defines how long the switch retains unseen addresses in the table. This parameter applies to all VLANs.
Setting too short an aging time can cause addresses to be prematurely removed from the table. Then when the switch receives a packet for an unknown destination, it floods the packet to all ports in the same VLAN as the receiving port. This unnecessary flooding can impact performance. Setting too long an aging time can cause the address table to be filled with unused addresses; it can cause delays in establishing connectivity when a workstation is moved to a new port.
Beginning in privileged EXEC mode, follow these steps to configure the dynamic address table aging time.
Removing Dynamic Address Entries
Beginning in privileged EXEC mode, follow these steps to remove a dynamic address entry:
You can remove all dynamic entries by using the clear mac-address-table dynamic command in privileged EXEC mode.
MAC Address Notification
MAC address notification enables you to track users coming to and going from your network. Whenever a new MAC address is learned or an old MAC address is removed from the switch, an SNMP notification (trap) is generated. If you have many users coming and going from the network, you can set a trap interval time so that traps can be bundled together and sent at regular intervals.
The MAC notification history table stores the MAC address activity for each hardware port for which the trap is enabled. MAC address notifications are generated for dynamic and secure MAC addresses. Events are not generated for self addresses, multicast addresses, or other static addresses.
Beginning in privileged EXEC mode, follow these steps to enable the MAC address notification feature:
To disable the switch from sending MAC address notification traps, use the no snmp-server enable traps mac-notification global configuration command. To disable the MAC address notification traps on a specific interface, use the no snmp trap mac-notification interface configuration command. To disable the MAC address notification feature, use the no mac-address-table notification global configuration command.
This example shows how to specify 172.20.10.10 as the NMS, enable the switch to send MAC address notification traps to the NMS, enable the MAC address notification feature, set the interval time to 60 seconds, set the history-size to 100 entries, and enable traps whenever a MAC address is added on Fast Ethernet interface 0/4.
Switch(config)# snmp-server host 172.20.10.10Switch(config)# snmp-server enable traps mac-notificationSwitch(config)# mac-address-table notification interval 60Switch(config)# mac-address-table notification history-size 100Switch(config)# interface fastethernet0/4Switch(config-if)# snmp trap mac-notification addedYou can verify the previous commands by entering the show mac-address-table notification privileged EXEC command.
Adding Secure Addresses
The secure address table contains secure MAC addresses and their associated ports and VLANs. A secure address is a manually entered unicast address that is forwarded to only one port per VLAN. If you enter an address that is already assigned to another port, the switch reassigns the secure address to the new port.
You can enter a secure port address even when the port does not yet belong to a VLAN. When the port is later assigned to a VLAN, packets destined for that address are forwarded to the port.
Beginning in privileged EXEC mode, follow these steps to add a secure address:
Removing Secure Addresses
Beginning in privileged EXEC mode, follow these steps to remove a secure address:
You can remove all secure addresses by using the clear mac-address-table secure command in privileged EXEC mode.
Adding Static Addresses
A static address has these characteristics:
•
•
•
You can determine how a port that receives a packet forwards it to another port for transmission. Because all ports are associated with at least one VLAN, the switch acquires the VLAN ID for the address from the ports that you select on the forwarding map.
A static address in one VLAN must be a static address in other VLANs. A packet with a static address that arrives on a VLAN where it has not been statically entered is flooded to all ports and not learned.
Static addresses are entered in the address table with an in-port-list, an out-port-list, and a VLAN ID, if needed. Packets received from the in-port list are forwarded to ports listed in the out-port-list.
Note
Beginning in privileged EXEC mode, follow these steps to add a static address:
Removing Static Addresses
Beginning in privileged EXEC mode, follow these steps to remove a static address:
You can remove all secure addresses by using the clear mac-address-table static command in privileged EXEC mode.
Configuring Static Addresses for EtherChannel Port Groups
Follow these rules if you are configuring a static address to forward to ports in an EtherChannel port group:
•
•
Configuring CGMP
CGMP reduces the unnecessary flooding of IP multicast packets by limiting the transmission of these packets to CGMP clients that request them. The Fast Leave feature accelerates the removal of unused CGMP groups. By default, CGMP is enabled, and the Fast Leave feature is disabled.
