Important: The contents of this chapter assume that the procedures to initially configure the system in the Getting Started chapter have been completed.
Important: The commands used in the configuration examples in this section are the most common or most likely-used commands and/or keyword options. In many cases, other optional commands and/or keyword options are available. Refer to the Command Line Interface Reference for complete information.
Refer to Getting Started for instructions on configuring a system management interface on the SPIO. This section provides instructions for configuring a second management interface.
• For port ethernet slot#, use the actual chassis slot in which the SPIO is installed. This could be either slot number 24 or 25.
• For port ethernet port#, use the physical port on the SPIO card that will be used. For the SPIO, this is either port 1 or 2. Port 1 represents the top-most port (either RJ-45 or SFP).
• Option: In the Ethernet Port configuration mode, configure the port speed, if needed, by entering the medium command. Refer to the Command Line Interface Reference for a complete explanation of this command.
Step 1 show configuration port <slot#/port#>slot# is the chassis slot number of the line card where the physical port resides. slot# is either 24 or 25. port# is the number of the port (either 1 or 2).
Step 3 Save your configuration as described in the Saving Your Configuration chapter.
• Refer to the clock timezone command in the Command Line Interface Reference for a complete list of supported time zones.
• The optional local keyword indicates that the time zone specified is the local timezone.Save your configuration as described in the Verifying and Saving Your Configuration chapter.Important: Configure the system clock and time zone prior to implementing NTP support. This greatly reduces the time period that must be corrected by the NTP server.
Important: Configure the system clock and time zone prior to implementing NTP support. This greatly reduces the time period that must be corrected by the NTP server.
server <ip_address>
• context_name is the name of a configured context other than local. Use this option to configure the system to run NTP in a specified context. By default, NTP runs in the local context. This is the recommended configuration.
• A number of options exist for the server command. Refer to the NTP Configuration Mode Commands chapter in the Command Line Interface Reference for more information.Save the configuration as described in the Verifying and Saving Your Configuration chapter.
Step 1
•Important: To use BITS-timing, the SPIO version must include the BITS BNC timing interface or the BITS 3-pin timing interface. For additional interface information, refer to the Product Overview.
Save the configuration according to the steps in the Verifying and Saving Your Configuration chapter.Save the configuration as described in the Verifying and Saving Your Configuration chapter.Save the configuration as described in the Verifying and Saving Your Configuration chapter.Use the show timing command, documented in the Exec Mode Commands chapter of the Command Line Interface Reference, to confirm the timing source has been configured correctly.Save the configuration as described in the Verifying and Saving Your Configuration chapter.The Getting Started chapter describes how to configure a context-level security administrator for the system.
•Important: For information on the differences between these user privileges and types, refer to the Getting Started chapter.
If your deployment does not require the configuration of additional administrative users, proceed to the Configuring PSC and Line Card Availability section.
• Additional keyword options are available that, for example, identify the administrator when active or place time thresholds on the administrator. Refer to the Command Line Interface Reference for more information about the administrator command.Save the configuration as described in the Verifying and Saving Your Configuration chapter.
• Additional keyword options are available that, for example, identify the administrator when active or place time thresholds on the administrator. Refer to the Command Line Interface Reference for more information about the config-administrator command.Save the configuration as described in the Verifying and Saving Your Configuration chapter.
• Additional keyword options are available that for example, identify the administrator when active or place time thresholds on the administrator. Refer to the Command Line Interface Reference for more information about the operator command.Save the configuration as described in the Verifying and Saving Your Configuration chapter.
• Additional keyword options are available that, for example, identify the administrator when active or place time thresholds on the administrator. Refer to the Command Line Interface Reference for more information about the inspector command.Save the configuration as described in the Verifying and Saving Your Configuration chapter.This command displays all of the configuration parameters you modified within the Local context during this session. The following displays a command output sample. In this example, a security administrator named testadmin was configured.
• Additional keyword options are available that, for example, identify the administrator when active or place time thresholds on the administrator. Refer to the Command Line Interface Reference for more information about the local-user username command.Save the configuration as described in the Verifying and Saving Your Configuration chapter.This command displays information on configured local-user administrative users. The output below displays a sample of this command’s output. In this example, a local-user named SAUser was configured.
• MAC_Address is the first address of a block of 256 MAC addresses. The system has reserved 65536 MAC addresses (00:05:47:FF:00:00 - 00:05:47:FF:FF:FF) for use by customers. This range allows you to create 256 address blocks each containing 256 MAC addresses (e.g., 00:05:47:FF:00:00, 00:05:47:FF:01:00, 00:05:47:FF:02:00, 00:05:47:FF:03:00, 00:05:47:FF:04:00, etc.).Caution: This configuration requires a valid block of unique MAC addresses that are not used anywhere else. The use of non-unique MAC addresses can degrade and impair the operation of your network.
Save your configuration as described in the Verifying and Saving Your Configuration chapter.show port info <slot#/port#>slot# is the chassis slot number of the line card on which the physical port resides. port# is the physical port on the line card.As discussed in the Understanding the System Boot Process section of Understanding System Operation and Configuration, when the system boots up, all installed PSCs/PSC2s are placed into standby mode. You must activate some of these cards in order to configure and use them for session processing. Others may remain in standby mode to serve as redundant components.Important: Refer to the Product Overview Guide for information about system hardware configurations and redundancy.
• The card-standby-priority specifies the order in which the system will use standby PSCs as redundant components.
• slot#_p1 is the chassis slot number of the standby PSC/PSC2 that you want to use first as a redundant component. slot#_p2 is the chassis slot number of the standby processing card that you want to use second as a redundant component. slot#_pn is the chassis slot number of the standby PSC that you want to use as the last redundant component.Save the configuration as described in the Verifying and Saving Your Configuration chapter.Caution: To ensure that system line card and port-level redundancy mechanisms function properly, disable the Spanning Tree protocol on devices connected directly to any system port. Failure to turn off the Spanning Tree protocol may result in failures in the redundancy mechanisms or service outage.
By default, the system provides port-level redundancy when a failure occurs, or you issue the port switch to command. In this mode, the ports on active and standby line cards (for example, 17/1 and 33/1 have the same MAC address), but since only one of these ports may be active at any one time there are no conflicts. This eliminates the need to transfer MAC addresses and send gratuitous ARPs in port failover situations. Instead, for Ethernet ports, three Ethernet broadcast packets containing the source MAC address are sent so that the external network equipment (switch, bridge, or other device) can re-learn the information after the topology change. However, if an line card removal is detected, the system sends out gratuitous ARPs to the network because of the MAC address change that occurred on the specific port.With port redundancy, if a failover occurs, only the specific port(s) become active. For example; if port 17/1 fails, then port 33/1 becomes active, while all other active ports on the line card in slot 17 remain in the same active state. In port failover situations, use the show port table or show linecard table commands to check that ports are active on both cards and that both cards are active.Take care when administratively disabling a port that is one of a redundant pair. A redundant pair comprises both the active and standby ports—for example 17/1 and 33/1. If 17/1 is active, administratively disabling 17/1 through the CLI does not make 33/1 active. It disables both 17/1 and 33/1 because an action on one port has the same effect on both. Refer to Enabling Line Card and SPIO Redundancy below and Creating and Configuring Ethernet Interfaces and Ports in the System Element Configuration Procedures chapter.Important: Be aware that in the case of a system with only one SMC and two SPIO cards, both SPIOs come up online. Automatic switching of Ethernet ports does not occur in this scenario, but you can initiate card and port switching by using the card spio switch to and port switch to commands.
• The card-mode keyword indicates that no port redundancy is used. The system provides card-level redundancy, which is triggered by an internal failure. The port-mode keyword, available for Ethernet and SPIO line cards, indicates that port redundancy will be enabled. This is the default redundancy mode.Important: You do not need to use this configuration for each line card or SPIO. The system intuitively understands that if the command is entered for an active line card, the standby line will operate in the same mode. For example, if you enter the command for the line card in slot 17, it automatically places the line card in Slot 33 into port redundant operation.
Important: If you network-boot a dual-SMC chassis with SPIO port redundancy enabled, you should have CFE1.1.0 or greater in flash on both SMCs. Otherwise, you risk having a standby SMC that can't boot from the network in certain circumstances. You can use any version of the CFE with SPIO port redundancy if the SMCs boot from a local file system (/flash, /pcmcia1, or /pcmcia2).
Save the configuration as described in the Verifying and Saving Your Configuration chapter.show configuration card <slot_#>slot_# is the chassis slot number where the line card or SPIO you want to configure is installed.[local]host_name# show config card 17[local]host_name# show config card 24Important: This feature is applied on a per port basis, allowing you to configure specific ports to be used on individual line cards or SPIOs. For example, you could configure ports 1 through 4 as preferred on the line card in slot 17, and configure ports 5 through 8 as the preferred ports on the line card in slot 33. On a SPIO, you could configure port 1 as preferred on the SPIO in slot 24 and configure port 2 as preferred on the SPIO in slot 25. In this scenario, both line cards or SPIOs would be in an active state while providing line card and port redundancy for the other.
Caution: A preference cannot be configured in normal redundancy mode. Attempting to do so will produce an error message from the cli command.
Save the configuration as described in the Verifying and Saving Your Configuration chapter.show port info <slot#/port#>slot# is the chassis slot number of the line card on which the physical port resides.port# is the physical port on the line card.[local]host_name# show port info 17/1Important: The aggregated ports must be on the same QGLC redundant pair. Link aggregation does not work across line card slots. In the event of a failure of one or more of the member physical ports, the remaining ports continue to be aggregated.
Important: An aggregation group can consist of from one to four ports. A port can only be in one aggregation group; for example, Port 3 can be in Group A linked to Switch 1, but it cannot simultaneously be in Group B linked to Switch 2.
The following command creates link aggregation group N with port slot#/port# as master. Only one master port is allowed for a group. N must be in the range of [1...1023].Important: Link Aggregation Control Protocol (LACP) starts running only when the Master port is enabled.
Use the following command to add a port as member of link aggregation group number N only if the master port is assigned. Otherwise, it is added to the group when the master port is assigned:Important: The VPN can only bind the master port, and a VLAN can only be created on the master port. VPN CLI and vpnmgr return a failure message if you attempt to bind to a link aggregation member port.
LACP can send packets at either a slow (30s) or fast (1s) rate. The defaults for this release are Active and Slow; see the sample configuration below:
![]() |
Cisco Systems Inc. |
Tel: 408-526-4000 |
Fax: 408-527-0883 |