Contents
This document provides configuration tasks for the 4-port Cisco HWIC-4ESW and the 9-port Cisco HWIC-D-9ESW EtherSwitch high-speed WAN interface cards (HWICs) hardware feature supported on the Cisco 1800 (modular), Cisco 2800, and Cisco 3800 series Integrated Services Routers.
Cisco EtherSwitch HWICs are 10/100BASE-T Layer 2 Ethernet switches with Layer 3 routing capability. (Layer 3 routing is forwarded to the host and is not actually performed at the device.) Traffic between different VLANs on a device is routed through the device platform. Any one port on a Cisco EtherSwitch HWIC may be configured as a stacking port to link to another Cisco EtherSwitch HWIC or EtherSwitch network module in the same system. An optional power module can also be added to provide inline power for IP telephones. The HWIC-D-9ESW HWIC requires a double-wide card slot.
This hardware feature does not introduce any new or modified Cisco commands.
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Multiple EtherSwitch HWICs or network modules installed in a host device will not act independently of each other. They must be stacked, as they will not work otherwise.
A maximum of two EtherSwitch network modules can be installed in a single chassis. If two EtherSwitch network modules of any type are installed in the same chassis, the following configuration requirements must be met:
Note |
Without this configuration and connection, duplications will occur in the VLAN databases, and unexpected packet handling may occur. |
For conceptual information about VLANs, see the "VLANs" section of the EtherSwitch Network feature module.
For conceptual information about inline power for Cisco IP phones, see the "Inline Power for Cisco IP Phones" section of the EtherSwitch Network feature module.
For conceptual information about Layer 2 Ethernet switching, see the "Layer 2 Ethernet Switching" section of the EtherSwitch Network feature module.
For conceptual information about 802.1x authentication, see the "802.1x Authentication" section of the EtherSwitch Network feature module.
For conceptual information about Spanning Tree Protocol, see the "Using the Spanning Tree Protocol with the EtherSwitch Network Module" section of the EtherSwitch Network feature module.
For conceptual information about Cisco Discovery Protocol, see the "Cisco Discovery Protocol" section of the EtherSwitch Network feature module.
For conceptual information about a switched port analyzer, see the "Switched Port Analyzer" section of the EtherSwitch Network feature module.
For conceptual information about Internet Group Management Protocol (IGMP) snooping, see the "IGMP Snooping" section of the EtherSwitch Network feature module.
For conceptual information about storm control, see the "Storm Control" section of the EtherSwitch Network feature module.
For conceptual information about intrachassis stacking, see the 'Intrachassis Stacking" section of the EtherSwitch Network feature module.
For conceptual information about fallback bridging, see the "Fallback Bridging" section of the EtherSwitch Network feature module.
The table shows the default 802.1x configuration:
Table 1 | Default 802.1x Configuration |
The 802.1x authentication configuration guidelines are as follows:
A total of 15 VLANs can be supported by an EtherSwitch HWIC.
Perform this task to configure a Fast Ethernet interface as Layer 2 access:
You cannot delete the default VLANs for the following media types: Ethernet VLAN 1 and FDDI or Token Ring VLANs 1002 to 1005.
Perform the following task to delete a VLAN from the database:
When a device is in VTP server mode, you can change the VLAN configuration and propagate it throughout the network.
Perform this task to configure the device as a VTP server:
When a device is in a VTP client mode, you cannot change the VLAN configuration on the device. The client device receives VTP updates from a VTP server in the management domain and modifies its configuration accordingly.
Perform this task to configure the device as a VTP client:
When you configure the device in a VTP transparent mode, the VTP is disabled on the device. A VTP transparent device does not send VTP updates and does not act on VTP updates received from other devices.
Perform this task to disable VTP on the device.
This section provides the following configuration information:
Perform this task to set the interface speed:
When configuring an interface speed, note these guidelines:
Caution |
Changing the interface speed can shut down and reenable the interface during the reconfiguration. |
Note |
If you set the interface speed to auto on a 10/100-Mbps Ethernet interface, both speed and duplex are automatically negotiated. |
Perform the following steps to set the duplex mode of a Fast Ethernet interface:
When configuring an interface duplex mode, note these guidelines:
Caution |
Changing the interface duplex mode configuration can shut down and reenable the interface during the reconfiguration. |
Note |
If you set the port speed to auto on a 10/100-Mbps Ethernet interface, both speed and duplex are automatically negotiated. You cannot change the duplex mode of auto negotiation interfaces. |
You can add a description of an interface to help you remember its function. The description appears in the output of the following commands: show configuration, show running-config, and show interfaces.
Use the description command to add a description for an interface.
Note |
Ports do not support Dynamic Trunk Protocol (DTP). Ensure that the neighboring device is set to a mode that will not send DTP. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
interface fastethernet interface-id
Example: Device(config)# interface fastethernet 0/1/0 |
Selects the interface to be configured and enters interface configuration mode. |
Step 4
|
shutdown
Example: Device(config-if)# shutdown |
(Optional) Shuts down the interface to prevent traffic flow until configuration is complete. |
Step 5
|
switchport mode access
Example: Device(config-if)# switchport mode access |
Configures the interface as a Layer 2 access. |
Step 6
|
switchport access vlan vlan-number
Example: Device(config-if)# switchport access vlan 1 |
For access ports, specifies the access VLAN. |
Step 7
|
no shutdown
Example: Device(config-if)# no shutdown |
Activates the interface. |
Step 8
|
end
Example: Device(config-if)# end |
Exits interface configuration mode. |
To enable 802.1x port-based authentication, you must enable Authentication, Authorization, and Accounting (AAA) and specify the authentication method list. A method list describes the sequence and authentication methods to be queried to authenticate a user.
The software uses the first method listed to authenticate users; if that method fails to respond, the software selects the next authentication method in the method list. This process continues until there is a successful communication with a listed authentication method or until all defined methods are exhausted. If authentication fails at any point in this cycle, the authentication process stops, and other authentication methods are not attempted.
For additional information about default 802.1x configuration, see "Default 802.1x Configuration" section.
Perform the following task to configure 802.1x port-based authentication.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
aaa authentication dot1x {default | listname} method1 [method2...]
Example: Device(config)# aaa authentication dot1x default newmethod |
Creates an 802.1x authentication method list.
|
Step 4
|
interface interface-type interface-number
Example: Device(config)# interface fastethernet 0/1/3 |
Specifies the interface to be enabled for 802.1x authentication and enters interface configuration mode. |
Step 5
|
dot1x port-control auto
Example: Device(config-if)# dot1x port-control auto |
Enables 802.1x on the interface. |
Step 6
|
end
Example: Device(config-if)# end |
Exits interface configuration mode and returns to privileged EXEC mode. |
Step 7
|
show dot1x
Example: Device# show dot1x |
Verifies your entries. |
Step 8
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your entries in the configuration file. |
RADIUS security servers are identified by their hostname or IP address, hostname and specific UDP port numbers, or IP address and specific UDP port numbers. The combination of the IP address and UDP port number creates a unique identifier, which enables RADIUS requests to be sent to multiple UDP ports on a server at the same IP address. If two different host entries on the same RADIUS server are configured for the same service--for example, authentication--the second host entry configured acts as the failover backup to the first one. The RADIUS host entries are tried in the order that they were configured.
Perform the following task to configure the RADIUS server parameters on the device.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
||
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
||
Step 3
|
radius-server host {hostname | ip-address} auth-port port-number key string
Example: Device(config)# radius-server host hostseven auth-port 75 key newauthority75 |
Configures the RADIUS server parameters on the device.
|
||
Step 4
|
end
Example: Device(config)# end |
Exits global configuration mode and returns to privileged EXEC mode.
|
||
Step 5
|
show running-config
Example: Device# show running-config |
Verifies your entries. |
||
Step 6
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your entries in the configuration file. |
To delete the specified RADIUS server, use the no radius-server host {hostname | ip-address} global configuration command.
You can globally configure the timeout, retransmission, and encryption key values for all RADIUS servers by using the radius-server host global configuration command. If you want to configure these options on a per-server basis, use the radius-server timeout, radius-server retransmit, and the radius-server key global configuration commands.
You also need to configure some settings on the RADIUS server. These settings include the IP address of the device and the key string to be shared by both the server and the device. For more information, refer to the RADIUS server documentation.
To delete the specified RADIUS server, use the no radius server-host { hostname|ip-address} global configuration command. You can globally configure the timeout, retransmission, and encryption key values for all RADIUS servers by using the radius-server host global configuration command. If you want to configure these options on a per-server basis, use the radius-server timeout, radius-server retransmit, and radius-server key commands in global configuration mode.
You also need to configure some settings on the RADIUS server. These settings include the IP address of the device and the key string to be shared by both the server and the device. For more information, refer to the RADIUS server documentation.
You can enable periodic 802.1x client reauthentication and specify how often it should occur. If you do not specify a time period before enabling reauthentication, the default time period between reauthentication attempts is 3600 seconds.