End stations issue join messages to become part of a CGMP group and issue leave messages to leave the group. The membership of these groups is managed by the switch and by connected routers through the further exchange of CGMP messages.
CGMP groups are maintained on a per-VLAN basis: a multicast IP address packet can be forwarded to one list of ports in one VLAN and to a different list of ports in another VLAN. When a CGMP group is added, it is added on a per-VLAN, per-group basis. When a CGMP group is removed, it is only removed in a given VLAN.
Note
Conversely, you cannot add an address to an MVR group if it is already a CGMP group member. If you want an address that is already a CGMP group member to be an MVR group member, remove the address from the CGMP group, and then statically add it to the MVR group. For information about MVR, see the "Configuring MVR" section.
Enabling the Fast Leave Feature
The CGMP Fast Leave feature reduces the delay when group members leave groups. When an end station requests to leave a CGMP group, the group remains enabled for that VLAN until all members have requested to leave. With the Fast Leave feature enabled, the switch immediately verifies if there are other group members attached to its ports. If there are no other members, the switch removes the port from the group. If there are no other ports in the group, the switch sends a message to routers connected to the VLAN to delete the entire group.
The Fast Leave feature functions only if CGMP is enabled. The client must be running IGMP version 2 for the Fast Leave feature to function properly.
Beginning in privileged EXEC mode, follow these steps to enable the CGMP Fast Leave feature:
Disabling the CGMP Fast Leave Feature
Beginning in privileged EXEC mode, follow these steps to disable the CGMP Fast Leave feature:
Changing the CGMP Router Hold-Time
The router hold-time is the number of seconds the switch waits before removing (aging) a router entry and ceasing to exchange messages with the router. If it is the last router entry in a VLAN, all CGMP groups on that VLAN are removed. You can thus enter a lower router hold-time to accelerate the removal of CGMP groups.
Note
Beginning in privileged EXEC mode, follow these steps to change the router hold-time.
Removing Multicast Groups
You can reduce the forwarding of IP multicast packets by removing groups from the Current Multicast Groups table. Each entry in the table consists of the VLAN, IGMP multicast address, and ports.
You can use the CLI to clear all CGMP groups, all CGMP groups in a VLAN, or all routers, their ports, and their expiration times. Beginning in privileged EXEC mode, follow these steps to remove all multicast groups.
Step 1
clear cgmp group
Clear all CGMP groups on all VLANs on the switch.
Step 2
show cgmp
Verify your entry by displaying CGMP information.
Configuring IGMP Filtering
IGMP filtering works with the Multicast VLAN Registration (MVR) feature to allow you to configure profiles of IP multicast groups. You can then associate these profiles with filtering action.
IGMP filters are associated with each physical switch port. These filters are applied to all VLANs associated with the physical port.
When a hostor client in a VLAN sends an IGMP join message, the IGMP message is processed by the filter on the switch port. If the configured filter causes the IGMP report to be dropped, the switch port requesting the stream of IP multicast traffic cannot receive IP multicast traffic for that group. If the filtering action permits a particular IGMP report, the IGMP report is forwarded for normal processing.
The filtering actions are configured on a per-switch-port basis.
Note
Note
IGMP filters can be used in the video service deployment in Ethernet to the home (ETTH). The IGMP filters specify which multicast addresses are allowed to be received by the switch.
Configuring IGMP Profiles
To configure an IGMP profile, use the ip igmp profile global configuration command with a profile number to create an IGMP profile and enter IGMP profile configuration mode. From this mode, you can specify the parameters of the IGMP profile to be used for filtering IGMP join requests from a switch port. When you are in IGMP profile configuration mode, you can create the profile by using these commands:
•
•
•
•
•
The default is for the switch to have no IGMP profiles configured. When a profile is configured, if neither the permit nor deny keyword is included, the default is to deny access to the range of IP addresses.
Beginning in privileged EXEC mode, follow these steps to create an IGMP profile:
