Interface Types
This section describes the different types of interfaces supported by the switch with references to chapters that contain more detailed information about configuring these interface types. The rest of the chapter describes configuration procedures for physical interface characteristics.
Note The stack ports on the rear of the Catalyst 3750-X switch are not Ethernet ports and cannot be configured.
These sections describe the interface types:
Port-Based VLANs
A VLAN is a switched network that is logically segmented by function, team, or application, without regard to the physical location of the users. For more information about VLANs, see Chapter1, “Configuring VLANs” Packets received on a port are forwarded only to ports that belong to the same VLAN as the receiving port. Network devices in different VLANs cannot communicate with one another without a Layer 3 device to route traffic between the VLANs.
VLAN partitions provide hard firewalls for traffic in the VLAN, and each VLAN has its own MAC address table. A VLAN comes into existence when a local port is configured to be associated with the VLAN, when the VLAN Trunking Protocol (VTP) learns of its existence from a neighbor on a trunk, or when a user creates a VLAN. VLANs can be formed with ports across the stack.
To configure VLANs, use the
vlan
vlan-id
global configuration command to enter VLAN configuration mode. The VLAN configurations for normal-range VLANs (VLAN IDs 1 to 1005) are saved in the VLAN database. If VTP is version 1 or 2, to configure extended-range VLANs (VLAN IDs 1006 to 4094), you must first set VTP mode to transparent. Extended-range VLANs created in transparent mode are not added to the VLAN database but are saved in the switch running configuration. With VTP version 3, you can create extended-range VLANs in client or server mode. These VLANs are saved in the VLAN database.
In a switch stack, the VLAN database is downloaded to all switches in a stack, and all switches in the stack build the same VLAN database. The running configuration and the saved configuration are the same for all switches in a stack.
Add ports to a VLAN by using the
switchport
interface configuration commands:
-
Identify the interface.
-
For a trunk port, set trunk characteristics, and, if desired, define the VLANs to which it can belong.
-
For an access port, set and define the VLAN to which it belongs.
-
For a tunnel port, set and define the VLAN ID for the customer-specific VLAN tag. See Chapter1, “Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling”
Switch Ports
Switch ports are Layer 2-only interfaces associated with a physical port. Switch ports belong to one or more VLANs. A switch port can be an access port, a trunk port, or a tunnel port. You can configure a port as an access port or trunk port or let the Dynamic Trunking Protocol (DTP) operate on a per-port basis to set the switchport mode by negotiating with the port on the other end of the link. You must manually configure tunnel ports as part of an asymmetric link connected to an IEEE 802.1Q trunk port. Switch ports are used for managing the physical interface and associated Layer 2 protocols and do not handle routing or bridging.
Configure switch ports by using the
switchport
interface configuration commands. Use the
switchport
command with no keywords to put an interface that is in Layer 3 mode into Layer 2 mode.
Note When you put an interface that is in Layer 3 mode into Layer 2 mode, the previous configuration information related to the affected interface might be lost, and the interface is returned to its default configuration.
For detailed information about configuring access port and trunk port characteristics, see Chapter1, “Configuring VLANs” For more information about tunnel ports, see Chapter1, “Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling”
Access Ports
An access port belongs to and carries the traffic of only one VLAN (unless it is configured as a voice VLAN port). Traffic is received and sent in native formats with no VLAN tagging. Traffic arriving on an access port is assumed to belong to the VLAN assigned to the port. If an access port receives a tagged packet (Inter-Switch Link [ISL] or IEEE 802.1Q tagged), the packet is dropped, and the source address is not learned.
Two types of access ports are supported:
-
Static access ports are manually assigned to a VLAN (or through a RADIUS server for use with IEEE 802.1x. For more information, see the “802.1x Readiness Check” section.)
-
VLAN membership of dynamic access ports is learned through incoming packets. By default, a dynamic access port is not a member of any VLAN, and forwarding to and from the port is enabled only when the VLAN membership of the port is discovered. Dynamic access ports on the switch are assigned to a VLAN by a VLAN Membership Policy Server (VMPS). The VMPS can be a Catalyst 6500 series switch; the Catalyst 3750-X or 3560-X switch cannot be a VMPS server.
You can also configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and another VLAN for data traffic from a device attached to the phone. For more information about voice VLAN ports, see Chapter1, “Configuring Voice VLAN”
Trunk Ports
A trunk port carries the traffic of multiple VLANs and by default is a member of all VLANs in the VLAN database. These trunk port types are supported:
-
In an ISL trunk port, all received packets are expected to be encapsulated with an ISL header, and all transmitted packets are sent with an ISL header. Native (non-tagged) frames received from an ISL trunk port are dropped.
-
An IEEE 802.1Q trunk port supports simultaneous tagged and untagged traffic. An IEEE 802.1Q trunk port is assigned a default port VLAN ID (PVID), and all untagged traffic travels on the port default PVID. All untagged traffic and tagged traffic with a NULL VLAN ID are assumed to belong to the port default PVID. A packet with a VLAN ID equal to the outgoing port default PVID is sent untagged. All other traffic is sent with a VLAN tag.
Although by default, a trunk port is a member of every VLAN known to the VTP, you can limit VLAN membership by configuring an allowed list of VLANs for each trunk port. The list of allowed VLANs does not affect any other port but the associated trunk port. By default, all possible VLANs (VLAN ID 1 to 4094) are in the allowed list. A trunk port can become a member of a VLAN only if VTP knows of the VLAN and if the VLAN is in the enabled state. If VTP learns of a new, enabled VLAN and the VLAN is in the allowed list for a trunk port, the trunk port automatically becomes a member of that VLAN and traffic is forwarded to and from the trunk port for that VLAN. If VTP learns of a new, enabled VLAN that is not in the allowed list for a trunk port, the port does not become a member of the VLAN, and no traffic for the VLAN is forwarded to or from the port.
For more information about trunk ports, see Chapter1, “Configuring VLANs”
Tunnel Ports
Tunnel ports are used in IEEE 802.1Q tunneling to segregate the traffic of customers in a service-provider network from other customers who are using the same VLAN number. You configure an asymmetric link from a tunnel port on a service-provider edge switch to an IEEE 802.1Q trunk port on the customer switch. Packets entering the tu nnel port on the edge switch already are IEEE 802.1Q-tagged with the customer VLANs are encapsulated with another layer of an IEEE 802.1Q tag (called the metro tag), which contains a VLAN ID unique in the service-provider network for each customer. The double-tagged packets go through the service-provider network keeping the original customer VLANs separate from those of other customers. At the outbound interface, also a tunnel port, the metro tag is removed, and the original VLAN numbers from the customer network are retrieved.
Tunnel ports cannot be trunk ports or access ports and must belong to a VLAN unique to each customer.
For more information about tunnel ports, see Chapter1, “Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling”
Routed Ports
A routed port is a physical port that acts like a port on a router; it does not have to be connected to a router. A routed port is not associated with a particular VLAN, as is an access port. A routed port behaves like a regular router interface, except that it does not support VLAN subinterfaces. Routed ports can be configured with a Layer 3 routing protocol. A routed port is a Layer 3 interface only and does not support Layer 2 protocols, such as DTP and STP.
Note Routed ports are not supported on switches running the LAN Base feature set. However, starting with Cisco ICO release 12.2(58)SE, you can configure up to 16 static routes on SVIs.
Configure routed ports by putting the interface into Layer 3 mode with the
no switchport
interface configuration command. Then assign an IP address to the port, enable routing, and assign routing protocol characteristics by using the ip routing and router
protocol
global configuration
commands.
Note Entering a no switchport interface configuration command shuts down the interface and then reenables it, which might generate messages on the device to which the interface is connected. When you put an interface that is in Layer 2 mode into Layer 3 mode, the previous configuration information related to the affected interface might be lost.
The number of routed ports that you can configure is not limited by software. However, the interrelationship between this number and the number of other features being configured might impact CPU performance because of hardware limitations. See the “Configuring Layer 3 Interfaces” section for information about what happens when hardware resource limitations are reached.
For more information about IP unicast and multicast routing and routing protocols, see Chapter 1, “Configuring IP Unicast Routing” and Chapter1, “Configuring IP Multicast Routing”
Note The IP Base feature set supports static routing and the Routing Information Protocol (RIP). Starting with Cisco IOS Release 12.2(58)E, the LAN Base feature set supports 16 user-configured static routes on SVIs. For full Layer 3 routing or for fallback bridging, you must enable the IP Services feature set on the standalone switch, or the active switch.
Switch Virtual Interfaces
A switch virtual interface (SVI) represents a VLAN of switch ports as one interface to the routing or bridging function in the system. Only one SVI can be associated with a VLAN, but you need to configure an SVI for a VLAN only when you want to route between VLANs, to fallback-bridge nonroutable protocols between VLANs, or to provide IP host connectivity to the switch. By default, an SVI is created for the default VLAN (VLAN 1) to permit remote switch administration. Additional SVIs must be explicitly configured.
Note You cannot delete interface VLAN 1.
SVIs provide IP host connectivity only to the system; in Layer 3 mode, you can configure routing across SVIs.
Although the switch stack or switch supports a total of 1005 VLANs and SVIs (255 if the switch is running the LAN Base feature set), the interrelationship between the number of SVIs and routed ports and the number of other features being configured might impact CPU performance because of hardware limitations. See the “Configuring Layer 3 Interfaces” section for information about what happens when hardware resource limitations are reached.
SVIs are created the first time that you enter the vlan interface configuration command for a VLAN interface. The VLAN corresponds to the VLAN tag associated with data frames on an ISL or IEEE 802.1Q encapsulated trunk or the VLAN ID configured for an access port. Configure a VLAN interface for each VLAN for which you want to route traffic, and assign it an IP address. For more information, see the “Manually Assigning IP Information” section.
Note When you create an SVI, it does not become active until it is associated with a physical port.
SVIs support routing protocols and bridging configurations. For more information about configuring IP routing, see “Configuring IP Unicast Routing,” “Configuring IP Multicast Routing,”and Chapter1, “Configuring Fallback Bridging”
Note The LAN Base feature set supports only static routing on SVIs. The IP Base feature set supports static routing and RIP. For more advanced routing or for fallback bridging, enable the IP Services feature set on the standalone switch or the active switch. For information about using the software activation feature to install a software license for a specific feature set, see the Cisco IOS Software Activation document.
SVI Autostate Exclude
The line state of an SVI with multiple ports on a VLAN is in the
up
state when it meets these conditions:
-
The VLAN exists and is active in the VLAN database on the switch.
-
The VLAN interface exists and is not administratively down.
-
At least one Layer 2 (access or trunk) port exists, has a link in the
up
state on this VLAN, and is in the spanning-tree forwarding state on the VLAN.
Note The protocol link state for VLAN interfaces comes up when the first switch port belonging to the corresponding VLAN link comes up and is in STP forwarding state.
The default action, when a VLAN has multiple ports, is that the SVI goes down when all ports in the VLAN go down. You can use the SVI autostate exclude feature to configure a port so that it is not included in the SVI line-state up-an- down calculation. For example, if the only active port on the VLAN is a monitoring port, you might configure autostate exclude on that port so that the VLAN goes down when all other ports go down. When enabled on a port,
autostate exclude
applies to all VLANs that are enabled on that port.
The VLAN interface is brought up when one Layer 2 port in the VLAN has had time to converge (transition from STP listening-learning state to forwarding state). This prevents features such as routing protocols from using the VLAN interface as if it were fully operational and minimizes other problems, such as routing black holes. For information about configuring autostate exclude, see the “Configuring SVI Autostate Exclude” section.
EtherChannel Port Groups
EtherChannel port groups consider multiple switch ports to be one switch port. These port groups act as a single logical port for high-bandwidth connections between switches or between switches and servers. An EtherChannel balances the traffic load across the links in the channel. If a link within the EtherChannel fails, traffic previously carried over the failed link changes to the remaining links. You can group multiple trunk ports into one logical trunk port, group multiple access ports into one logical access port, group multiple tunnel ports into one logical tunnel port, or group multiple routed ports into one logical routed port. Most protocols operate over either single ports or aggregated switch ports and do not recognize the physical ports within the port group. Exceptions are the DTP, the Cisco Discovery Protocol (CDP), and the Port Aggregation Protocol (PAgP), which operate only on physical ports.
When you configure an EtherChannel, you create a port-channel logical interface and assign an interface to the EtherChannel. For Layer 3 interfaces, you manually create the logical interface by using the
interface port-channel
global configuration command. Then you manually assign an interface to the EtherChannel by using the
channel-group
interface configuration command. For Layer 2 interfaces, use the
channel-group
interface configuration command to dynamically create the port-channel logical interface. This command binds the physical and logical ports together. For more information, see Chapter1, “Configuring EtherChannels and Link-State Tracking”
10-Gigabit Ethernet Interfaces
The Catalyst 3750-X and 3560-X switches have a network module slot into which you can insert a 10-Gigabit Ethernet network module, a 1-Gigabit Ethernet network module, or a blank module.
A 10-Gigabit Ethernet interface operates only in full-duplex mode. The interface can be configured as a switched or routed port.
For more information about the Cisco TwinGig Converter Module, see the switch hardware installation guide and your transceiver module documentation.
Power over Ethernet Ports
A PoE-capable switch port automatically supplies power to one of these connected devices if the switch senses that there is no power on the circuit:
-
Cisco pre-standard powered device (such as a Cisco IP Phone or a Cisco Aironet Access Point)
-
IEEE 802.3af-compliant powered device
-
IEEE 802.3at-compliant powered device
A powered device can receive redundant power when it is connected to a PoE switch port and to an AC power source. The device does not receive redundant power when it is only connected to the PoE port.
After the switch detects a powered device, the switch determines the device power requirements and then grants or denies power to the device. The switch can also sense the real-time power consumption of the device by monitoring and policing the power usage.
This section has this PoE information:
Supported Protocols and Standards
The switch uses these protocols and standards to support PoE:
-
CDP with power consumption—The powered device notifies the switch of the amount of power it is consuming. The switch does not reply to the power-consumption messages. The switch can only supply power to or remove power from the PoE port.
-
Cisco intelligent power management—The powered device and the switch negotiate through power-negotiation CDP messages for an agreed-upon power-consumption level. The negotiation allows a high-power Cisco powered device, which consumes more than 7 W, to operate at its highest power mode. The powered device first boots up in low-power mode, consumes less than 7 W, and negotiates to obtain enough power to operate in high-power mode. The device changes to high-power mode only when it receives confirmation from the switch.
High-power devices can operate in low-power mode on switches that do not support power-negotiation CDP.
Cisco intelligent power management is backward-compatible with CDP with power consumption; the switch responds according to the CDP message that it receives. CDP is not supported on third-party powered devices; therefore, the switch uses the IEEE classification to determine the power usage of the device.
-
IEEE 802.3af—The major features of this standard are powered-device discovery, power administration, disconnect detection, and optional powered-device power classification. For more information, see the standard.
-
IEEE 802.3at—The PoE+ standard increases the maximum power that can be drawn by a powered device from 15.4 W per port to 30 W per port. The UPoE feature provides the capability to source up to 60 W of power (2 x 30 W) over both signal and spare pairs of the RJ-45 Ethernet cable by using the Layer-2 power negotiation protocols such as CDP or LLDP. An LLDP and CDP request of 30 W and higher in presence of the 4-wire Power-via-MDI TLV can provide power on the spare pair. For more information about UPoE, see Universal Power Over Ethernet.
Powered-Device Detection and Initial Power Allocation
The switch detects a Cisco prestandard or an IEEE-compliant powered device when the PoE-capable port is in the no-shutdown state, PoE is enabled (the default), and the connected device is not being powered by an AC adapter.
After device detection, the switch determines the device power requirements based on its type:
-
A Cisco prestandard powered device does not provide its power requirement when the switch detects it, so the switch allocates 15.4 W as the initial allocation for power budgeting.
The initial power allocation is the maximum amount of power that a powered device requires. The switch initially allocates this amount of power when it detects and powers the powered device. As the switch receives CDP messages from the powered device and as the powered device negotiates power levels with the switch through CDP power-negotiation messages, the initial power allocation might be adjusted.
-
The switch classifies the detected IEEE device within a power consumption class. Based on the available power in the power budget, the switch determines if a port can be powered.
Table 1-1
lists these levels.
Table 1-1 IEEE Power Classifications
|
Maximum Power Level Required from the Switch
|
0 (class status unknown)
|
15.4 W
|
1
|
4 W
|
2
|
7 W
|
3
|
15.4 W
|
4
|
30 W (For IEEE 802.3at Type 2 powered devices)
|
The switch monitors and tracks requests for power and grants power only when it is available. The switch tracks its power budget (the amount of power available on the switch for PoE). The switch performs power-accounting calculations when a port is granted or denied power to keep the power budget up to date.
After power is applied to the port, the switch uses CDP to determine the
CDP-specific
power consumption requirement of the connected Cisco powered devices, which is the amount of power to allocate based on the CDP messages. The switch adjusts the power budget accordingly. This does not apply to third-party PoE devices. The switch processes a request and either grants or denies power. If the request is granted, the switch updates the power budget. If the request is denied, the switch ensures that power to the port is turned off, generates a syslog message, and updates the LEDs. Powered devices can also negotiate with the switch for more power.
With PoE+, powered devices use IEEE 802.3at and LLDP power with media dependent interface (MDI) type, length, and value descriptions (TLVs), and Power-via-MDA TLVs, for negotiating power up to 30 W. Cisco prestandard devices and Cisco IEEE powered devices can use CDP or the IEEE 802.3at power-via-MDI power negotiation mechanism to request power levels up to 30 W.
Note The initial allocation for Class 0, Class 3, and Class 4 powered devices is 15.4 W. When a device starts up and uses CDP or LLDP to send a request for more than 15.4 W, it can be allocated up to the maximum of 30 W.
Note The CDP-specific power consumption requirement is referred to as the actual power consumption requirement in the Catalyst 3750 and 3560 software configuration guides and command references.
If the switch detects a fault caused by an undervoltage, overvoltage, overtemperature, oscillator-fault, or short-circuit condition, it turns off power to the port, generates a syslog message, and updates the power budget and LEDs.
The Catalyst 3750-X stackable switch also supports StackPower, which allows the power supplies to share the load across multiple systems in a stack when you connect the switches with power stack cables. You can manage the power supplies of up to four stack members as a one large power supply For more information about StackPower, see Chapter1, “Configuring Catalyst 3750-X StackPower”
Power Management Modes
The switch supports these PoE modes:
-
auto
—The switch automatically detects if the connected device requires power. If the switch discovers a powered device connected to the port and if the switch has enough power, it grants power, updates the power budget, turns on power to the port on a first-come, first-served basis, and updates the LEDs. For LED information, see the hardware installation guide.
If the switch has enough power for all the powered devices, they all come up. If enough power is available for all powered devices connected to the switch, power is turned on to all devices. If there is not enough available PoE, or if a device is disconnected and reconnected while other devices are waiting for power, it cannot be determined which devices are granted or are denied power.
If granting power would exceed the system power budget, the switch denies power, ensures that power to the port is turned off, generates a syslog message, and updates the LEDs. After power has been denied, the switch periodically rechecks the power budget and continues to attempt to grant the request for power.
If a device being powered by the switch is then connected to wall power, the switch might continue to power the device. The switch might continue to report that it is still powering the device whether the device is being powered by the switch or receiving power from an AC power source.
If a powered device is removed, the switch automatically detects the disconnect and removes power from the port. You can connect a nonpowered device without damaging it.
You can specify the maximum wattage that is allowed on the port. If the IEEE class maximum wattage of the powered device is greater than the configured maximum value, the switch does not provide power to the port. If the switch powers a powered device, but the powered device later requests through CDP messages more than the configured maximum value, the switch removes power to the port. The power that was allocated to the powered device is reclaimed into the global power budget. If you do not specify a wattage, the switch delivers the maximum value. Use the
auto
setting on any PoE port. The auto mode is the default setting.
-
static
—The switch pre-allocates power to the port (even when no powered device is connected) and guarantees that power will be available for the port. The switch allocates the port configured maximum wattage, and the amount is never adjusted through the IEEE class or by CDP messages from the powered device. Because power is pre-allocated, any powered device that uses less than or equal to the maximum wattage is guaranteed to be powered when it is connected to the static port. The port no longer participates in the first-come, first-served model.
However, if the powered-device IEEE class is greater than the maximum wattage, the switch does not supply power to it. If the switch learns through CDP messages that the powered device needs more than the maximum wattage, the switch shuts down the powered device.
If you do not specify a wattage, the switch pre-allocates the maximum value. The switch powers the port only if it discovers a powered device. Use the
static
setting on a high-priority interface.
-
never
—The switch disables powered-device detection and never powers the PoE port even if an unpowered device is connected. Use this mode only when you want to make sure that power is never applied to a PoE-capable port, making the port a data-only port.
For information on configuring a PoE port, see the “Configuring a Power Management Mode on a PoE Port” section.
Power Monitoring and Power Policing
When policing of the real-time power consumption is enabled, the switch takes action when a powered device consumes more power than the maximum amount allocated, also referred to as the
cutoff-power value
.
When PoE is enabled, the switch senses the real-time power consumption of the powered device. The switch monitors the real-time power consumption of the connected powered device; this is called
power monitoring
or
power sensing
. The switch also polices the power usage with the
power policing
feature.
Power monitoring is backward-compatible with Cisco intelligent power management and CDP-based power consumption. It works with these features to ensure that the PoE port can supply power to the powered device. For more information about these PoE features, see the “Supported Protocols and Standards” section.
The switch senses the real-time power consumption of the connected device as follows:
1. The switch monitors the real-time power consumption on individual ports.
2. The switch records the power consumption, including peak power usage. The switch reports the information through the CISCO-POWER-ETHERNET-EXT-MIB.
3. If power policing is enabled, the switch polices power usage by comparing the real-time power consumption to the maximum power allocated to the device. For more information about the maximum power consumption, also referred to as the
cutoff power
, on a PoE port, see the
“Maximum Power Allocation (Cutoff Power) on a PoE Port” section.
If the device uses more than the maximum power allocation on the port, the switch can either turn off power to the port, or the switch can generate a syslog message and update the LEDs (the port LED is now blinking amber) while still providing power to the device based on the switch configuration. By default, power-usage policing is disabled on all PoE ports.
If error recovery from the PoE error-disabled state is enabled, the switch automatically takes the PoE port out of the error-disabled state after the specified amount of time.
If error recovery is disabled, you can manually re-enable the PoE port by using the
shutdown
and
no shutdown
interface configuration commands.
4. If policing is disabled, no action occurs when the powered device consumes more than the maximum power allocation on the PoE port, which could adversely affect the switch.
Maximum Power Allocation (Cutoff Power) on a PoE Port
When power policing is enabled, the switch determines one of these values as the cutoff power on the PoE port in this order:
1. Manually when you set the user-defined power level that the switch budgets for the port by using the
power inline consumption default
wattage
global or interface configuration command
2. Manually when you set the user-defined power level that limits the power allowed on the port by using the
power inline auto max
max-wattage
or the
power inline static max
max-wattage
interface configuration command
3. Automatically when the switch sets the power usage of the device by using CDP power negotiation or by the IEEE classification and LLDP power negotiation.
Use the first or second method in the previous list to manually configure the cutoff-power value by entering the
power inline consumption default
wattage
or the
power inline
[
auto
|
static max
]
max-wattage
command. If you do not manually configure the cutoff-power value, the switch automatically determines it by using CDP power negotiation or the device IEEE classification and LLDP power negotiation. If CDP or LLDP are not enabled, the default value of 30 W is applied. However, without CDP or LLDP, the switch does not allow devices to consume more than 15.4 W of power because values from 15400 to 30000 mW are only allocated based on CDP or LLDP requests. If a powered device consumes more than 15.4 W without CDP or LLDP negotiation, the device might be in violation of the maximum current (
Imax
) limitation and might experience an
Icut
fault for drawing more current than the maximum. The port remains in the fault state for a time before attempting to power on again. If the port continuously draws more than 15.4 W, the cycle repeats.
Note When a powered device connected to a PoE+ port restarts and sends a CDP or LLDP packet with a power TLV, the switch locks to the power-negotiation protocol of that first packet and does not respond to power requests from the other protocol. For example, if the switch is locked to CDP, it does not provide power to devices that send LLDP requests. If CDP is disabled after the switch has locked on it, the switch does not respond to LLDP power requests and can no longer power on any accessories. In this case, you should restart the powered device.
Power Consumption Values
You can configure the initial power allocation and the maximum power allocation on a port. However, these values are only the configured values that determine when the switch should turn on or turn off power on the PoE port. The maximum power allocation is not the same as the actual power consumption of the powered device. The actual cutoff power value that the switch uses for power policing is not equal to the configured power value.
When power policing is enabled, the switch polices the power usage
at the switch port
, which is greater than the power consumption of the device. When you are manually set the maximum power allocation, you must consider the power loss over the cable from the switch port to the powered device. The cutoff power is the sum of the rated power consumption of the powered device and the worst-case power loss over the cable.
The actual amount of power consumed by a powered device on a PoE port is the cutoff-power value plus a calibration factor of 500 mW (0.5 W). The actual cutoff value is approximate and varies from the configured value by a percentage of the configured value. For example, if the configured cutoff power is 12 W, the actual cutoff-value is 11.4 W, which is 0.05% less than the configured value.
We recommend that you enable power policing when PoE is enabled on your switch. For example, if policing is disabled and you set the cutoff-power value by using the
power inline auto max 6300
interface configuration command, the configured maximum power allocation on the PoE port is 6.3 W (6300 mW). The switch provides power to the connected devices on the port if the device needs up to 6.3 W. If the CDP-power negotiated value or the IEEE classification value exceeds the configured cutoff value, the switch does not provide power to the connected device. After the switch turns on power on the PoE port, the switch does not police the real-time power consumption of the device, and the device can consume more power than the maximum allocated amount, which could adversely affect the switch and the devices connected to the other PoE ports.
Because a standalone switch supports internal power supplies, the total amount of power available for the powered devices varies depending on the power supply configuration.
-
If a power supply is removed and replaced by a new power supply with less power and the switch does not have enough power for the powered devices, the switch denies power to the PoE ports in auto mode in descending order of the port numbers. If the switch still does not have enough power, the switch then denies power to the PoE ports in static mode in descending order of the port numbers.
-
If the new power supply supports more power than the previous one and the switch now has more power available, the switch grants power to the PoE ports in static mode in ascending order of the port numbers. If it still has power available, the switch then grants power to the PoE ports in auto mode in ascending order of the port numbers.
The Catalyst 3750-X stackable switch also supports StackPower, which allows power supplies to share the load across multiple systems in a stack by connecting the switches with power stack cables. You can collectively manage the power supplies of up to four stack members as a one large power supply For more information about StackPower, see Chapter1, “Configuring Catalyst 3750-X StackPower”
Universal Power Over Ethernet
Note This feature is available on switches running Cisco IOS Release 15.0(2)SE2 and higher.
Universal Power over Ethernet (UPoE) is a Cisco proprietary technology that extends the IEEE 802.at PoE standard to provide the capability to source up to 60 W of power over standard Ethernet cabling infrastructure (Class D or better). The 3K-X UPoE capabilities provide up to 60 W using the spare pair of an RJ-45 cable (wires 4,5,7,8) with the signal pair (wires 1,2,3,6). Power on the spare pair is enabled when the switch port and enddevice mutually identify themselves as Universal PoE (UPoE)-capable using CDP or LLDP and the enddevice requests for power to be enabled on the spare pair. When the spare pair is powered, the enddevice can negotiate up to 60 W of power from the switch using CDP or LLDP.
Enabling Power on Signal/Spare Pairs
If the enddevice is PoE-capable on both signal and spare pairs but does not support the CDP or LLDP extensions required for UPoE, a 4-pair forced mode configuration automatically enables power on both signal and spare pairs from the switch port.
To enable the power on the pairs, follow these steps:
|
|
|
Step 1
|
interface terminal
|
Changes the mode to global configuration.
|
Step 2
|
interface
{
fastethernet
|
gigabitethernet
} slot/port
|
Selects the interface to configure.
|
Step 3
|
[no] power inline four-pair forced
|
Automatically enables or disables power on both signal and spare pairs from a switch port.
|
Step 4
|
end
|
Exits configuration mode.
|
The following example shows how to automatically enable power on both signal and spare pairs from switch port Gigabit Ethernet 2/1:
Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface gigabitethernet 2/1 Switch(config-if)# power inline four-pair forced
Do not enter this command if the enddevice cannot source inline power on the spare pair or if the enddevice supports the CDP or LLDP extensions for UPoE.
Configuring Power Consumption for Powered Devices on an Interface
When the switch detects a powered device on an interface, it provides the default power to the device. When the switch receives a CDP packet from the powered device, the power is automatically negotiated to a wattage required by the device. Normally, this automatic negotiation works well, and no further configuration is required or recommended. However, you can specify the powered device's consumption for a particular interface to provide extra functionality from your switch. This operation is useful when CDP is disabled or not available.
To change the power consumption of a single powered device, follow these steps:
|
|
|
Step 1
|
interface
{
fastethernet
|
gigabitethernet
} slot/port
|
Selects the interface to configure.
|
Step 2
|
[no] power inline
consumption
milli-watts
|
Sets the PoE consumption (in milliwatts) of the powered device connected to a specific interface. The power consumption can range from 4000 to 60000.
To reenable the automatic adjustment of consumption, use the no keyword.
|
Step 3
|
end
|
Exits configuration mode.
|
Step 4
|
show power inline consumption
{
fastethernet
|
gigabitethernet
} slot/port
|
Displays the PoE consumption for the interface.
|
At a given time, you can use only one of the power negotiation protocols between CDP and LLDP. The following examples show how to enable or disable the power negotiation protocols:
Switch(config)# [no] lldp run Switch(config)# [no] cdp run
Note The Power Device(PD) and Power Source Equipment (PSE) should run the same power negotiation protocol to negotiate power.
Network Module Interfaces
The uplink ports on the 10-Gigabit service module and on the 10-Gigabit Ethernet network module are labeled
Te1/Gi2
and
Te2/Gi4
. These ports can operate at either 1 Gigabit per second or 10 Gigabits per second. They are identified in software as
gigabitethernet x/1/2
and
x/1/4
and
tengigabitethernet x/1/1
and
x/1/2
, with
x
being the switch number on Catalyst 3750-X stacks. The Catalyst 3560-X switch port numbers are the same, with no switch number.
Network Services Module
The Catalyst 3750-X and 3560-X Network Services Module (C3KX-SM-10G) uplink slots support either 1-Gigabit SFP modules or 10-Gigabit SFP+ modules. See the
Installation Notes for the Catalyst 3750-X and 3560-X Network Modules
for more details.
When you install a network services module in a Catalyst 3560-X or 3750-X switch, you can configure the 1-Gigabit and 10-Gigabit Ethernet uplink ports for the same features as any other ports in the switch. The network services module uplink ports also support Flexible NetFlow and switch-to-switch MACsec uplink encryption (link layer security).
10-Gigabit Ethernet Network Module
The C3KX-NM-10GT 10-Gigabit Ethernet Network Module has two 10-Gigabit Ethernet copper ports that can operate at either 1 Gigabit per second or 10 Gigabits per second. To configure the port speed to 1 Gigabit per second, use the
hw-module switch
global configuration command. See the command reference for command syntax description.
Note 10 Mb/s and 100 Mb/s speeds are not supported on this module.
Connecting Interfaces
Devices within a single VLAN can communicate directly through any switch. Ports in different VLANs cannot exchange data without going through a routing device. With a standard Layer 2 switch, ports in different VLANs have to exchange information through a router. By using the switch with routing enabled, when you configure both VLAN 20 and VLAN 30 with an SVI to which an IP address is assigned, packets can be sent from Host A to Host B directly through the switch with no need for an external router (Figure 1-1).
Figure 1-1 Connecting VLANs with the 3750-X or 3560-X Switch
When the IP services feature set is running on the switch or the active switch, the switch uses two methods to forward traffic between interfaces: routing and fallback bridging. If the IP base feature set is on the switch or the active switch, only basic routing (static routing and RIP) is supported. Whenever possible, to maintain high performance, forwarding is done by the switch hardware. However, only IPv4 packets with Ethernet II encapsulation are routed in hardware. Non-IP traffic and traffic with other encapsulation methods are fallback-bridged by hardware.
-
The routing function can be enabled on all SVIs and routed ports. The switch routes only IP traffic. When IP routing protocol parameters and address configuration are added to an SVI or routed port, any IP traffic received from these ports is routed. For more information, see “Configuring IP Unicast Routing,” “Configuring IP Multicast Routing,” and Chapter1, “Configuring MSDP”
-
Fallback bridging forwards traffic that the switch does not route or traffic belonging to a nonroutable protocol, such as DECnet. Fallback bridging connects multiple VLANs into one bridge domain by bridging between two or more SVIs or routed ports. When configuring fallback bridging, you assign SVIs or routed ports to bridge groups with each SVI or routed port assigned to only one bridge group. All interfaces in the same group belong to the same bridge domain. For more information, see Chapter1, “Configuring Fallback Bridging”
Note Switches running the LAN Base feature set support configuring only 16 static routes on SVIs. Fallback bridging is not supported on the LAN Base feature set.
Using the Switch USB Ports
USB Mini-Type B Console Port
The switch has two console ports available: a USB mini-Type B console connection and an RJ-45 console port. Console
output
appears on devices connected to both ports, but console
input
is active on only one port at a time. The USB connector takes precedence over the RJ-45 connector.
Note Windows PCs require a driver for the USB port. See the hardware installation guide for driver installation instructions.
Use the supplied USB Type A-to-USB mini-Type B cable to connect a PC or other device to the switch. The connected device must include a terminal emulation application. When the switch detects a valid USB connection to a powered-on device that supports host functionality (such as a PC), input from the RJ-45 console is immediately disabled, and input from the USB console is enabled. Removing the USB connection immediately reenables input from the RJ-45 console connection. An LED on the switch shows which console connection is in use.
Console Port Change Logs
At software startup, a log shows whether the USB or the RJ-45 console is active. Each switch in a stack issues this log. Every switch always first displays the RJ-45 media type.
In the sample output, switch 1 has a connected USB console cable. Because the bootloader did not change to the USB console, the first log from switch 1 shows the RJ-45 console. A short time later, the console changes and the USB console log appears. Switch 2 and switch 3 have connected RJ-45 console cables.
*Mar 1 00:01:00.171: %USB_CONSOLE-6-MEDIA_RJ45: Console media-type is RJ45. *Mar 1 00:01:00.431: %USB_CONSOLE-6-MEDIA_USB: Console media-type is USB. *Mar 1 00:01:09.835: %USB_CONSOLE-6-MEDIA_RJ45: Console media-type is RJ45. *Mar 1 00:01:10.523: %USB_CONSOLE-6-MEDIA_RJ45: Console media-type is RJ45.
When the USB cable is removed or the PC de-activates the USB connection, the hardware automatically changes to the RJ-45 console interface:
Mar 1 00:20:48.635: %USB_CONSOLE-6-MEDIA_RJ45: Console media-type is RJ45.
You can configure the console type to always be RJ-45, and you can configure an inactivity timeout for the USB connector.
Configuring the Console Media Type
If you configure the RJ-45 console, USB console operation is disabled, and input always remains with the RJ-45 console.This configuration is global and applies to all switches in a stack.
To select the RJ-45 console media type, follow these steps beginning in privileged EXEC mode:
|
|
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
line console 0
|
Configures the console. Enter line configuration mode.
|
Step 3
|
media-type
rj45
|
Configures the console media type to always be RJ-45. If you do not enter this command and both types are connected, the default is USB.
|
Step 4
|
end
|
Returns to privileged EXEC mode.
|
Step 5
|
show running-configuration
|
Verifies your setting.
|
Step 6
|
copy running-config startup-config
|
(Optional) Saves your entries in the configuration file.
|
This example disables the USB console media type and enables the RJ-45 console media type:
Switch# configure terminal Switch(config)# line console 0 Switch(config-line)# media-type rj45
This configuration immediately terminates any active USB consoles in the stack. A log shows that this termination has occurred. This sample log shows that the console on switch 1 reverted to RJ-45.
*Mar 1 00:25:36.860: %USB_CONSOLE-6-CONFIG_DISABLE: Console media-type USB disabled by system configuration, media-type reverted to RJ45.
At this point no switches in the stack allow a USB console to have input. A log entry shows when a console cable is attached. If a USB console cable is connected to switch 2, it is prevented from providing input.
*Mar 1 00:34:27.498: %USB_CONSOLE-6-CONFIG_DISALLOW: Console media-type USB is disallowed by system configuration, media-type remains RJ45. (switch-stk-2)
This example reverses the previous configuration and immediately activates any USB console that is connected.
Switch# configure terminal Switch(config)# line console 0 Switch(config-line)# no media-type rj45
Configuring the USB Inactivity Timeout
The configurable inactivity timeout reactivates the RJ-45 console if the USB console is activated but no input activity occurs on it for a specified time period. When the USB console is deactivated due to a timeout, you can restore its operation by disconnecting and reconnecting the USB cable.
Note The configured inactivity timeout applies to all switches in a stack. However, a timeout on one switch does not cause a timeout on other switches in the stack.
To configure an inactivity timeout, follow these steps beginning in privileged EXEC mode:
|
|
|
Step 1
|
configure terminal
|
Enter global configuration mode.
|
Step 2
|
line console 0
|
Configure the console port. Enter console line configuration mode.
|
Step 3
|
usb-inactivity-timeout
timeout-minutes
|
Specify an inactivity timeout for the console port. The range is 1 to 240 minutes. The default is no timeout.
|
Step 4
|
show running-configuration
|
Verify your setting.
|
Step 5
|
copy running-config startup-config
|
(Optional) Save your entries in the configuration file.
|
This example configures the inactivity timeout to 30 minutes:
Switch# configure terminal Switch(config)# line console 0 Switch(config-line)# usb-inactivity-timeout 30
To disable the configuration, use these commands:
Switch(config)# line console 0 Switch(config-line)# no usb-inactivity-timeout
If there is no (input) activity on a USB console for the configured number of minutes, the console reverts to RJ-45, and a log shows this occurrence:
*Mar 1 00:47:25.625: %USB_CONSOLE-6-INACTIVITY_DISABLE: Console media-type USB disabled due to inactivity, media-type reverted to RJ45.
At this point, the only way to reactivate the USB console is to disconnect and reconnect the cable.
When the USB cable on the switch has been disconnected and reconnected, a log similar to this appears:
*Mar 1 00:48:28.640: %USB_CONSOLE-6-MEDIA_USB: Console media-type is USB.
USB Type A Port
The USB Type A port provides access to external Cisco USB flash devices, also known as thumb drives or USB keys. The switch supports Cisco 64 MB, 256 MB, 512 MB, and 1 GB flash drives. You can use standard Cisco IOS command- line interface (CLI) commands to read, write, erase, and copy to or from the flash device. You can also configure the switch to boot from the USB flash drive.
Booting from the USB Flash Device
To allow booting from the USB flash device, follow these steps beginning in privileged EXEC mode:
|
|
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
boot system flash usbflash0:
image
|
Configures the switch to boot from the USB flash device. The
image
is the name of the bootable image.
|
Step 3
|
show running-configuration
|
Verifies your setting.
|
Step 4
|
copy running-config startup-config
|
(Optional) Saves your entries in the configuration file.
|
To get information about the USB device, use the
show usb
{
controllers
|
device
|
driver
|
port
|
tree
} privileged EXEC command.
This example configures the switch to boot from the Catalyst 3750-X flash device. The image is the Catalyst 3750-X universal image.
Switch# configure terminal Switch(config)# boot system flash usbflash0: c3750x-universal-mz
To disable booting from flash, enter the
no
form of the command.
This is sample output from the
show usb device
command:
Description: STEC USB 1GB Serial Number: STI 3D508232204731 USB Version Compliance: 2.0 Max. Packet Size of Endpoint Zero: 64 Number of Configurations: 1 Selected Configuration: 1 Transfer Direction: Device to Host Transfer Direction: Host to Device
This is sample output from the
show usb port
command:
Connection State: Connected
Using Interface Configuration Mode
The switch supports these interface types:
-
Physical ports—Switch ports and routed ports
-
VLANs—Switch virtual interfaces
-
Port channels—EtherChannel interfaces
You can also configure a range of interfaces (see the “Configuring a Range of Interfaces” section).
To configure a physical interface (port), specify the interface type, stack member number (only Catalyst 3750-X switches), module number, and switch port number, and enter interface configuration mode.
-
Type
—
Gigabit Ethernet (gigabitethernet or gi) for 10/100/1000 Mb/s Ethernet ports, 10-Gigabit Ethernet (tengigabitethernet or te) for 10,000 Mb/s, or small form-factor pluggable (SFP) module Gigabit Ethernet interfaces (gigabitethernet or gi).
-
Stack member number
—The number that identifies the switch within the stack. The switch number range is 1 to 9 and is assigned the first time the switch initializes. The default switch number, before it is integrated into a switch stack, is 1. When a switch has been assigned a stack member number, it keeps that number until another is assigned to it.
You can use the switch port LEDs in Stack mode to identify the stack member number of a switch.
For information about stack member numbers, see the “Stack Member Numbers” section.
-
Module number
—
The module or slot number on the switch that is always 0.
-
Port number—The interface number on the switch. The 10/100/1000 port numbers always begin at 1, starting with the far left port when facing the front of the switch, for example, gigabitethernet1/0/1 or gigabitethernet1/0/8.
On a switch with 10/100/1000 ports and Cisco TwinGig Converter Modules in the 10-Gigabit Ethernet module slots, the port numbers restart with the 10-Gigabit Ethernet ports: tengigabitethernet1/0/1.
On a switch with 10/100/1000 ports and Cisco dual SFP X2 converter modules in the 10-Gigabit Ethernet module slots, the SFP module ports are numbered consecutively following the 10/100/1000 interfaces. For example, if the switch has 24 10/100/1000 ports, the SFP module ports are gigabitethernet1/0/25 through gigabitethernet1/0/28.
You can identify physical interfaces by physically checking the interface location on the switch. You can also use the
show
privileged EXEC commands to display information about a specific interface or all the interfaces on the switch. The remainder of this chapter primarily provides physical interface configuration procedures.