Automatic 802.1x client reauthentication is a global setting and cannot be set for clients connected to individual ports.
Perform the following task to enable periodic reauthentication of the client and to configure the number of seconds between reauthentication attempts.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
dot1x re-authentication
Example: Device(config)# dot1x re-authentication |
Enables periodic reauthentication of the client. |
Step 4
|
dot1x timeout re-authperiod seconds
Example: Device(config)# dot1x timeout re-authperiod 120 |
Sets the number of seconds between reauthentication attempts. |
Step 5
|
end
Example: Device(config)# end |
Exits global configuration mode and returns to privileged EXEC mode. |
Step 6
|
show dot1x
Example: Device# show dot1x |
Verifies your entries. |
Step 7
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your entries in the configuration file. |
If the device cannot authenticate the client, the device remains idle for a set period of time, and then tries again. The idle time is determined by the quiet-period value. A failed authentication of the client might occur because the client provided an invalid password. You can provide a faster response time to the user by entering smaller number than the default.
Perform the following task to change the quiet period.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
dot1x timeout quiet-period seconds
Example: Device(config)# dot1x timeout quiet-period 120 |
Sets the number of seconds that the device remains in the quiet state following a failed authentication exchange with the client. |
Step 4
|
end
Example: Device(config-if)# end |
Exits interface configuration mode and returns to privileged EXEC mode.
|
Step 5
|
show dot1x
Example: Device# show dot1x |
Verifies your entries. |
Step 6
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your entries in the configuration file. |
The client responds to the EAP-request/identity frame from the device with an EAP-response/identity frame. If the device does not receive this response, it waits for a set period of time (known as the retransmission time), and then retransmits the frame.
Note |
You should change the default value of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers. |
Perform the following task to change the amount of time that the device waits for client notification.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
dot1x timeout tx-period seconds
Example: Device(config)# dot1x timeout tx-period seconds |
Sets the number of seconds that the device waits for a response to an EAP-request/identity frame from the client before retransmitting the request. |
Step 4
|
end
Example: Device(config)# end |
Exits global interface configuration mode and returns to privileged EXEC mode. |
Step 5
|
show dot1x
Example: Device# show dot1x |
Verifies your entries. |
Step 6
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your entries in the configuration file. |
In addition to changing the device-to-client retransmission time, you can change the number of times that the device sends an EAP-request/identity frame (assuming no response is received) to the client before restarting the authentication process.
Note |
You should change the default value of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers. |
Perform the following task to set the device-to-client frame-retransmission number.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
dot1x max-req count
Example: Device(config)# dot1x max-req 5 |
Sets the number of times that the device sends an EAP-request/identity frame to the client before restarting the authentication process. |
Step 4
|
end
Example: Device(config)# end |
Exits global configuration mode and returns to privileged EXEC mode.
|
Step 5
|
show dot1x
Example: Device# show dot1x |
Verifies your entries. |
Step 6
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your entries in the configuration file. |
You can attach multiple hosts to a single 802.1x-enabled port. In this mode, only one of the attached hosts must be successfully authorized for all hosts to be granted network access. If the port becomes unauthorized (reauthentication fails, and an EAPOL-logoff message is received), all attached clients are denied access to the network.
Perform the following task to allow multiple hosts (clients) on an 802.1x-authorized port that has the dot1x port-control interface configuration command set to auto.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
interface interface-type interface-number
Example: Device(config)# interface fastethernet 0/1/2 |
Specifies the interface and enters interface configuration mode. |
Step 4
|
dot1x multiple-hosts
Example: Device(config-if)# dot1x multiple-hosts |
Allows multiple hosts (clients) on an 802.1x-authorized port. |
Step 5
|
end
Example: Device(config-if)# end |
Exits interface configuration mode and returns to privileged EXEC mode. |
Step 6
|
show dot1x
Example: Device# show dot1x |
Verifies your entries. |
Step 7
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your entries in the configuration file. |
You can reset the 802.1x configuration to the default values with a single command.
Perform the following task to reset the 802.1x configuration to the default values.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
dot1x default
Example: Device(config)# dot1x default |
Resets the configurable 802.1x parameters to the default values. |
Step 4
|
end
Example: Device(config)# end |
Exits global configuration mode and returns to privileged EXEC mode.
|
Step 5
|
show dot1x
Example: Device# show dot1x |
Verifies your entries. |
Step 6
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your entries in the configuration file. |
To display 802.1x statistics for all interfaces, use the show dot1x statistics privileged EXEC command. To display 802.1x statistics for a specific interface, use the show dot1x statistics interface interface-id privileged EXEC command.
To display the 802.1x administrative and operational status for the device, use the show dot1x privileged EXEC command. To display the 802.1x administrative and operational status for a specific interface, use the show dot1x interface interface-id privileged EXEC command.
You can enable spanning tree protocol on a per-VLAN basis. The device maintains a separate instance of spanning tree for each VLAN except for which you disable spanning tree.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
spanning-tree vlan vlan-id
Example: Device(config)# spanning-tree vlan 200 |
Enables spanning tree on a per-VLAN basis. |
Step 4
|
end
Example: Device(config)# end |
Exits global configuration mode and enters privileged EXEC mode.
|
Step 5
|
show spanning-tree vlan vlan-id
Example: Device# show spanning-tree vlan 200 |
Verifies spanning tree configuration. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
interface type number
Example: Device(config)# interface fastethernet 0/1/6 |
Configures an interface and enters interface configuration mode. |
Step 4
|
spanning-tree port-priority port-priority
Example: Device(config-if)# spanning-tree port-priority 8 |
Configures the port priority for an interface. |
Step 5
|
spanning-tree vlan vlan-id port-priority port-priority
Example: Device (config-if)# spanning-tree vlan vlan1 port-priority 12 |
Configures the port priority for a VLAN. |
Step 6
|
end
Example: Device(config)# end |
Exits global configuration mode and enters privileged EXEC mode. |
Step 7
|
show spanning-tree interface fastethernet interface-id
Example: Device# show spanning-tree interface fastethernet 0/1/6 |
(Optional) Saves your entries in the configuration file. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
interface type number
Example: Device(config)# interface fastethernet 0/1/6 |
Configures an interface and enters interface configuration mode. |
Step 4
|
spanning-tree cost port-cost
Example: Device(config-if)# spanning-tree cost 2000 |
Configures the port cost for an interface. |
Step 5
|
spanning-tree vlan vlan-id cost port-cost
Example: Device(config-if)# spanning-tree vlan 200 cost 2000 |
Configures the VLAN port cost for an interface. |
Step 6
|
end
Example: Device(config)# end |
Exits interface configuration mode and enters privileged EXEC mode. |
Step 7
|
show spanning-tree interface fastethernet interface-id
Example: Device# show spanning-tree interface fastethernet 0/1/6 |
(Optional) Saves your entries in the configuration file. |
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
||
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
||
Step 3
|
spanning-tree vlan vlan-id priority bridge-priority
Example: Device(config)# spanning-tree vlan 200 priority 2 |
Configures the bridge priority of a VLAN. The bridge priority value ranges from 0 to 65535.
|
||
Step 4
|
show spanning-tree vlan bridge
Example: Device(config-if)# spanning-tree cost 200 |
Verifies the bridge priority. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
spanning-tree vlan vlan-id hello-time hello-time
Example: Device(config)# spanning-tree vlan 200 hello-time 5 |
Configures the hello time for a VLAN. |
Step 4
|
end
Example: Device(config)# end |
Exits global configuration mode and enters privileged EXEC mode. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
spanning-tree vlan vlan-id forward-time forward-time
Example: Device(config)# spanning-tree vlan 20 forward-time 5 |
Configures the forward delay time for a VLAN. |
Step 4
|
end
Example: Device(config)# end |
Exits global configuration mode and enters privileged EXEC mode. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
spanning-tree vlan vlan-id max-age max-age
Example: Device(config)# spanning-tree vlan 200 max-age 30 |
Configures the maximum aging time for a VLAN. |
Step 4
|
end
Example: Device(config)# end |
Exits global configuration mode and enters privileged EXEC mode. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
spanning-tree vlan vlanid root primary [diameter hops [hello-time seconds]]
Example: Device(config)# spanning-tree vlan 200 root primary |
Configures a device as the root device. |
Step 4
|
no spanning-tree vlan vlan-id
Example: Device(config)# no spanning-tree vlan 200 root primary |
Disables spanning tree on a per-VLAN basis. |
Step 5
|
show spanning-tree vlan vlan-id
Example: Device(config)# show spanning-tree vlan 200 |
Verifies spanning tree on a per-VLAN basis. |
Port security is implemented by providing the user with the option to secure a port by allowing only well-known MAC addresses to send in data traffic. Up to 200 secure MAC addresses per HWIC are supported.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
mac-address-table secure mac-address fastethernet interface-id [vlan vlan-id] ]
Example: Device(config)# mac-address-table secure 0000.0002.0001 fastethernet 0/1/1 vlan 2 |
Secures the MAC address traffic on the port. |
Step 4
|
end
Example: Device(config)# end |
Exits global configuration mode and returns to privileged EXEC mode. |
Step 5
|
show mac-address-table secure
Example: Device# show mac-address-table secure |
Verifies the configuration. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
mac-address-table static mac-address fastethernet interface-id [vlan vlan-id]
Example: Device(config)# mac-address-table static 00ff.ff0d.2dc0 fastethernet 0/1/1 |
Creates a static entry in the MAC address table.
|
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode.
|
Step 5
|
show mac-address-table
Example: Device# show mac-address-table |
Verifies the MAC address table.
|
The aging timer may be configured from 16 seconds to 4080 seconds, in 16-second increments.
Perform this task to configure the aging timer.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
mac -address-table aging-tim e time
Example: Device(config)# mac-address-table aging-time 4080 |
Configures the MAC address aging timer age in seconds. |
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode.
|
Step 5
|
show mac-address-table aging-time
Example: Device# show mac-address-table aging-time |
Verifies the MAC address table. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
cdp run
Example: Device(config)# cdp run |
Enables CDP globally. |
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
Step 5
|
show cdp
Example: Device# show cdp |
Verifies the CDP configuration. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
interface {ethernet | fastethernet} interface-id
Example: Device(config)# interface fastethernet 0/1/1 |
Selects an interface and enters interface configuration mode. |
Step 4
|
cdp enable
Example: Device(config-if)# cdp enable |
Enables CDP globally. |
Step 5
|
end
Example: Device(config-if)# end |
Exits interface configuration mode. |
Step 6
|
show cdp interface interface-id
Example: Device# show cdp interface |
Verifies the CDP configuration on the interface.
|
Step 7
|
show cdp neighbors
Example: Device# show cdp neighbors |
Verifies the information about the neighboring equipment. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
clear cdp counter s
Example: Device# clear cdp counters |
(Optional) Resets the traffic counters to zero.
|
Step 3
|
clear cdp table
Example: Device# clear cdp table |
(Optional) Deletes the CDP table of information about neighbors.
|
Step 4
|
show cdp
Example: Device# show cdp |
(Optional) Verifies global information such as frequency of transmissions and the holdtime for packets being transmitted. |
Step 5
|
show cdp entry entry-name [protocol | version]
Example: Device# show cdp entry newentry |
(Optional) Verifies information about a specific neighbor. |
Step 6
|
show cdp interface interface-id
Example: Device# show cdp interface 0/1/1 |
(Optional) Verifies information about interfaces on which CDP is enabled. |
Step 7
|
show cdp neighbors interface-id [detail]
Example: Device# show cdp neighbors 0/1/1 |
(Optional) Verifies information about neighbors. |
Step 8
|
show cdp traffic
Example: Device# show cdp traffic |
(Optional) Verifies CDP counters, including the number of packets sent and received, and checksum errors. |
Note |
An EtherSwitch HWIC supports only one SPAN session. Either Tx or both Tx and Rx monitoring is supported. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
monitor session 1 {source interface interface-id | vlan vlan-id} [, | - | rx | tx | both]
Example: Device(config)# monitor session 1 source interface fastethernet 0/3/1 |
Specifies the SPAN session (number 1), the source interfaces or VLANs, and the traffic direction to be monitored. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
monitor session session-id {destination {interface interface-id} | {vlan vlan-id}} [, | - | rx | tx | both]
Example: Device(config)# monitor session 1 source interface fastethernet 0/3/1 |
Specifies the SPAN session (number 1), the source interfaces or VLANs, and the traffic direction to be monitored. |
Step 4
|
end
Example: Device(config)# end |
Exits global configuration mode. |
The HWICs can supply inline power to a Cisco 7960 IP phone, if necessary. The Cisco 7960 IP phone can also be connected to an AC power source and supply its own power to the voice circuit. When the Cisco 7960 IP phone is supplying its own power, an HWICs can forward IP voice traffic to and from the phone.
A detection mechanism on the HWIC determines whether the device is connected to a Cisco 7960 IP phone. If the device senses that there is no power on the circuit, the device supplies the power. If there is power on the circuit, the device does not supply it.
You can configure the device never to supply power to the Cisco 7960 IP phone and to disable the detection mechanism.
Follow these steps to manage the powering of the Cisco IP phones.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
interface fastethernet interface-id
Example: Device(config)# interface fastethernet 0/3/1 |
Selects a particular Fast Ethernet interface for configuration, and enters interface configuration mode. |
Step 4
|
power inline {auto | never}
Example: Device(config-if)# power inline auto |
Configures the port to supply inline power automatically to a Cisco IP phone. |
Step 5
|
end
Example: Device(config-if)# end |
Returns to privileged EXEC mode.
|
Step 6
|
show power inline
Example: Device# show power inline |
Displays power configuration on the ports. |
You must enable IP multicast routing globally before you can enable IP multicast Layer 3 switching on Layer 3 interfaces.
For complete information and procedures, see the following publications:
Note |
See the Cisco command reference listing page for protocol-specific command references. |
Perform the following task to enable IP multicast routing globally.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
ip multicast-routing
Example: Device(config)# ip multicast-routing |
Enables IP multicast routing globally. |
You must enable protocol-independent multicast (PIM) on the Layer 3 interfaces before enabling IP multicast Layer 3 switching functions on those interfaces.
Perform this task to enable IP PIM on a Layer 3 interface.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
interface vlan vlan-id
Example: Device(config)# interface vlan 1 |
Selects the interface to be configured and enters interface configuration mode. |
Step 4
|
ip pim {dense-mode | sparse-mode | sparse-dense-mode}
Example: Device(config-if)# ip pim sparse-dense mode |
Enables IP PIM on a Layer 3 interface. |
Note |
The show interface statistics command does not verify hardware-switched packets; only packets switched by software are verified. |
The show ip pim interface countcommand verifies the IP multicast Layer 3 switching enable state on IP PIM interfaces, and verifies the number of packets received and sent on the interface.
Use the following show commands to verify IP multicast Layer 3 switching information for an IP PIM Layer 3 interface.
Step 1 |
Device# show ip pim interface count Example: State:* - Fast Switched, D - Distributed Fast Switched H - Hardware Switching Enabled Address Interface FS Mpackets In/Out 10.0.0.1 VLAN1 * 151/0 Device# |
||
Step 2 |
Device# show ip mroute count Example: IP Multicast Statistics 5 routes using 2728 bytes of memory 4 groups, 0.25 average sources per group Forwarding Counts:Pkt Count/Pkts per second/Avg Pkt Size/Kilobits per second Other counts:Total/RPF failed/Other drops(OIF-null, rate-limit etc) Group:209.165.200.225 Source count:1, Packets forwarded: 0, Packets received: 66 Source:10.0.0.2/32, Forwarding:0/0/0/0, Other:66/0/66 Group:209.165.200.226, Source count:0, Packets forwarded: 0, Packets received: 0 Group:209.165.200.227, Source count:0, Packets forwarded: 0, Packets received: 0 Group:209.165.200.228, Source count:0, Packets forwarded: 0, Packets received: 0 Device#
|
||
Step 3 |
Device# show ip interface vlan 1 Example: Vlan1 is up, line protocol is up Internet address is 10.0.0.1/24 Broadcast address is 209.165.201.1 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Multicast reserved groups joined:209.165.201.2 209.165.201.3 209.165.201.4 209.165.201.5 Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP CEF switching is enabled IP CEF Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast, CEF Device Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Policy routing is disabled Network address translation is disabled WCCP Redirect outbound is disabled WCCP Redirect inbound is disabled WCCP Redirect exclude is disabled BGP Policy Mapping is disabled Device# |
Use the show ip mroute command to verify the IP multicast routing table:
show ip mroute 224.10.103.10
IP Multicast Routing Table
Flags:D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report, Z - Multicast Tunnel,
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags:H - Hardware switched, A - Assert winner
Timers:Uptime/Expires
Interface state:Interface, Next-Hop or VCD, State/Mode
(*, 209.165.201.2), 00:09:21/00:02:56, RP 0.0.0.0, flags:DC
Incoming interface:Null, RPF nbr 0.0.0.0
Outgoing interface list:
Vlan1, Forward/Sparse-Dense, 00:09:21/00:00:00, H
Device#
Note |
The RPF-MFD flag indicates that the flow is completely hardware switched. The H flag indicates that the flow is hardware switched on the outgoing interface. |
By default, IGMP snooping is globally enabled on the EtherSwitch HWIC. When globally enabled or disabled, it is enabled or disabled in all existing VLAN interfaces. By default, IGMP snooping is enabled on all VLANs, but it can be enabled and disabled on a per-VLAN basis.
Global IGMP snooping overrides the per-VLAN IGMP snooping capability. If global snooping is disabled, you cannot enable VLAN snooping. If global snooping is enabled, you can enable or disable snooping on a VLAN basis.
Perform this task to globally enable IGMP snooping on the EtherSwitch HWIC.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
ip igmp snooping
Example: Device(config)# ip igmp snooping |
Globally enables IGMP snooping in all existing VLAN interfaces. |
Step 4
|
|
|
Step 5
|
ip igmp snooping vlan vlan-id
Example: Device(config)# ip igmp snooping vlan 100 |
Globally enables IGMP snooping on a specific VLAN interface. |
Step 6
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
Step 7
|
show ip igmp snooping
Example: Device# show ip igmp snooping |
Displays snooping configuration.
|
Step 8
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your configuration to the startup configuration. |
When you enable IGMP Immediate-Leave processing, the EtherSwitch HWIC immediately removes a port from the IP multicast group when it detects an IGMP version 2 Leave message on that port. Immediate-Leave processing allows the device to remove an interface that sends a Leave message from the forwarding table without first sending out group-specific queries to the interface. You should use the Immediate-Leave feature only when there is only a single receiver present on every port in the VLAN.
Perform the following task to enable IGMP Immediate-Leave processing.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
ip igmp snooping vlan vlan-id immediate-leave
Example: Device(config)# ip igmp snooping vlan 1 immediate-leave |
Enables IGMP Immediate-Leave processing on the VLAN interface. |
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
Step 5
|
show ip igmp snooping
Example: Device# show ip igmp snooping |
Displays snooping configuration. |
Step 6
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your configuration to the startup configuration. |
Ports normally join multicast groups through the IGMP report message, but you can also statically configure a host on an interface.
Follow the steps below to add a port as a member of a multicast group.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
ip igmp snooping vlan vlan-id static mac-address interface interface-id
Example: Device(config)# ip igmp snooping vlan 1 static 0100.5e05.0505 interface FastEthernet0/1/1 |
Enables IGMP snooping on the VLAN interface. |
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
Step 5
|
show mac-address-table multicast [vlan vlan-id] [user | igmp-snooping] [count]
Example: Device# show mac-address-table multicast vlan 1 igmp-snooping |
Displays MAC address table entries for a VLAN. |
Step 6
|
show ip igmp snooping
Example: Device# show ip igmp snooping |
Displays snooping configuration. |
Step 7
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your configuration to the startup configuration. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
ip igmp snooping vlan vlan-id mrouter {interface interface-id | learn pim-dvmrp}
Example: Device(config)# ip igmp snooping vlan1 interface Fa0/1/1 learn pim-dvmrp |
Enables IGMP snooping on the VLAN interface and enables route discovery. |
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
Step 5
|
show ip igmp snooping
Example: Device# show ip igmp snooping |
(Optional) Displays snooping configuration. |
Step 6
|
show ip igmp snooping mrouter [vlan vlan-id]
Example: Device# show ip igmp snooping mroute vlan vlan1 |
(Optional) Displays Mroute discovery information. |
Step 7
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your configuration to the startup configuration. |
You can use these techniques to block the forwarding of unnecessary flooded traffic.
By default, unicast, broadcast, and multicast suppression is disabled.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
interface interface-type interface-number
Example: Device(config)# interface fastethernet 0/3/1 |
Specifies the port to configure, and enters interface configuration mode.
|
Step 4
|
storm-control {broadcast | multicast | unicast} level level
Example: Device(config-if)# storm-control broadcast level 7 |
Configures broadcast, multicast, or unicast per-port storm control. |
Step 5
|
storm-control action shutdown
Example: Device(config-if)# storm-control action shutdown |
Selects the shutdown keyword to disable the port during a storm. |
Step 6
|
storm-control action trap
Example: Device(config-if)# storm-control action trap |
Sends Simple Management Network Protocol (SNMP) trap to disable the port during a storm. |
Step 7
|
end
Example: Device(config-if)# end |
Returns to privileged EXEC mode. |
Step 8
|
show interfaces interface-type interface-number counters storm-control
Example: Device# show interfaces fastethernet 0/3/1 counters storm-control |
(Optional) Verifies your entries. |
Note |
If any type of traffic exceeds the upper threshold limit, all other traffic will be stopped. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
interface interface-type interface-number
Example: Device(config)# interface fastethernet 0/3/1 |
Specifies the interface and enters interface configuration mode. |
Step 4
|
no storm-control {broadcast | multicast| unicast} level level
Example: Device(config-if)# no storm-control broadcast level 7 |
Disables per-port storm control. |
Step 5
|
no storm-control action shutdown
Example: Device(config-if)# no storm-control action shutdown |
Disables the specified storm control action. |
Step 6
|
no storm-control action trap
Example: Device(config-if)# no storm-control action trap |
Disables the specified storm control action. |
Step 7
|
end
Example: Device(config-if)# end |
Returns to privileged EXEC mode. |
Step 8
|
show interfaces interface-type interface-number counters storm-control
Example: Device# show interfaces fastethernet 0/3/1 counters storm-control |
(Optional) Verifies your entries. |
Stacking is the connection of two device modules resident in the same chassis so that they behave as a single device. When a chassis is populated with two device modules, the user must configure to operate in stacked mode. This is done by selecting one port from each device module and configuring it to be a stacking partner. The user must then use a cable to connect the stacking partners from each device module to physically stack the device modules. Any one port in a device module can be designated as the stacking partner for that device module.
Perform this task to configure a pair of ports on two different device modules as stacking partners.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
interface fastethernet interface-id
Example: Device(config)# interface fastethernet 0/3/1 |
Enters interface configuration mode. |
Step 4
|
no shutdown
Example: Device(config-if)# no shutdown |
Activates the interface. |
Step 5
|
switchport stacking-partner interface fastethernet partner-interface-id
Example: Device(config-if)# switchport stacking-partner interface FastEthernet partner-interface-id |
Selects and configures the stacking partner port. |
Step 6
|
exit
Example: Device(config-if)# exit |
Returns to privileged configuration mode. |
Step 7
|
interface fastethernet partner-interface-id
Example: Device# interface fastethernet 0/3/1 |
Specifies the partner-interface, and enters interface configuration mode. |
Step 8
|
no shutdown
Example: Device(config-if)# no shutdown |
Activates the stacking partner interface. |
Step 9
|
end
Example: Device(config-if)# end |
Exits configuration mode. |
Note |
Both stacking partner ports must have their speed and duplex parameters set to auto. |
Caution |
If stacking is removed, stacked interfaces will shutdown. Other nonstacked ports will be left unchanged. |
The table below shows the default fallback bridging configuration.
Table 2 | Default Fallback Bridging Configuration |
Feature |
Default Setting |
---|---|
Bridge groups |
None are defined or assigned to an interface. No VLAN-bridge STP is defined. |
Device forwards frames for stations that it has dynamically learned |
Enabled. |
Bridge table aging time for dynamic entries |
300 seconds. |
MAC-layer frame filtering |
Disabled. |
Spanning tree parameters: |
|
To configure fallback bridging for a set of switched virtual interfaces (SVIs), these interfaces must be assigned to bridge groups. All interfaces in the same group belong to the same bridge domain. Each SVI can be assigned to only one bridge group.
Perform this task to create a bridge group and assign an interface to it.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
no ip routing
Example: Device(config)# no ip routing |
Disables IP routing. |
Step 4
|
bridge bridge-group protocol vlan-bridge
Example: Device(config)# bridge 100 protocol vlan-bridge |
Assigns a bridge group number and specifies the VLAN-bridge spanning-tree protocol to run in the bridge group. |
Step 5
|
interface interface-type interface-number
Example: Device(config)# interface vlan 0/3/1 |
Specifies the interface on which you want to assign the bridge group, and enters interface configuration mode. |
Step 6
|
bridge-group bridge-group
Example: Device(config-if)# bridge-group 100 |
Assigns the interface to the bridge group. |
Step 7
|
end
Example: Device(config-if)# end |
Returns to privileged EXEC mode. |
Step 8
|
show vlan-bridge
Example: Device# show vlan-bridge |
(Optional) Verifies forwarding mode. |
Step 9
|
show running-config
Example: Device# show running-config |
(Optional) Verifies your entries. |
Step 10
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your entries in the configuration file. |
By default, the device forwards any frames for stations that it has dynamically learned. When this activity is disabled, the device only forwards frames whose addresses have been statically configured into the forwarding cache.
Perform this task to prevent the device from forwarding frames for stations that it has dynamically learned.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
no bridge bridge-group acquire
Example:
Example: Device(config)# no bridge 100 acquire |
Enables the device to stop forwarding any frames for stations that it has dynamically learned through the discovery process and to limit frame forwarding to statically configured stations.
|
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
Step 5
|
show running-config
Example: Device# show running-config |
(Optional) Verifies your entry. |
Step 6
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your entry in the configuration file. |
A device forwards, floods, or drops packets based on the bridge table. The bridge table maintains both static and dynamic entries. Static entries are entered by the user. Dynamic entries are entered by the bridge learning process. A dynamic entry is automatically removed after a specified length of time, known as aging time, from the time the entry was created or last updated.
If you are likely to move hosts on a switched network, decrease the aging time to enable the device to quickly adapt to the change. If hosts on a switched network do not continuously send packets, increase the aging time to keep the dynamic entries for a longer time and thus reduce the possibility of flooding when the hosts send again.
Perform this task to configure the aging time.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
bridge bridge-group aging-time seconds
Example: Device(config)# bridge 100 aging-time 10000 |
Specifies the length of time that a dynamic entry remains in the bridge table from the time the entry was created or last updated. |
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
Step 5
|
show running-config
Example: Device# show running-config |
(Optional) Verifies your entry. |
Step 6
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your entry in the configuration file. |
A device examines frames and sends them through the internetwork according to the destination address; a device does not forward a frame back to its originating network segment. You can use the software to configure specific administrative filters that filter frames based on information other than the paths to their destinations.
You can filter frames with a particular MAC-layer station destination address. Any number of addresses can be configured in the system without a performance penalty.
Perform this task to filter by the MAC-layer address.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
bridge bridge-group address mac-address {forward | discard} [interface-id]
Example:
Example: Device(config)# bridge 1 address 0800.cb00.45e9 forward ethernet 1 |
Filters frames with a particular MAC-layer station source or destination address.
|
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
Step 5
|
show running-config
Example: Device# show running-config |
(Optional) Verifies your entry. |
Step 6
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your entry in the configuration file. |
You might need to adjust certain spanning-tree parameters if the default values are not suitable for your device configuration. Parameters affecting the entire spanning tree are configured with variations of the bridge global configuration command. Interface-specific parameters are configured with variations of the bridge-group interface configuration command.
You can adjust spanning-tree parameters by performing any of the tasks in these sections:
Note |
Only network administrators with a good understanding of how devices and STP function should make adjustments to spanning-tree parameters. Poorly planned adjustments can have a negative impact on performance. |
You can globally configure the priority of an individual device when two devices tie for position as the root device, or you can configure the likelihood that a device will be selected as the root device. This priority is determined by default; however, you can change it.
Perform this task to change the device priority.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
bridge bridge-group priority number
Example: Device(config)# bridge 100 priority 5 |
Changes the priority of the device. |
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
Step 5
|
show running-config
Example: Device# show running-config |
Verifies your entry. |
Step 6
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your entry in the configuration file. |
You can change the priority for an interface. When two devices tie for position as the root device, you configure an interface priority to break the tie. The device with the lower interface value is elected.
Perform this task to change the interface priority.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
interface interface-type interface-number
Example: Device(config)# interface fastethernet 0/3/1 |
Specifies the interface to set the priority, and enters interface configuration mode. |
Step 4
|
bridge bridge-group priority number
Example: Device(config-if)# bridge 100 priority 4 |
Changes the priority of the bridge. |
Step 5
|
end
Example: Device(config-if)# end |
Returns to privileged EXEC mode. |
Step 6
|
show running-config
Example: Device# show running-config |
(Optional) Verifies your entry. |
Step 7
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your entry in the configuration file. |
Each interface has a path cost associated with it. By convention, the path cost is 1000/data rate of the attached LAN, in Mbps.
Perform this task to assign a path cost.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
interface interface-type interface-number
Example: Device(config)# interface fastethernet 0/3/1 |
Specifies the interface to set the priority and enters interface configuration mode.
|
Step 4
|
bridge bridge-group path-costs cost
Example: Device(config-if)# bridge 100 pathcost 4 |
Changes the path cost. |
Step 5
|
end
Example: Device(config-if)# end |
Returns to privileged EXEC mode. |
Step 6
|
show running-config
Example: Device# show running-config |
(Optional) Verifies your entry. |
Step 7
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your entry in the configuration file. |
You can adjust bridge protocol data unit (BPDU) intervals as described in these sections:
Note |
Each device in a spanning tree adopts the interval between hello BPDUs, the forward delay interval, and the maximum idle interval parameters of the root device, regardless of what its individual configuration might be. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
bridge bridge-group hello-time seconds
Example: Device(config)# bridge 100 hello-time 5 |
Specifies the interval between hello BPDUs. |
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
Step 5
|
show running-config
Example: Device# show running-config |
(Optional) Verifies your entry. |
Step 6
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your entry in the configuration file. |
The forward-delay interval is the amount of time spent listening for topology change information after an interface has been activated for switching and before forwarding actually begins.
Perform this task to change the forward-delay interval.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
bridge bridge-group forward-time seconds
Example: Device(config)# bridge 100 forward-time 25 |
Specifies the forward-delay interval. |
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
Step 5
|
show running-config
Example: Device# show running-config |
(Optional) Verifies your entry. |
Step 6
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your entry in the configuration file. |
If a device does not hear BPDUs from the root device within a specified interval, it recomputes the spanning-tree topology.
Perform this task to change the maximum-idle interval (maximum aging time).
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
bridge bridge-group max-age seconds
Example: Device(config)# bridge 100 forward-time 25 |
Specifies the interval the device waits to hear BPDUs from the root device. |
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
Step 5
|
show running-config
Example: Device# show running-config |
(Optional) Verifies your entry. |
Step 6
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your entry in the configuration file. |
When a loop-free path exists between any two switched subnetworks, you can prevent BPDUs generated in one switching subnetwork from impacting devices in the other switching subnetwork, yet still permit switching throughout the network as a whole. For example, when switched LAN subnetworks are separated by a WAN, BPDUs can be prevented from traveling across the WAN link.
Perform this task to disable spanning tree on an interface.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
interface interface-type interface-number
Example: Device(config)# interface fastethernet 0/3/1 |
Specifies the interface to set the priority and enters interface configuration mode. |
Step 4
|
bridge-group bridge-group spanning-disabled
Example: Device(config-if)# bridge 100 spanning-disabled |
Disables spanning tree on the interface.
|
Step 5
|
end
Example: Device(config-if)# end |
Returns to privileged EXEC mode. |
Step 6
|
show running-config
Example: Device# show running-config |
(Optional) Verifies your entry. |
Step 7
|
copy running-config startup-config
Example: Device# copy running-config startup-config |
(Optional) Saves your entry in the configuration file. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
clear bridge bridge-group
Example: Device# clear bridge bridge1 |
(Optional) Removes any learned entries from the forwarding database and clears the transmit and receive counts for any statically configured entries. |
Step 3
|
show bridge
Example: Device# show bridge |
(Optional) Displays classes of entries in the bridge forwarding database. |
Step 4
|
end
Example: Device# end |
(Optional) Exits privileged EXEC mode. |
The HWICs can automatically configure voice VLANs. This capability overcomes the management complexity of overlaying a voice topology onto a data network while maintaining the quality of voice traffic. With the automatically configured voice VLAN feature, network administrators can segment phones into separate logical networks, even though the data and voice infrastructure is physically the same. The voice VLAN feature places the phones into their own VLANs without the need for end-user intervention. A user can plug the phone into the device, which provides with the necessary VLAN information.
For ease of network administration and increased scalability, network managers can configure the HWICs to support Cisco IP phones such that the voice and data traffic reside on separate subnets. You should always use separate VLANs when you are able to segment the existing IP address space of your branch office.
User priority bits in the 802.1p portion of the 802.1Q standard header are used to provide prioritization in Ethernet devices. This is a vital component in designing Cisco AVVID networks.
The HWICs provides the performance and intelligent services of Cisco software for branch office applications. The HWICs can identify user applications--such as voice or multicast video--and classify traffic with the appropriate priority levels.
Follow these steps to automatically configure Cisco IP phones to send voice traffic on the voice VLAN ID (VVID) on a per-port basis (see the "Voice Traffic and VVID" section).
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
interface interface-type interface-number
Example: Device(config)# interface fastethernet 0/2/1 |
Specifies the port to be configured and enters interface configuration mode. |
Step 4
|
switchport mode trunk
Example: Device(config-if)# switchport mode trunk |
Configures the port to trunk mode. |
Step 5
|
switchport voice vlan vlan-id
Example: Device(config-if)# switchport voice vlan 100 |
Configures the voice port with a VVID that will be used exclusively for voice traffic. |
For network designs with incremental IP telephony deployment, network managers can configure the HWICs so that the voice and data traffic coexist on the same subnet. This might be necessary when it is impractical either to allocate an additional IP subnet for IP phones or to divide the existing IP address space into an additional subnet at the remote branch, it might be necessary to use a single IP address space for branch offices. (This is one of the simpler ways to deploy IP telephony.)
