Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide, 12.1(12c)EW - Product Overview [Cisco Catalyst 4000 Series Switches]

Table Of Contents

Product Overview

Supported Hardware

Layer 2 Software Features

CDP

DHCP Snooping

EtherChannel Bundles

MST

Spanning Tree Protocol

UDLD

VLANs

Layer 3 Software Features

CEF

HSRP

IP Routing Protocols

RIP

OSPF

IGRP

EIGRP

BGP

Multicast Services

Network Security with ACLs

QoS Features

Management and Security Features

Product Overview

This chapter provides an overview of Catalyst 4000 family switches. This chapter includes the following major sections:

•Supported Hardware

•Layer 2 Software Features

•Layer 3 Software Features

•QoS Features

•Management and Security Features

Note For more information about the chassis, modules, and software features supported by the Catalyst 4000 family switch, refer to the Release Notes for the Catalyst 4000 Family Switch, Release 12.1(12c)EWat http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/relnotes/

Supported Hardware

A Catalyst 4000 family switch supports the following modules:

•WS-X4124-FX-MT—24-port 100BASE-FX Fast Ethernet switching module

•WS-X4148-FX-MT—48-port 100BASE-FX Fast Ethernet switching module

•WS-X4148-RJ—48-port 10/100 Fast Ethernet RJ-45

•WS-X4148-RJ21—48-port 10/100-Mbps Fast Ethernet switching module

•WS-X4148-RJ45-V—48-port inline power 10/100BASE-TX switching module

•WS-X4232-GB-RJ—32-port 10/100 Fast Ethernet RJ-45, plus 2-port 1000BASE-X Gigabit Interface Convertor (GBIC) Gigabit Ethernet

•WS-X4232-RJ-XX—32-port 10/100 Fast Ethernet RJ-45

•WS-X4306-GB—6-port 1000BASE-X (GBIC) Gigabit Ethernet

•WS-X4418-GB—18-port 1000BASE-X (GBIC) Gigabit Ethernet switching module

•WS-X4412-2GB-T—12-port 1000BASE-T Gigabit Ethernet switching module

•WS-X4424-GB-RJ45—24-port 10/100/1000BASE-T Gigabit Ethernet switching module

•WS-X4448-GB-LX—48-port 1000BASE-LX Gigabit Ethernet Fiber Optic interface module

•WS-X4448-GB-RJ45—48-port 10/100/1000BASE-T Gigabit Ethernet switching module

•WS-X4095-PEM—Catalyst 4000 DC Power Entry Module

•WS-P4603-2PSU—Catalyst 4000 Auxiliary Power Shelf (3-slot) including two WS-X4608 power supplies

•WS-X4608—Catalyst 4603 Power Supply Unit for WS-P4603

Layer 2 Software Features

The following sections describe the key Layer 2 switching software features on the Catalyst 4000 family switch:

•CDP

•DHCP Snooping

•EtherChannel Bundles

•MST

•Spanning Tree Protocol

•UDLD

•VLANs

CDP

The Cisco Discovery Protocol (CDP) is a device-discovery protocol that is both media- and protocol-independent. CDP is available on all Cisco products, including routers, switches, bridges, and access servers. Using CDP, a device can advertise its existence to other devices and receive information about other devices on the same LAN. CDP enables Cisco switches and routers to exchange information, such as their MAC addresses, IP addresses, and outgoing interfaces. CDP runs over the data-link layer only, allowing two systems that support different network-layer protocols to learn about each other. Each device configured for CDP sends periodic messages to a multicast address. Each device advertises at least one address at which it can receive Simple Network Management Protocol (SNMP) messages.

For information on configuring CDP, see "Understanding and Configuring CDP."

DHCP Snooping

Dynamic Host Configuration Protocol (DHCP) snooping is a security feature that is a component of a DHCP server. DHCP snooping provides security by intercepting untrusted DHCP messages and by building and maintaining a DHCP snooping binding table. An untrusted message is a message that is received from outside the network or firewall that can cause traffic attacks within your network.

DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. It also provides a way to differentiate between untrusted interfaces connected to the end-user and trusted interfaces connected to the DHCP server or another switch.

For DHCP server configuration information, refer to the chapter, "Configuring DHCP," in the Cisco IOS IP and IP Routing Configuration Guide at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt1/1cddhcp.htm

For information on configuring DHCP snooping, see "Understanding and Configuring DHCP Snooping."

EtherChannel Bundles

EtherChannel port bundles allow you to create high-bandwidth connections between two switches by grouping multiple ports into a single logical transmission path.

For information on configuring EtherChannel, see "Understanding and Configuring EtherChannel."

MST

IEEE 802.1s Multiple Spanning Tree (MST) allows for multiple spanning tree instantiations within a single 802.1q or Inter-Switch Link (ISL) VLAN trunk. MST extends the IEEE 802.1w Rapid Spanning Tree (RST) algorithm to multiple spanning trees. This extension provides both rapid convergence and load balancing in a VLAN environment.

MST allows you to build multiple spanning trees over trunks. You can group and associate VLANs to spanning tree instances. Each instance can have a topology independent of other spanning tree instances. This new architecture provides multiple forwarding paths for data traffic and enables load balancing. Network fault tolerance is improved because a failure in one instance (forwarding path) does not affect other instances (forwarding paths).

For information on configuring MST, see "Understanding and Configuring Multiple Spanning Trees."

Spanning Tree Protocol

The Spanning Tree Protocol (STP) allows you to create fault-tolerant internetworks that ensure an active, loop-free data path between all nodes in the network. STP uses an algorithm to calculate the best loop-free path throughout a switched network.

For information on configuring STP, see "Understanding and Configuring STP."

The Catalyst 4000 family switch supports the following STP enhancements:

•Spanning tree PortFast—PortFast allows a port with a directly attached host to transition to the forwarding state directly, bypassing the listening and learning states.

•Spanning tree UplinkFast—UplinkFast provides fast convergence after a spanning-tree topology change and achieves load balancing between redundant links using uplink groups. Uplink groups provide an alternate path in case the currently forwarding link fails. UplinkFast is designed to decrease spanning-tree convergence time for switches that experience a direct link failure.

•Spanning tree BackboneFast—BackboneFast reduces the time needed for the spanning tree to converge after a topology change caused by an indirect link failure. BackboneFast decreases spanning-tree convergence time for any switch that experiences an indirect link failure.

•Spanning tree root guard—Root guard forces a port to become a designated port so that no switch on the other end of the link can become a root switch.

For information on the STP enhancements, see "Configuring STP Features."

UDLD

The UniDirectional Link Detection (UDLD) protocol allows devices connected through fiber-optic or copper Ethernet cables to monitor the physical configuration of the cables and detect a unidirectional link.

For information about UDLD, see "Understanding and Configuring UDLD."

VLANs

A VLAN configures switches and routers according to logical, rather than physical, topologies. Using VLANs, a network administrator can combine any collection of LAN segments within an internetwork into an autonomous user group, such that the segments appear as a single LAN in the network. VLANs logically segment the network into different broadcast domains so that packets are switched only between ports within the VLAN. Typically, a VLAN corresponds to a particular subnet, although not necessarily.

For more information about VLANs, see "Understanding and Configuring VLANs."

The following VLAN-related features are also supported.

•VLAN Trunking Protocol (VTP)—VTP maintains VLAN naming consistency and connectivity between all devices in the VTP management domain. You can have redundancy in a domain by using multiple VTP servers, through which you can maintain and modify the global VLAN information. Only a few VTP servers are required in a large network.

For more information about VTP, see "Understanding and Configuring VTP."

•Private VLANs—Private VLANs are sets of ports that have the features of normal VLANs and also provide some Layer 2 isolation from other ports on the switch.

•Private VLAN Trunk Ports—Private VLAN trunk ports allow a secondary port on a private VLAN to carry multiple secondary VLANs.

For information about private VLANs, see "Configuring Private VLANs."

Layer 3 Software Features

A Layer 3 switch is a high-performance switch that has been optimized for a campus LAN or intranet and that provides both wirespeed Ethernet routing and switching services. Layer 3 switching improves network performance with two software functions—route processing and intelligent network services.

Compared to conventional software-based switches, Layer 3 switches process more packets faster; they do so by using application-specific integrated circuit (ASIC) hardware instead of microprocessor-based engines.

The following subsections describe the key Layer 3 switching software features on the Catalyst 4000 family switch:

•CEF

•HSRP

•IP Routing Protocols

•Multicast Services

•Network Security with ACLs

CEF

Cisco Express Forwarding (CEF) is an advanced Layer 3 IP-switching technology. CEF optimizes network performance and scalability in networks with large and dynamic traffic patterns, such as the Internet, and on networks that use intensive web-based applications, or interactive sessions. Although you can use CEF in any part of a network, it is designed for high-performance, highly resilient Layer 3 IP-backbone switching.

For information on configuring CEF, see "Configuring Cisco Express Forwarding."

HSRP

The Hot Standby Router Protocol (HSRP) provides high network availability by routing IP traffic from hosts on Ethernet networks without relying on the availability of any single Layer 3 switch. This feature is particularly useful for hosts that do not support a router discovery protocol and do not have the functionality to switch to a new router when their selected router reloads or loses power.

For information on configuring HSRP, refer to the following URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt1/1cdip.htm

IP Routing Protocols

The following routing protocols are supported on the Catalyst 4000 family switch:

•RIP

•OSPF

•IGRP

•EIGRP

•BGP

RIP

The Routing Information Protocol (RIP) is a distance-vector, intradomain routing protocol. RIP works well in small, homogeneous networks. In large, complex internetworks, it has many limitations, such as a maximum hop count of 15, lack of support for variable-length subnet masks (VLSMs), inefficient use of bandwidth, and slow convergence. (RIP II does support VLSMs.)

OSPF

The Open Shortest Path First (OSPF) protocol is a standards-based IP routing protocol designed to overcome the limitations of RIP. Because OSPF is a link-state routing protocol, it sends link-state advertisements (LSAs) to all other routers within the same hierarchical area. Information on the attached interfaces and their metrics is used in OSPF LSAs. As routers accumulate link-state information, they use the shortest path first (SPF) algorithm to calculate the shortest path to each node. Additional OSPF features include equal-cost multipath routing and routing based on the upper-layer type of service (ToS) requests.

OSPF employs the concept of an area, which is a group of contiguous OSPF networks and hosts. OSPF areas are logical subdivisions of OSPF autonomous systems in which the internal topology is hidden from routers outside the area. Areas allow an additional level of hierarchy different from that provided by IP network classes, and they can be used to aggregate routing information and mask the details of a network. These features make OSPF particularly scalable for large networks.

IGRP

The Interior Gateway Routing Protocol (IGRP) is a robust distance-vector Interior Gateway Protocol (IGP) developed by Cisco to provide for routing within an autonomous system (AS). Distance vector routing protocols request that a switch send all or a portion of its routing table data in a routing update message at regular intervals to each of its neighboring routers. As routing information proliferates through the network, routers can calculate distances to all nodes within the internetwork. IGRP uses a combination of metrics: internetwork delay, bandwidth, reliability, and load are all factored into the routing decision.

EIGRP

The Enhanced Interior Gateway Routing Protocol (EIGRP) is a version of IGRP that combines the advantages of link-state protocols with distance-vector protocols. EIGRP incorporates the Diffusing Update Algorithm (DUAL). EIGRP includes fast convergence, variable-length subnet masks, partially bounded updates, and multiple network-layer support.When a network topology change occurs, EIGRP checks its topology table for a suitable new route to the destination. If such a route exists in the table, EIGRP updates the routing table instantly.You can use the fast convergence and partial updates that EIGRP provides to route Internetwork Packet Exchange (IPX) packets.

EIGRP saves bandwidth by sending routing updates only when routing information changes. The updates contain information only about the link that changed, not the entire routing table. EIGRP also takes into consideration the available bandwidth when determining the rate at which it transmits updates.

Note Layer 3 switching does not support the Next Hop Resolution Protocol (NHRP).

BGP

The Border Gateway Protocol (BGP) is an exterior gateway protocol that allows you to set up an interdomain routing system to automatically guarantee the loop-free exchange of routing information between autonomous systems. In BGP, each route consists of a network number, a list of autonomous systems that information has passed through (called the autonomous system path), and a list of other path attributes.

The Catalyst 4000 family switch supports BGP version 4, including classless interdomain routing (CIDR). CIDR lets you reduce the size of your routing tables by creating aggregate routes, resulting in supernets. CIDR eliminates the concept of network classes within BGP and supports the advertising of IP prefixes. CIDR routes can be carried by OSPF, EIGRP, and RIP.

For BGP configuration information, refer to the chapter "Configuring BGP" in the Cisco IOS IP and IP Routing Configuration Guide at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt2/1cdbgp.htm

For a complete description of the BGP commands, refer to the chapter "BGP Commands" in the Cisco IOS IP and IP Routing Command Reference at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_r/iprprt2/1rdbgp.htm

Multicast Services

Multicast services save bandwidth by forcing the network to replicate packets only when necessary and by allowing hosts to join and leave groups dynamically. The following multicast services are supported:

•Cisco Group Management Protocol (CGMP) server—CGMP server manages multicast traffic. Multicast traffic is forwarded only to ports with attached hosts that request the multicast traffic.

•Internet Group Management Protocol (IGMP) snooping—IGMP snooping manages multicast traffic. The switch software examines IP multicast packets and makes forwarding decisions based on their content. Multicast traffic is forwarded only to ports with attached hosts that request multicast traffic.

•Protocol Independent Multicast (PIM)—PIM is protocol-independent because it can leverage whichever unicast routing protocol is used to populate the unicast routing table, including EIGRP, OSPF, BGP, or static route. PIM also uses a unicast routing table to perform the Reverse Path Forwarding (RPF) check function instead of building a completely independent multicast routing table.

For information on configuring multicast services, see "Understanding and Configuring IP Multicast."

Network Security with ACLs

An access control list (ACL) filters network traffic by controlling whether routed packets are forwarded or blocked at the router interfaces. The Catalyst 4000 family switch examines each packet to determine whether to forward or drop the packet, based on the criteria you specified within the access lists.

MAC access control lists (MACLs) and VLAN access control lists (VACLs) are also supported. VACLs are also known as VLAN maps in Cisco IOS.

For information on configuring access lists, see "Configuring Network Security with ACLs."

QoS Features

The quality of service (QoS) features prevent congestion by selecting network traffic and prioritizing it according to its relative importance. Implementing QoS in your network makes network performance more predictable and bandwidth use more effective.

The Catalyst 4000 family switch supports the following QoS features:

•Classification and marking

•Ingress and egress policing

•Sharing and shaping

For information on configuring QoS, see "Understanding and Configuring QoS."

Management and Security Features

The Catalyst 4000 family switch offers network management and control through the CLI or through alternative access methods, such as SNMP. The switch software supports these network management and security features:

•802.1x protocol—This feature provides a means for a host connected to a switch port to be authenticated before it is given access to the switch services.

•Password-protected access (read-only and read-write)—This feature protects management interfaces against unauthorized configuration changes.

•Local Authentication, Remote Authentication Dial-In User Service (RADIUS), and Terminal Access Controller Access Control System Plus (TACACS+) authentication—These authentication methods control access to the switch. For additional information, refer to the chapter "Authentication, Authorization, and Accounting (AAA)," in Cisco IOS Security Configuration Guide, Release 12.1, at the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt1/index.htm

•Visual port status information—The switch LEDs provide visual management of port- and switch-level status.

•Switched Port Analyzer (SPAN)—SPAN allows you to monitor traffic on any port for analysis by a network analyzer or Remote Monitoring (RMON) probe. For information on SPAN, see "Configuring SPAN."

•Simple Network Management Protocol—SNMP facilitates the exchange of management information between network devices. The Catalyst 4000 family switch supports these SNMP types and enhancements:

–SNMP—A full Internet standard

–SNMP v2—Community-based administrative framework for version 2 of SNMP

–SNMP trap message enhancements—Additional information with certain SNMP trap messages, including spanning-tree topology change notifications and configuration change notifications

For information on SNMP, refer to the Cisco IOS Configuration Fundamentals Configuration Guide and Cisco IOS Configuration Fundamentals Command Reference at the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.htm

•Dynamic Host Control Protocol server— DHCP server enables you to automatically assign reusable IP addresses to DHCP clients. The Cisco IOS DHCP server feature is a full DHCP server implementation that assigns and manages IP addresses from specified address pools within the router to DHCP clients. If the Cisco IOS DHCP server cannot satisfy a DHCP request from its own database, it can forward the request to one or more secondary DHCP servers defined by the network administrator.

For more information on configuring the DHCP server, refer to the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t1/easyip2.htm

•Debugging features—The Catalyst 4000 family switch has several commands to help you debug your initial setup. These commands include the following groups:

–show platform

–platform

–debug platform

For more information on these commands, refer to the Cisco IOS Command Reference for the Catalyst 4000 Family Switch.

	Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide, 12.1(12c)EW
	Product Overview
Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide, 12.1(12c)EW Preface Product Overview Command-Line Interfaces Configuring the Catalyst 4000 Family Switch for the First Time Configuring Interfaces Checking Port Connectivity and Status Configuring Layer 2 Ethernet Interfaces Configuring VLANs Configuring Private VLANs Configuring VTP Configuring STP Configuring STP Features Understanding and Configuring Multiple Spanning Tree Configuring IGMP Snooping Configuring CDP Configuring EtherChannel Configuring UDLD Understanding and Configuring DHCP Snooping Configuring Layer 3 Interfaces Configuring IP Unicast Layer 3 Switching Configuring IP Multicast Layer 3 Switching Configuring Network Security Configuring 802.1X Port-Based Authentication Configuring QoS Configuring SPAN Power Management and Environment Monitoring Configuring RPR on the Catalyst 4507R Configuring Voice Interfaces Acronyms	Download this chapter Product Overview Table Of Contents Product Overview Supported Hardware Layer 2 Software Features CDP DHCP Snooping EtherChannel Bundles MST Spanning Tree Protocol UDLD VLANs Layer 3 Software Features CEF HSRP IP Routing Protocols RIP OSPF IGRP EIGRP BGP Multicast Services Network Security with ACLs QoS Features Management and Security Features Product Overview This chapter provides an overview of Catalyst 4000 family switches. This chapter includes the following major sections: •Supported Hardware •Layer 2 Software Features •Layer 3 Software Features •QoS Features •Management and Security Features Note For more information about the chassis, modules, and software features supported by the Catalyst 4000 family switch, refer to the Release Notes for the Catalyst 4000 Family Switch, Release 12.1(12c)EWat http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/relnotes/ Supported Hardware A Catalyst 4000 family switch supports the following modules: •WS-X4124-FX-MT—24-port 100BASE-FX Fast Ethernet switching module •WS-X4148-FX-MT—48-port 100BASE-FX Fast Ethernet switching module •WS-X4148-RJ—48-port 10/100 Fast Ethernet RJ-45 •WS-X4148-RJ21—48-port 10/100-Mbps Fast Ethernet switching module •WS-X4148-RJ45-V—48-port inline power 10/100BASE-TX switching module •WS-X4232-GB-RJ—32-port 10/100 Fast Ethernet RJ-45, plus 2-port 1000BASE-X Gigabit Interface Convertor (GBIC) Gigabit Ethernet •WS-X4232-RJ-XX—32-port 10/100 Fast Ethernet RJ-45 •WS-X4306-GB—6-port 1000BASE-X (GBIC) Gigabit Ethernet •WS-X4418-GB—18-port 1000BASE-X (GBIC) Gigabit Ethernet switching module •WS-X4412-2GB-T—12-port 1000BASE-T Gigabit Ethernet switching module •WS-X4424-GB-RJ45—24-port 10/100/1000BASE-T Gigabit Ethernet switching module •WS-X4448-GB-LX—48-port 1000BASE-LX Gigabit Ethernet Fiber Optic interface module •WS-X4448-GB-RJ45—48-port 10/100/1000BASE-T Gigabit Ethernet switching module •WS-X4095-PEM—Catalyst 4000 DC Power Entry Module •WS-P4603-2PSU—Catalyst 4000 Auxiliary Power Shelf (3-slot) including two WS-X4608 power supplies •WS-X4608—Catalyst 4603 Power Supply Unit for WS-P4603 Layer 2 Software Features The following sections describe the key Layer 2 switching software features on the Catalyst 4000 family switch: •CDP •DHCP Snooping •EtherChannel Bundles •MST •Spanning Tree Protocol •UDLD •VLANs CDP The Cisco Discovery Protocol (CDP) is a device-discovery protocol that is both media- and protocol-independent. CDP is available on all Cisco products, including routers, switches, bridges, and access servers. Using CDP, a device can advertise its existence to other devices and receive information about other devices on the same LAN. CDP enables Cisco switches and routers to exchange information, such as their MAC addresses, IP addresses, and outgoing interfaces. CDP runs over the data-link layer only, allowing two systems that support different network-layer protocols to learn about each other. Each device configured for CDP sends periodic messages to a multicast address. Each device advertises at least one address at which it can receive Simple Network Management Protocol (SNMP) messages. For information on configuring CDP, see "Understanding and Configuring CDP." DHCP Snooping Dynamic Host Configuration Protocol (DHCP) snooping is a security feature that is a component of a DHCP server. DHCP snooping provides security by intercepting untrusted DHCP messages and by building and maintaining a DHCP snooping binding table. An untrusted message is a message that is received from outside the network or firewall that can cause traffic attacks within your network. DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. It also provides a way to differentiate between untrusted interfaces connected to the end-user and trusted interfaces connected to the DHCP server or another switch. For DHCP server configuration information, refer to the chapter, "Configuring DHCP," in the Cisco IOS IP and IP Routing Configuration Guide at the following URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt1/1cddhcp.htm For information on configuring DHCP snooping, see "Understanding and Configuring DHCP Snooping." EtherChannel Bundles EtherChannel port bundles allow you to create high-bandwidth connections between two switches by grouping multiple ports into a single logical transmission path. For information on configuring EtherChannel, see "Understanding and Configuring EtherChannel." MST IEEE 802.1s Multiple Spanning Tree (MST) allows for multiple spanning tree instantiations within a single 802.1q or Inter-Switch Link (ISL) VLAN trunk. MST extends the IEEE 802.1w Rapid Spanning Tree (RST) algorithm to multiple spanning trees. This extension provides both rapid convergence and load balancing in a VLAN environment. MST allows you to build multiple spanning trees over trunks. You can group and associate VLANs to spanning tree instances. Each instance can have a topology independent of other spanning tree instances. This new architecture provides multiple forwarding paths for data traffic and enables load balancing. Network fault tolerance is improved because a failure in one instance (forwarding path) does not affect other instances (forwarding paths). For information on configuring MST, see "Understanding and Configuring Multiple Spanning Trees." Spanning Tree Protocol The Spanning Tree Protocol (STP) allows you to create fault-tolerant internetworks that ensure an active, loop-free data path between all nodes in the network. STP uses an algorithm to calculate the best loop-free path throughout a switched network. For information on configuring STP, see "Understanding and Configuring STP." The Catalyst 4000 family switch supports the following STP enhancements: •Spanning tree PortFast—PortFast allows a port with a directly attached host to transition to the forwarding state directly, bypassing the listening and learning states. •Spanning tree UplinkFast—UplinkFast provides fast convergence after a spanning-tree topology change and achieves load balancing between redundant links using uplink groups. Uplink groups provide an alternate path in case the currently forwarding link fails. UplinkFast is designed to decrease spanning-tree convergence time for switches that experience a direct link failure. •Spanning tree BackboneFast—BackboneFast reduces the time needed for the spanning tree to converge after a topology change caused by an indirect link failure. BackboneFast decreases spanning-tree convergence time for any switch that experiences an indirect link failure. •Spanning tree root guard—Root guard forces a port to become a designated port so that no switch on the other end of the link can become a root switch. For information on the STP enhancements, see "Configuring STP Features." UDLD The UniDirectional Link Detection (UDLD) protocol allows devices connected through fiber-optic or copper Ethernet cables to monitor the physical configuration of the cables and detect a unidirectional link. For information about UDLD, see "Understanding and Configuring UDLD." VLANs A VLAN configures switches and routers according to logical, rather than physical, topologies. Using VLANs, a network administrator can combine any collection of LAN segments within an internetwork into an autonomous user group, such that the segments appear as a single LAN in the network. VLANs logically segment the network into different broadcast domains so that packets are switched only between ports within the VLAN. Typically, a VLAN corresponds to a particular subnet, although not necessarily. For more information about VLANs, see "Understanding and Configuring VLANs." The following VLAN-related features are also supported. •VLAN Trunking Protocol (VTP)—VTP maintains VLAN naming consistency and connectivity between all devices in the VTP management domain. You can have redundancy in a domain by using multiple VTP servers, through which you can maintain and modify the global VLAN information. Only a few VTP servers are required in a large network. For more information about VTP, see "Understanding and Configuring VTP." •Private VLANs—Private VLANs are sets of ports that have the features of normal VLANs and also provide some Layer 2 isolation from other ports on the switch. •Private VLAN Trunk Ports—Private VLAN trunk ports allow a secondary port on a private VLAN to carry multiple secondary VLANs. For information about private VLANs, see "Configuring Private VLANs." Layer 3 Software Features A Layer 3 switch is a high-performance switch that has been optimized for a campus LAN or intranet and that provides both wirespeed Ethernet routing and switching services. Layer 3 switching improves network performance with two software functions—route processing and intelligent network services. Compared to conventional software-based switches, Layer 3 switches process more packets faster; they do so by using application-specific integrated circuit (ASIC) hardware instead of microprocessor-based engines. The following subsections describe the key Layer 3 switching software features on the Catalyst 4000 family switch: •CEF •HSRP •IP Routing Protocols •Multicast Services •Network Security with ACLs CEF Cisco Express Forwarding (CEF) is an advanced Layer 3 IP-switching technology. CEF optimizes network performance and scalability in networks with large and dynamic traffic patterns, such as the Internet, and on networks that use intensive web-based applications, or interactive sessions. Although you can use CEF in any part of a network, it is designed for high-performance, highly resilient Layer 3 IP-backbone switching. For information on configuring CEF, see "Configuring Cisco Express Forwarding." HSRP The Hot Standby Router Protocol (HSRP) provides high network availability by routing IP traffic from hosts on Ethernet networks without relying on the availability of any single Layer 3 switch. This feature is particularly useful for hosts that do not support a router discovery protocol and do not have the functionality to switch to a new router when their selected router reloads or loses power. For information on configuring HSRP, refer to the following URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt1/1cdip.htm IP Routing Protocols The following routing protocols are supported on the Catalyst 4000 family switch: •RIP •OSPF •IGRP •EIGRP •BGP RIP The Routing Information Protocol (RIP) is a distance-vector, intradomain routing protocol. RIP works well in small, homogeneous networks. In large, complex internetworks, it has many limitations, such as a maximum hop count of 15, lack of support for variable-length subnet masks (VLSMs), inefficient use of bandwidth, and slow convergence. (RIP II does support VLSMs.) OSPF The Open Shortest Path First (OSPF) protocol is a standards-based IP routing protocol designed to overcome the limitations of RIP. Because OSPF is a link-state routing protocol, it sends link-state advertisements (LSAs) to all other routers within the same hierarchical area. Information on the attached interfaces and their metrics is used in OSPF LSAs. As routers accumulate link-state information, they use the shortest path first (SPF) algorithm to calculate the shortest path to each node. Additional OSPF features include equal-cost multipath routing and routing based on the upper-layer type of service (ToS) requests. OSPF employs the concept of an area, which is a group of contiguous OSPF networks and hosts. OSPF areas are logical subdivisions of OSPF autonomous systems in which the internal topology is hidden from routers outside the area. Areas allow an additional level of hierarchy different from that provided by IP network classes, and they can be used to aggregate routing information and mask the details of a network. These features make OSPF particularly scalable for large networks. IGRP The Interior Gateway Routing Protocol (IGRP) is a robust distance-vector Interior Gateway Protocol (IGP) developed by Cisco to provide for routing within an autonomous system (AS). Distance vector routing protocols request that a switch send all or a portion of its routing table data in a routing update message at regular intervals to each of its neighboring routers. As routing information proliferates through the network, routers can calculate distances to all nodes within the internetwork. IGRP uses a combination of metrics: internetwork delay, bandwidth, reliability, and load are all factored into the routing decision. EIGRP The Enhanced Interior Gateway Routing Protocol (EIGRP) is a version of IGRP that combines the advantages of link-state protocols with distance-vector protocols. EIGRP incorporates the Diffusing Update Algorithm (DUAL). EIGRP includes fast convergence, variable-length subnet masks, partially bounded updates, and multiple network-layer support.When a network topology change occurs, EIGRP checks its topology table for a suitable new route to the destination. If such a route exists in the table, EIGRP updates the routing table instantly.You can use the fast convergence and partial updates that EIGRP provides to route Internetwork Packet Exchange (IPX) packets. EIGRP saves bandwidth by sending routing updates only when routing information changes. The updates contain information only about the link that changed, not the entire routing table. EIGRP also takes into consideration the available bandwidth when determining the rate at which it transmits updates. Note Layer 3 switching does not support the Next Hop Resolution Protocol (NHRP). BGP The Border Gateway Protocol (BGP) is an exterior gateway protocol that allows you to set up an interdomain routing system to automatically guarantee the loop-free exchange of routing information between autonomous systems. In BGP, each route consists of a network number, a list of autonomous systems that information has passed through (called the autonomous system path), and a list of other path attributes. The Catalyst 4000 family switch supports BGP version 4, including classless interdomain routing (CIDR). CIDR lets you reduce the size of your routing tables by creating aggregate routes, resulting in supernets. CIDR eliminates the concept of network classes within BGP and supports the advertising of IP prefixes. CIDR routes can be carried by OSPF, EIGRP, and RIP. For BGP configuration information, refer to the chapter "Configuring BGP" in the Cisco IOS IP and IP Routing Configuration Guide at the following URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt2/1cdbgp.htm For a complete description of the BGP commands, refer to the chapter "BGP Commands" in the Cisco IOS IP and IP Routing Command Reference at the following URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_r/iprprt2/1rdbgp.htm Multicast Services Multicast services save bandwidth by forcing the network to replicate packets only when necessary and by allowing hosts to join and leave groups dynamically. The following multicast services are supported: •Cisco Group Management Protocol (CGMP) server—CGMP server manages multicast traffic. Multicast traffic is forwarded only to ports with attached hosts that request the multicast traffic. •Internet Group Management Protocol (IGMP) snooping—IGMP snooping manages multicast traffic. The switch software examines IP multicast packets and makes forwarding decisions based on their content. Multicast traffic is forwarded only to ports with attached hosts that request multicast traffic. •Protocol Independent Multicast (PIM)—PIM is protocol-independent because it can leverage whichever unicast routing protocol is used to populate the unicast routing table, including EIGRP, OSPF, BGP, or static route. PIM also uses a unicast routing table to perform the Reverse Path Forwarding (RPF) check function instead of building a completely independent multicast routing table. For information on configuring multicast services, see "Understanding and Configuring IP Multicast." Network Security with ACLs An access control list (ACL) filters network traffic by controlling whether routed packets are forwarded or blocked at the router interfaces. The Catalyst 4000 family switch examines each packet to determine whether to forward or drop the packet, based on the criteria you specified within the access lists. MAC access control lists (MACLs) and VLAN access control lists (VACLs) are also supported. VACLs are also known as VLAN maps in Cisco IOS. For information on configuring access lists, see "Configuring Network Security with ACLs." QoS Features The quality of service (QoS) features prevent congestion by selecting network traffic and prioritizing it according to its relative importance. Implementing QoS in your network makes network performance more predictable and bandwidth use more effective. The Catalyst 4000 family switch supports the following QoS features: •Classification and marking •Ingress and egress policing •Sharing and shaping For information on configuring QoS, see "Understanding and Configuring QoS." Management and Security Features The Catalyst 4000 family switch offers network management and control through the CLI or through alternative access methods, such as SNMP. The switch software supports these network management and security features: •802.1x protocol—This feature provides a means for a host connected to a switch port to be authenticated before it is given access to the switch services. •Password-protected access (read-only and read-write)—This feature protects management interfaces against unauthorized configuration changes. •Local Authentication, Remote Authentication Dial-In User Service (RADIUS), and Terminal Access Controller Access Control System Plus (TACACS+) authentication—These authentication methods control access to the switch. For additional information, refer to the chapter "Authentication, Authorization, and Accounting (AAA)," in Cisco IOS Security Configuration Guide, Release 12.1, at the following URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt1/index.htm •Visual port status information—The switch LEDs provide visual management of port- and switch-level status. •Switched Port Analyzer (SPAN)—SPAN allows you to monitor traffic on any port for analysis by a network analyzer or Remote Monitoring (RMON) probe. For information on SPAN, see "Configuring SPAN." •Simple Network Management Protocol—SNMP facilitates the exchange of management information between network devices. The Catalyst 4000 family switch supports these SNMP types and enhancements: –SNMP—A full Internet standard –SNMP v2—Community-based administrative framework for version 2 of SNMP –SNMP trap message enhancements—Additional information with certain SNMP trap messages, including spanning-tree topology change notifications and configuration change notifications For information on SNMP, refer to the Cisco IOS Configuration Fundamentals Configuration Guide and Cisco IOS Configuration Fundamentals Command Reference at the following URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.htm •Dynamic Host Control Protocol server— DHCP server enables you to automatically assign reusable IP addresses to DHCP clients. The Cisco IOS DHCP server feature is a full DHCP server implementation that assigns and manages IP addresses from specified address pools within the router to DHCP clients. If the Cisco IOS DHCP server cannot satisfy a DHCP request from its own database, it can forward the request to one or more secondary DHCP servers defined by the network administrator. For more information on configuring the DHCP server, refer to the following URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t1/easyip2.htm •Debugging features—The Catalyst 4000 family switch has several commands to help you debug your initial setup. These commands include the following groups: –show platform –platform –debug platform For more information on these commands, refer to the Cisco IOS Command Reference for the Catalyst 4000 Family Switch.
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.