These are examples of how to identify interfaces on a 3750-X switch:
-
To configure 10/100/1000 port 4 on a standalone switch, enter this command:
Switch(config)# interface gigabitethernet1/0/4
-
To configure 10-Gigabit Ethernet port 1 on a standalone switch, enter this command:
Switch(config)# interface tengigabitethernet1/0/1
-
To configure 10-Gigabit Ethernet port on stack member 3, enter this command:
Switch(config)# interface tengigabitethernet3/0/1
If the switch has SFP modules, the port numbers continue consecutively. To configure the first SFP module port on stack member 1 with 16 10/100/1000 ports, enter this command:
Switch(config)# interface gigabitethernet1/0/25
Procedures for Configuring Interfaces
These general instructions apply to all interface configuration processes.
Step 1 Enter the
configure terminal
command at the privileged EXEC prompt:
Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z.
Step 2 Enter the
interface
global configuration command. Identify the interface type, the switch number (only on Catalyst 3750-X switches), and the number of the connector. In this example, Gigabit Ethernet port 1 on switch 1 is selected:
Switch(config)# interface gigabitethernet1/0/1
Note You do not need to add a space between the interface type and the interface number. For example, in the preceding line, you can specify either gigabitethernet 1/0/1, gigabitethernet1/0/1, gi 1/0/1, or gi1/0/1.
Step 3 Follow each
interface
command with the interface configuration commands that the interface requires. The commands that you enter define the protocols and applications that will run on the interface. The commands are collected and applied to the interface when you enter another interface command or enter
end
to return to privileged EXEC mode.
You can also configure a range of interfaces by using the
interface range
or
interface range macro
global configuration commands. Interfaces configured in a range must be the same type and must be configured with the same feature options.
Step 4 After you configure an interface, verify its status by using the
show
privileged EXEC commands listed in the “Monitoring and Maintaining the Interfaces” section.
Enter the
show interfaces
privileged EXEC command to see a list of all interfaces on or configured for the switch. A report is provided for each interface that the device supports or for the specified interface.
Configuring a Range of Interfaces
You can use the
interface range
global configuration command to configure multiple interfaces with the same configuration parameters. When you enter the interface-range configuration mode, all command parameters that you enter are attributed to all interfaces within that range until you exit this mode.
To configure a range of interfaces with the same parameters, follow these steps beginning in privileged EXEC mode:
|
|
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
interface range
{
port-range
|
macro
macro_name
}
|
Specifies the range of interfaces (VLANs or physical ports) to be configured, and enter interface-range configuration mode.
-
You can use the
interface range
command to configure up to five port ranges or a previously defined macro.
-
The
macro
variable is explained in the “Configuring and Using Interface Range Macros” section.
-
In a comma-separated
port-range
, you must enter the interface type for each entry and enter spaces before and after the comma.
-
In a hyphen-separated
port-range
, you do not need to reenter the interface type, but you must enter a space before the hyphen.
|
Step 3
|
Use the normal configuration commands to apply the configuration parameters to all interfaces in the range. Each command is executed as it is entered.
|
|
Step 4
|
end
|
Returns to privileged EXEC mode.
|
Step 5
|
show interfaces
[
interface-id
]
|
Verifies the configuration of the interfaces in the range.
|
Step 6
|
copy running-config startup-config
|
(Optional) Saves your entries in the configuration file.
|
When using the
interface range
global configuration command, note these guidelines:
-
Valid entries for
port-range
:
–
vlan
vlan-ID
-
vlan-ID
, where the VLAN ID is 1 to 4094
–
gigabitethernet
module/{first
port
} - {
last port
} (for 3560-X switches), where the module is always 0
–
gigabitethernet
stack member/module/{first
port
} - {
last port
} (for 3750-X switches), where the module is always 0.
tengigabitethernet
module/{
first port
} - {
last port
} (for 3560-X switches), where the module is always 0.
–
tengigabitethernet
stack member/module/{
first port
} - {
last port} (for
3750-X switches), where the module is always 0.
–
gigabitethernet
stack member/module/{first
port
} - {
last port
}, where the module is always 0.
–
tengigabitethernet
stack member/module/{
first port
} - {
last port
}, where the module is always 0.
–
port-channel
port-channel-number
-
port-channel-number
, where the
port-channel-number
is 1 to 48.
Note When you use the interface range command with port channels, the first and last port-channel number must be active port channels.
-
You must add a space between the first interface number and the hyphen when using the interface range command. For example, the command interface range
gigabitethernet
1/0/1 - 4 is a valid range; the command interface range
gigabit
ethernet1/0/1-4 is not a valid range.
-
The
interface range
command only works with VLAN interfaces that have been configured with the
interface vlan
command. The
show running-config
privileged EXEC command displays the configured VLAN interfaces. VLAN interfaces not displayed by the
show running-config
command cannot be used with the
interface range
command.
-
All interfaces defined in a range must be the same type (all Gigabit Ethernet ports, all 10-Gigabit Ethernet ports, all EtherChannel ports, or all VLANs), but you can enter multiple ranges in a command.
This example shows how to use the
interface range
global configuration command to set the speed to 100 Mb/s on ports 1 to 4 on switch 1:
Switch# configure terminal Switch(config)# interface range gigabitethernet1/0/1 - 4 Switch(config-if-range)# speed 100
This example shows how to use a comma to add different interface type strings to the range to enable Gigabit Ethernet ports 1 to 3 and 10-Gigabit Ethernet ports 1 and 2 to receive flow-control pause frames:
Switch# configure terminal Switch(config)# interface range gigabitethernet1/0/1 - 3 , tengigabitethernet1/0/1 - 2 Switch(config-if-range)# flowcontrol receive on
If you enter multiple configuration commands while you are in interface-range mode, each command is executed as it is entered. The commands are not batched and executed after you exit interface-range mode. If you exit interface-range configuration mode while the commands are being executed, some commands might not be executed on all interfaces in the range. Wait until the command prompt reappears before exiting interface-range configuration mode.
Configuring and Using Interface Range Macros
You can create an interface range macro to automatically select a range of interfaces for configuration. Before you can use the macro keyword in the interface range macro global configuration command string, you must use the
define interface-range
global configuration command to define the macro.
To define an interface range macro, follow these steps beginning in privileged EXEC mode:
|
|
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
define interface-range
macro_name
interface-range
|
Defines the interface-range macro, and saves it in NVRAM.
-
The
macro_name
is a 32-character maximum character string.
-
A macro can contain up to five comma-separated interface ranges.
-
Each
interface-range
must consist of the same port type.
|
Step 3
|
interface range macro
macro_name
|
Selects the interface range to be configured using the values saved in the interface-range macro called
macro_name.
You can now use the normal configuration commands to apply the configuration to all interfaces in the defined macro.
|
Step 4
|
end
|
Returns to privileged EXEC mode.
|
Step 5
|
show running-config | include define
|
Shows the defined interface range macro configuration.
|
Step 6
|
copy running-config startup-config
|
(Optional) Saves your entries in the configuration file.
|
Use the
no define interface-range
macro_name
global configuration command to delete a macro.