This configuration approach must address two key considerations:
Perform this task to automatically configure Cisco IP phones to send voice and data traffic on the same VLAN.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
interface interface-type interface-number
Example: Device(config)# interface fastethernet 0/2/1 |
Specifies the port to be configured, and enters interface configuration mode.
|
Step 4
|
switchport access vlan vlan-id
Example: Device(config-if)# switchport access vlan 100 |
Sets the native VLAN for untagged traffic. |
Step 5
|
end
Example: Device(config-if)# end |
Returns to privileged EXEC mode. |
A trap manager is a management station that receives and processes traps. When you configure a trap manager, community strings for each member device must be unique. If a member device has an IP address assigned to it, the management station accesses the device by using its assigned IP address.
By default, no trap manager is defined, and no traps are issued.
Perform this task to add a trap manager and community string.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
snmp-server host ip-address traps snmp vlan-membership
Example: Device(config)# snmp-server host 172.16.128.263 traps1 snmp vlancommunity1 |
Enters the trap manager IP address, community string, and the traps to generate. |
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
This section describes how to assign IP information on the HWICs. The following topics are included:
You can use a BOOTP server to automatically assign IP information to the device; however, the BOOTP server must be set up in advance with a database of physical MAC addresses and corresponding IP addresses, subnet masks, and default gateway addresses. In addition, the device must be able to access the BOOTP server through one of its ports. At startup, a device without an IP address requests the information from the BOOTP server; the requested information is saved in the device running the configuration file. To ensure that the IP information is saved when the device is restarted, save the configuration by entering the write memory command in privileged EXEC mode.
You can change the information in these fields. The mask identifies the bits that denote the network number in the IP address. When you use the mask to subnet a network, the mask is then referred to as a subnet mask. The broadcast address is reserved for sending messages to all hosts. The CPU sends traffic to an unknown IP address through the default gateway.
Perform this task to enter the IP information.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
interface interface-type interface-number
Example: Device(config)# interface vlan 1 |
Specifies the interface (in this case, the VLAN) to which the IP information is assigned and enters interface configuration mode. |
Step 4
|
ip address ip-address subnet-mask
Example: Device(config-if)# ip address 192.168.2.10 255.255.255.255 |
Specifies the IP address. |
Step 5
|
exit
Example: Device(config-if)# exit |
Returns to global configuration mode. |
Step 6
|
ip default-gateway ip-address
Example: Device(config)# ip default-gateway 192.168.2.20 |
Sets the IP address of the default device. |
Step 7
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
Use the following procedure to remove the IP information (such as an IP address) from a device.
Note |
Using the no ip address command in interface configuration mode disables the IP protocol stack and removes the IP information. Cluster members without IP addresses rely on the IP protocol stack being enabled. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
interface interface-type interface-number
Example: Device(config)# interface vlan 1 |
Specifies the interface (in this case, the VLAN) to which the IP information is assigned and enters interface configuration mode. |
Step 4
|
no ip address
Example: Device(config-if)# no ip address |
Removes the IP address and subnet mask. |
Step 5
|
end
Example: Device(config-if)# end |
Returns to privileged EXEC mode. |
If you are removing the IP address through a telnet session, your connection to the device will be lost .
Each unique IP address can have a host name associated with it. The Cisco software maintains an EXEC mode and related Telnet support operations. This cache speeds the process of converting names to addresses.
IP defines a hierarchical naming scheme that allows a device to be identified by its location or domain. Domain names are pieced together with periods (.) as the delimiting characters. For example, Cisco Systems is a commercial organization that IP identifies by a com domain name, so its domain name is cisco.com. A specific device in this domain, the FTP system, for example, is identified as ftp.cisco.com.
To track domain names, IP has defined the concept of a domain name server (DNS), the purpose of which is to hold a cache (or database) of names mapped to IP addresses. To map domain names to IP addresses, you must first identify the host names and then specify a name server and enable the DNS, the Internet's global naming scheme that uniquely identifies network devices.
You can specify a default domain name that the software uses to complete domain name requests. You can specify either a single domain name or a list of domain names. When you specify a domain name, any IP host name without a domain name has that domain name appended to it before being added to the host table.
You can specify up to six hosts that can function as a name server to supply name information for the DNS.
If your network devices require connectivity with devices in networks for which you do not control name assignment, you can assign device names that uniquely identify your devices within the entire internetwork. The Internet's global naming scheme, the DNS, accomplishes this task. This service is enabled by default.
You can monitor traffic on a given port by forwarding incoming and outgoing traffic on the port to another port in the same VLAN. A Switched Port Analyzer (SPAN) cannot monitor ports in a different VLAN, and a SPAN port must be a static-access port. Any number of ports can be defined as SPAN ports, and any combination of ports can be monitored. SPAN is supported for up to 2 sessions.
Perform this task to enable SPAN.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
monitor session session-id {destination | source} {interface | vlan interface-id | vlan-id}} [, | - | both | tx | rx]
Example: Device(config)# monitor session session-id {destination | source} {interface | vlan interface-id | vlan-id}} [, | - | both | tx | rx] |
Enables port monitoring for a specific session ("number"). |
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
no monitor session session-id
Example: Device(config)# no monitor session 37 |
Disables port monitoring for a specific session. |
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
To communicate with a device (on Ethernet, for example), the software first must determine the 48-bit MAC or local data link address of that device. The process of determining the local data link address from an IP address is called address resolution.
The Address Resolution Protocol (ARP) associates a host IP address with the corresponding media or MAC addresses and VLAN ID. Taking an IP address as input, ARP determines the associated MAC address. Once a MAC address is determined, the IP-MAC address association is stored in an ARP cache for rapid retrieval. Then the IP datagram is encapsulated in a link-layer frame and sent over the network. Encapsulation of IP datagrams and ARP requests and replies on IEEE 802 networks other than Ethernet is specified by the Subnetwork Access Protocol (SNAP). By default, standard Ethernet-style ARP encapsulation (represented by the arpa keyword) is enabled on the IP interface.
When you manually add entries to the ARP table by using the CLI, you must be aware that these entries do not age and must be manually removed.
This section describes how to manage the MAC address tables on the HWICs. The following topics are included:
The device uses the MAC address tables to forward traffic between ports. All MAC addresses in the address tables are associated with one or more ports. These MAC tables include the following types of addresses:
The address tables list the destination MAC address and the associated VLAN ID, module, and port number associated with the address. The following shows an example of a list of addresses as they would appear in the dynamic, secure, or static address table.
Device# show mac-address-table
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- --------------------
000a.000b.000c Secure 1 FastEthernet0/1/8
000d.e105.cc70 Self 1 Vlan1
00aa.00bb.00cc Static 1 FastEthernet0/1/0
All addresses are associated with a VLAN. An address can exist in more than one VLAN and have different destinations in each. Multicast addresses, for example, could be forwarded to port 1 in VLAN 1 and ports 9, 10, and 11 in VLAN 5.
Each VLAN maintains its own logical address table. A known address in one VLAN is unknown in another until it is learned or statically associated with a port in the other VLAN. An address can be secure in one VLAN and dynamic in another. Addresses that are statically entered in one VLAN must be static addresses in all other VLANs.
Dynamic addresses are source MAC addresses that the device learns and then drops when they are not in use. Use the Aging Time field to define how long the device retains unseen addresses in the table. This parameter applies to all VLANs.
Setting too short an aging time can cause addresses to be prematurely removed from the table. Then when the device receives a packet for an unknown destination, it floods the packet to all ports in the same VLAN as the receiving port. This unnecessary flooding can impact performance. Setting too long an aging time can cause the address table to be filled with unused addresses; it can cause delays in establishing connectivity when a workstation is moved to a new port.
Perform this task to configure the dynamic address table aging time.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
mac-address-table aging-time seconds
Example: Device(config)# mac-address-table aging-time 30000 |
Enters the number of seconds that dynamic addresses are to be retained in the address table. |
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
no mac-address-table dynamic hw-addr
Example: Device(config)# no mac-address-table dynamic 0100.5e05.0505 |
Enters the MAC address to be removed from dynamic MAC address table. |
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
The secure address table contains secure MAC addresses and their associated ports and VLANs. A secure address is a manually entered unicast address that is forwarded to only one port per VLAN. If you enter an address that is already assigned to another port, the device reassigns the secure address to the new port.
You can enter a secure port address even when the port does not yet belong to a VLAN. When the port is later assigned to a VLAN, packets destined for that address are forwarded to the port.
Note |
When you change the VLAN ID for a port that is configured with a secure MAC address, you must reconfigure the secure MAC address to reflect the new VLAN association. |
Perform this task to add a secure address.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
mac-address-table secure address hw-addr interface interface-idvlan vlan-id
Example: Device(config)# mac-address-table secure address 0100.5e05.0505 interface 0/3/1 vlan vlan 1 |
Enters the MAC address, its associated port, and the VLAN ID. |
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
no mac-address-table secure hw-addr vlan vlan-id
Example: Device(config)# no mac-address-table secure address 0100.5e05.0505 vlan vlan 1 |
Enters the secure MAC address, its associated port, and the VLAN ID to be removed. |
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
A static address has the following characteristics:
Because all ports are associated with at least one VLAN, the device acquires the VLAN ID for the address from the ports that you select on the forwarding map. A static address in one VLAN must be a static address in other VLANs. A packet with a static address that arrives on a VLAN where it has not been statically entered is flooded to all ports and not learned.
Perform this task to add a static address.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
mac-address-table static hw-addr [interface] interface-id [vlan] vlan-id
Example: Device(config)# mac-address-table static 0100.5e05.0505 interface 0/3/1 vlan vlan 1 |
Enters the static MAC address, the interface, and the VLAN ID of those ports. |
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
no mac-address-table static hw-addr [interface] interface-id [vlan] vlan-id
Example: Device(config)# no mac-address-table static 0100.5e05.0505 interface 0/3/1 vlan vlan |
Enters the static MAC address, the interface, and the VLAN ID of the port to be removed. |
Step 4
|
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
clear mac-address-table
Example: Device# clear mac-address-table |
Clears all MAC address tables. |
Step 3
|
end
Example: Device# end |
Exits privileged EXEC mode. |
The following example shows all Fast Ethernet interfaces on an HWIC-4ESW in slot 2 being reenabled:
Device(config)# interface range fastethernet 0/3/0 - 8 Device(config-if-range)# no shutdown Device(config-if-range)# *Mar 21 14:01:21.474: %LINK-3-UPDOWN: Interface FastEthernet0/3/0, changed state to up *Mar 21 14:01:21.490: %LINK-3-UPDOWN: Interface FastEthernet0/3/1, changed state to up *Mar 21 14:01:21.502: %LINK-3-UPDOWN: Interface FastEthernet0/3/2, changed state to up *Mar 21 14:01:21.518: %LINK-3-UPDOWN: Interface FastEthernet0/3/3, changed state to up *Mar 21 14:01:21.534: %LINK-3-UPDOWN: Interface FastEthernet0/3/4, changed state to up *Mar 21 14:01:21.546: %LINK-3-UPDOWN: Interface FastEthernet0/3/5, changed state to up *Mar 21 14:01:21.562: %LINK-3-UPDOWN: Interface FastEthernet0/3/6, changed state to up *Mar 21 14:01:21.574: %LINK-3-UPDOWN: Interface FastEthernet0/3/7, changed state to up *Mar 21 14:01:21.590: %LINK-3-UPDOWN: Interface FastEthernet0/3/8, changed state to up Device(config-if-range)#
The following example shows how to define an interface-range macro named enet_list to select Fast Ethernet interfaces 0/1/0 through 0/1/3:
Device(config)# define interface-range enet_list fastethernet 0/1/0 - 0/1/3
The following example shows how to define an interface-range configuration mode using the interface-range macro enet_list:
Device(config)# interface-range macro enet_list
The following example shows how to stack two HWICs.
Device(config)# interface FastEthernet 0/1/8 Device(config-if)# no shutdown Device(config-if)# switchport stacking-partner interface FastEthernet 0/3/8 Device(config-if)# interface FastEthernet 0/3/8 Device(config-if)# no shutdown
Note |
In practice, the command switchport stacking-partner interface FastEthernet 0/partner-slot/partner-port needs to be executed for only one of the stacked ports. The other port will be automatically configured as a stacking port by the Cisco software. The command no shutdown, however, must be executed for both of the stacked ports. |
The following example shows how to configure inter-VLAN routing:
Device> enable Device# configure terminal Device(config)# vlan 45 Device(config-vlan)# vlan 1 Device(config-vlan)# vlan 2 Device(config-vlan)# exit Device# configure terminal Device(config)# interface vlan 1 Device(config-if)# ip address 10.1.1.1 255.255.255.0 Device(config-if)# no shut Device(config-if)# interface vlan 2 Device(config-if)# ip address 10.2.2.2 255.255.255.0 Device(config-if)# no shut Device(config-if)# interface FastEthernet 0/1/0 Device(config-if)# switchport access vlan 1 Device(config-if)# interface Fast Ethernet 0/1/1 Device(config-if)# switchport access vlan 2 Device(config-if)# exit
The following example shows how to configure the device as a VTP server:
Device# vlan database Device(vlan)# vtp server Setting device to VTP SERVER mode. Device(vlan)# vtp domain Lab _Network Setting VTP domain name to Lab_Network Device(vlan)# vtp password WATER Setting device VLAN database password to WATER. Device(vlan)# exit APPLY completed. Exiting.... Device#
The following example shows how to configure the device as a VTP client:
Device# vlan database Device(vlan)# vtp client Setting device to VTP CLIENT mode. Device(vlan)# exit In CLIENT state, no apply attempted. Exiting.... Device#
The following example shows how to configure the device as VTP transparent:
Device# vlan database Device(vlan)# vtp transparent Setting device to VTP TRANSPARENT mode. Device(vlan)# exit APPLY completed. Exiting.... Device#
The following example shows how to configure VLAN port priority on an interface:
Device# configure terminal Device(config)# interface fastethernet 0/3/2 Device(config-if)# spanning-tree vlan 20 port priority 64 Device(config-if)# end
The following example shows how to verify the configuration of VLAN 20 on an interface when it is configured as a trunk port:
Device#show spanning-tree vlan 20
VLAN20 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 00ff.ff90.3f54
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32768, address 00ff.ff10.37b7
Root port is 33 (FastEthernet0/3/2), cost of root path is 19
Topology change flag not set, detected flag not set
Number of topology flags 0 last change occurred 00:05:50 ago
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 0
Port 33 (FastEthernet0/3/2) of VLAN20 is forwarding
Port path cost 18, Port priority 64, Port Identifier 64.33
Designated root has priority 32768, address 00ff.ff10.37b7
Designated bridge has priority 32768, address 00ff.ff10.37b7
Designated port id is 128.13, designated path cost 0
Timers: message age 2, forward delay 0, hold 0
Number of transitions to forwarding state: 1
BPDU: sent 1, received 175
The following example shows how to change the spanning tree port cost of a Fast Ethernet interface:
Device# configure terminal Device(config)# interface fastethernet0/3/2 Device(config-if)# spanning-tree cost 18 Device(config-if)# end Device# Device# show run interface fastethernet0/3/2 Building configuration... Current configuration: 140 bytes ! interface FastEthernet0/3/2 switchport access vlan 20 no ip address spanning-tree vlan 20 port-priority 64 spanning-tree cost 18 end
The following example shows how to verify the configuration of a Fast Ethernet interface when it is configured as an access port:
Device# show spanning-tree interface fastethernet0/3/2
Port 33 (FastEthernet0/3/2) of VLAN20 is forwarding
Port path cost 18, Port priority 64, Port Identifier 64.33
Designated root has priority 32768, address 00ff.ff10.37b7
Designated bridge has priority 32768, address 00ff.ff10.37b7
Designated port id is 128.13, designated path cost 0
Timers: message age 2, forward delay 0, hold 0
Number of transitions to forwarding state: 1
BPDU: sent 1, received 175
The following example shows how to enable spanning tree protocol on VLAN 20:
Device# configure terminal Device(config)# spanning-tree vlan 20 Device(config)# end Device#
Note |
Because spanning tree is enabled by default, the show running command will not display the command you entered to enable spanning tree protocol. |
The following example shows how to disable spanning tree protocol on VLAN 20:
Device# configure terminal Device(config)# no spanning-tree vlan 20 Device(config)# end Device#
The following example shows how to configure a static entry in the MAC address table:
Device(config)# mac-address-table static beef.beef.beef interface fastethernet 0/1/5 Device(config)# end
The following example shows how to configure the port security in the MAC address table.
Device(config)# mac-address-table secure 0000.1111.2222 fastethernet 0/1/2 vlan 3 Device(config)# end
The following example shows the output from configuring IGMP snooping:
Device# show mac-address-table multicast igmp-snooping HWIC Slot: 1 -------------- MACADDR VLANID INTERFACES 0100.5e05.0505 1 Fa0/1/1 0100.5e06.0606 2 HWIC Slot: 3 -------------- MACADDR VLANID INTERFACES 0100.5e05.0505 1 Fa0/3/4 0100.5e06.0606 2 Fa0/3/0 Device#
The following is an example of output from the show running interface privileged EXEC command for VLAN 1:
Device# show running interface vlan 1 Building configuration... Current configuration :82 bytes ! interface Vlan1 ip address 192.168.4.90 255.255.255.0 ip pim sparse-mode end Device# show running interface vlan 2 Building configuration... Current configuration :82 bytes ! interface Vlan2 ip address 192.168.5.90 255.255.255.0 ip pim sparse-mode end Device# Device# show ip igmp group IGMP Connected Group Membership Group Address Interface Uptime Expires Last Reporter 209.165.200.225 Vlan1 01:06:40 00:02:20 192.168.41.101 209.165.200.226 Vlan2 01:07:50 00:02:17 192.168.5.90 209.165.200.227 Vlan1 01:06:37 00:02:25 192.168.41.100 209.165.200.228 Vlan2 01:07:40 00:02:21 192.168.31.100 209.165.200.229 Vlan1 01:06:36 00:02:22 192.168.41.101 209.165.200.230 Vlan2 01:06:39 00:02:20 192.168.31.101 Device# Device# show ip mroute IP Multicast Routing Table Flags:D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT, M - MSDP created entry, X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement, U - URD, I - Received Source Specific Host Report Outgoing interface flags:H - Hardware switched Timers:Uptime/Expires Interface state:Interface, Next-Hop or VCD, State/Mode (*, 209.165.200.230), 01:06:43/00:02:17, RP 0.0.0.0, flags:DC Incoming interface:Null, RPF nbr 0.0.0.0 Outgoing interface list: Vlan1, Forward/Sparse, 01:06:43/00:02:17 (*, 209.165.200.226), 01:12:42/00:00:00, RP 0.0.0.0, flags:DCL Incoming interface:Null, RPF nbr 0.0.0.0 Outgoing interface list: Vlan2, Forward/Sparse, 01:07:53/00:02:14 (*, 209.165.200.227), 01:07:43/00:02:22, RP 0.0.0.0, flags:DC Incoming interface:Null, RPF nbr 0.0.0.0 Outgoing interface list: Vlan1, Forward/Sparse, 01:06:40/00:02:22 Vlan2, Forward/Sparse, 01:07:44/00:02:17
(*, 209.165.200.2282), 01:06:43/00:02:18, RP 0.0.0.0, flags:DC
Incoming interface:Null, RPF nbr 0.0.0.0 Outgoing interface list: Vlan1, Forward/Sparse, 01:06:40/00:02:18 Vlan2, Forward/Sparse, 01:06:43/00:02:16 Device#
The following example shows how to enable bandwidth-based multicast suppression at 70 percent on Fast Ethernet interface 2:
Device> enable Device# configure terminal Device(config)# interface FastEthernet0/3/3 Device(config-if)# storm-control multicast threshold 70.0 30.0 Device(config-if)# end Device# show interfaces FastEthernet0/3/3 counters storm-control Interface Filter State Upper Lower Current --------- ------------ ----- ----- ------- Fa0/1/0 inactive 100.00% 100.00% N/A Fa0/1/1 inactive 100.00% 100.00% N/A Fa0/1/2 inactive 100.00% 100.00% N/A Fa0/1/3 inactive 100.00% 100.00% N/A Fa0/3/0 inactive 100.00% 100.00% N/A Fa0/3/1 inactive 100.00% 100.00% N/A Fa0/3/2 inactive 100.00% 100.00% N/A Fa0/3/3 Forwarding 70.00% 30.00% 0.00% Fa0/3/4 inactive 100.00% 100.00% N/A Fa0/3/5 inactive 100.00% 100.00% N/A Fa0/3/6 inactive 100.00% 100.00% N/A Fa0/3/7 inactive 100.00% 100.00% N/A Fa0/3/8 inactive 100.00% 100.00% N/A
The following example shows how to configure separate subnets for voice and data on the EtherSwitch HWIC:
interface FastEthernet0/1/1 description DOT1Q port to IP Phone switchport native vlan 50 switchport mode trunk switchport voice vlan 150 interface Vlan 150 description voice vlan ip address 209.165.200.227 255.255.255.0 ip helper-address 209.165.200.228 (See Note below) interface Vlan 50 description data vlan ip address 209.165.200.220 255.255.255.0
This configuration instructs the IP phone to generate a packet with an 802.1Q VLAN ID of 150 that has 802.1p value of 5 (default for voice bearer traffic).
Note |
In a centralized CallManager deployment model, the DHCP server might be located across the WAN link. If so, an ip helper-address command pointing to the DHCP server should be included on the voice VLAN interface for the IP phone. This is done to obtain its IP address as well as the address of the TFTP server required for its configuration. |
Be aware that Cisco software supports a DHCP server function. If this function is used, the EtherSwitch HWIC serves as a local DHCP server and a helper address would not be required.
Configuring inter-VLAN routing is identical to the configuration on an EtherSwitch HWIC with an MSFC. Configuring an interface for WAN routing is consistent with other Cisco software platforms.
The following example provides a sample configuration:
interface Vlan 160 description voice vlan ip address 10.6.1.1 255.255.255.0 interface Vlan 60 description data vlan ip address 10.60.1.1 255.255.255.0 interface Serial0/3/0 ip address 172.3.1.2 255.255.255.0
Note |
Standard IGP routing protocols such as RIP, IGRP, EIGRP, and OSPF are supported on the EtherSwitch HWIC. Multicast routing is also supported for PIM dense mode, sparse mode and sparse-dense mode. |
The EtherSwitch HWIC supports the use of an 802.1p-only option when configuring the voice VLAN. Using this option allows the IP phone to tag VoIP packets with a Cost of Service of 5 on the native VLAN, while all PC data traffic is sent untagged
The following example shows a single subnet configuration for the EtherSwitch HWIC:
Device# FastEthernet 0/1/2
description Port to IP Phone in single subnet
switchport access vlan 40
The EtherSwitch HWIC instructs the IP phone to generate an 802.1Q frame with a null VLAN ID value but with an 802.1p value (default is COS of 5 for bearer traffic). The voice and data VLANs are both 40 in this example.
The following example illustrates the configuration for the IP phone:
interface FastEthernet0/x/x switchport voice vlan x switchport mode trunk
The following example illustrates the configuration for the PC:
interface FastEthernet0/x/y switchport mode access switchport access vlan y
Note |
Using a separate subnet, and possibly a separate IP address space, may not be an option for some small branch offices due to the IP routing configuration. If the IP routing can handle an additional subnet at the remote branch, you can use Cisco Network Registrar and secondary addressing. |
Related Topic |
Document Title |
---|---|
IP LAN switching commands: complete command syntax, command mode, defaults, usage guidelines, and examples |
|
Bridge-related commands; complete command syntax, command mode, defaults, usage guidelines, and examples |
Cisco IOS Bridge Command Reference |
Information about configuring Voice over IP features |
Cisco IOS Voice Configuration Library |
Voice over IP commands |
Cisco IOS Voice Command Reference |
Information about configuring IP routing |
Protocol-Independent Configuration Guide for the Cisco release you are using |
Information about intrachassis stacking configuration |
16- and 36-Port EtherSwitch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series module |
VLAN concepts |
"VLANs" section of the EtherSwitch Network Module |
Inline power for Cisco IP phones concepts |
"Inline Power for Cisco IP Phones" section of the EtherSwitch Network Module |
Layer 2 Ethernet switching concepts |
"Layer 2 EtherSwitching" section of the EtherSwitch Network Module |
802.1x authentication concepts |
"802.1x Authentication" section of the EtherSwitch Network Module |
Spanning tree protocol concepts |
"Using the Spanning Tree Protocol with the EtherSwitch Network Module" section of the EtherSwitch Network Module |
Cisco Discovery Protocol concepts |
"Cisco Discovery Protocol" section of the EtherSwitch Network Module |
Switched port analyzer concepts |
"Switched Port Analyzer" section of the EtherSwitch Network Module |
IGMP snooping concepts |
IGMP Snooping" section of the EtherSwitch Network Module |
Storm control concepts |
"Storm Control" section of the EtherSwitch Network Module |
Intrachassis stacking concepts |
'Intrachassis Stacking" section of the EtherSwitch Network Module |
Fallback bridging concepts |
"Fallback Bridging" section of the EtherSwitch Network Module |
Description |
Link |
---|---|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 3 | Feature Information for the 4-Port Cisco HWIC-4ESW and the 9-Port Cisco HWIC-D-9ESW EtherSwitch High Speed WAN Interface Cards |
Feature Name |
Releases |
Feature Information |
---|---|---|
4-port Cisco HWIC-4ESW and the 9-port Cisco HWIC-D-9ESW EtherSwitch high speed WAN interface cards (HWICs) hardware feature |
12.3(8)T4 |
The 4-port Cisco HWIC-4ESW and the 9-port Cisco HWIC-D-9ESW EtherSwitch high speed WAN interface cards (HWICs) hardware feature is supported on Cisco 1800 (modular), Cisco 2800, and Cisco 3800 series integrated services devices. Cisco EtherSwitch HWICs are 10/100BASE-T Layer 2 Ethernet devices with Layer 3 routing capability. (Layer 3 routing is forwarded to the host and is not actually performed at the device.) Traffic between different VLANs on a device is routed through the device platform. Any one port on a Cisco EtherSwitch HWIC may be configured as a stacking port to link to another Cisco EtherSwitch HWIC or EtherSwitch network module in the same system. An optional power module can also be added to provide inline power for IP telephones. The HWIC-D-9ESW HWIC requires a double-wide card slot. |
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.