When using the
define
interface-range
global configuration command, note these guidelines:
-
Valid entries for
interface-range
:
–
vlan
vlan-ID
-
vlan-ID
, where the VLAN ID is 1 to 4094
–
gigabitethernet
module/{
first port
} - {
last port} (for
3560-X switches), where the module is always 0
–
gigabitethernet
stack member/module/{
first port
} - {
last port} (for
3750-X switches), where the module is always 0
–
tengigabitethernet
module/{
first port
} - {
last port} (for
3560-X switches), where the module is always 0
tengigabitethernet
stack member/module/{
first port
} - {
last port} (for
3750-X switches), where the module is always 0
gigabitethernet
stack member/module/{
first port
} - {
last port
}, where the module is always 0
–
tengigabitethernet
stack member/module/{
first port
} - {
last port
}, where the module is always 0
–
port-channel
port-channel-number
-
port-channel-number
, where the
port-channel-number
is 1 to 48.
Note When you use the interface ranges with port channels, the first and last port-channel number must be active port channels.
-
You must add a space between the first interface number and the hyphen when entering an
interface-range
. For example,
gigabitethernet1/
0/1 - 4 is a valid range;
gigabitethernet
1/0/1-4 is not a valid range.
-
The VLAN interfaces must have been configured with the
interface vlan
command. The
show running-config
privileged EXEC command displays the configured VLAN interfaces. VLAN interfaces not displayed by the
show running-config
command cannot be used as
interface-ranges
.
-
All interfaces defined as in a range must be the same type (all Gigabit Ethernet ports, all 10-Gigabit Ethernet ports, all EtherChannel ports, or all VLANs), but you can combine multiple interface types in a macro.
This example shows how to define an interface-range named
enet_list
to include ports 1 and 2 on switch 1 and to verify the macro configuration:
Switch# configure terminal Switch(config)# define interface-range enet_list gigabitethernet1/0/1 - 2 Switch# show running-config | include define define interface-range enet_list GigabitEthernet1/0/1 - 2
This example shows how to create a multiple-interface macro named
macro1
:
Switch# configure terminal Switch(config)# define interface-range macro1 gigabitethernet1/0/1 - 2, gigabitethernet1/0/5 - 7, tengigabitethernet1/0/1 -2
This example shows how to enter interface-range configuration mode for the interface-range macro
enet_list
:
Switch# configure terminal Switch(config)# interface range macro enet_list
This example shows how to delete the interface-range macro
enet_list
and to verify that it was deleted.
Switch# configure terminal Switch(config)# no define interface-range enet_list Switch# show run | include define
Configuring Ethernet Interfaces
These sections contain this configuration information:
Default Ethernet Interface Configuration
Table 1-3
shows the Ethernet interface default configuration, including some features that apply only to Layer 2 interfaces. For more details on the VLAN parameters listed in the table, see Chapter1, “Configuring VLANs” For details on controlling traffic to the port, see Chapter1, “Configuring Port-Based Traffic Control”
Note To configure Layer 2 parameters, if the interface is in Layer 3 mode, you must enter the switchport interface configuration command without any parameters to put the interface into Layer 2 mode. This shuts down the interface and then reenables it, which might generate messages on the device to which the interface is connected. When you put an interface that is in Layer 3 mode into Layer 2 mode, the previous configuration information related to the affected interface might be lost, and the interface is returned to its default configuration.
Table 1-3 Default Layer 2 Ethernet Interface Configuration
|
|
Operating mode
|
Layer 2 or
switching mode
(
switchport
command).
|
Allowed VLAN range
|
VLANs 1– 4094.
|
Default VLAN (for access ports)
|
VLAN 1 (Layer 2 interfaces only).
|
Native VLAN (for IEEE 802.1Q trunks)
|
VLAN 1 (Layer 2 interfaces only).
|
VLAN trunking
|
Switchport mode dynamic auto (supports DTP) (Layer 2 interfaces only).
|
Port enable state
|
All ports are enabled.
|
Port description
|
None defined.
|
Speed
|
Autonegotiate. (Not supported on the 10-Gigabit interfaces.)
|
Duplex mode
|
Autonegotiate. (Not supported on the 10-Gigabit interfaces.)
|
Flow control
|
Flow control is set to
receive
:
off
. It is always off for sent packets.
|
EtherChannel (PAgP)
|
Disabled on all Ethernet ports. See Chapter1, “Configuring EtherChannels and Link-State Tracking”
|
Port blocking (unknown multicast and unknown unicast traffic)
|
Disabled (not blocked) (Layer 2 interfaces only). See the “Configuring Port Blocking” section.
|
Broadcast, multicast, and unicast storm control
|
Disabled. See the “Default Storm Control Configuration” section.
|
Protected port
|
Disabled (Layer 2 interfaces only). See the “Configuring Protected Ports” section.
|
Port security
|
Disabled (Layer 2 interfaces only). See the “Default Port Security Configuration” section.
|
Port Fast
|
Disabled. See the “Default Optional Spanning-Tree Configuration” section.
|
Auto-MDIX
|
Enabled.
Note The switch might not support a pre-standard powered device—such as Cisco IP phones and access points that do not fully support IEEE 802.3af—if that powered device is connected to the switch through a crossover cable. This is regardless of whether auto-MIDX is enabled on the switch port.
|
Power over Ethernet (PoE)
|
Enabled (auto).
|
Configuring Interface Speed and Duplex Mode
Ethernet interfaces on the switch operate at 10, 100, 1000, or 10,000 Mb/s and in either full- or half-duplex mode. In full-duplex mode, two stations can send and receive traffic at the same time. Normally, 10-Mb/s ports operate in half-duplex mode, which means that stations can either receive or send traffic.
Switch models include Gigabit Ethernet (10/100/1000-Mb/s) ports, 10-Gigabit Ethernet ports, and small form-factor pluggable (SFP) module slots supporting SFP modules.
These sections describe how to configure the interface speed and duplex mode:
Speed and Duplex Configuration Guidelines
When configuring an interface speed and duplex mode, note these guidelines:
-
The 10-Gigabit Ethernet ports do not support the speed and duplex features. These ports operate only at 10,000 Mb/s and in full-duplex mode.
-
Gigabit Ethernet (10/100/1000-Mb/s) ports support all speed options and all duplex options (auto, half, and full). However, Gigabit Ethernet ports operating at 1000 Mb/s do not support half-duplex mode.
-
For SFP module ports, the speed and duplex CLI options change depending on the SFP module type:
– The 1000BASE-
x
(where -
x
is -BX, -CWDM, -LX, -SX, and -ZX) SFP module ports support the
nonegotiate
keyword in the
speed
interface configuration command. Duplex options are not supported.
– The 1000BASE-T SFP module ports support the same speed and duplex options as the 10/100/1000-Mb/s ports.
For information about which SFP modules are supported on your switch, see the product release notes.
-
If both ends of the line support autonegotiation, we highly recommend the default setting of auto negotiation.
-
If one interface supports autonegotiation and the other end does not, configure duplex and speed on both interfaces; do not use the
auto
setting on the supported side.
-
When STP is enabled and a port is reconfigured, the switch can take up to 30 seconds to check for loops. The port LED is amber while STP reconfigures.
Caution Changing the interface speed and duplex mode configuration might shut down and re-enable the interface during the reconfiguration.
Setting the Interface Speed and Duplex Parameters
To set the speed and duplex mode for a physical interface, follow these steps beginning in privileged EXEC mode:
|
|
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
interface
interface-id
|
Specifies the physical interface to be configured, and enter interface configuration mode.
|
Step 3
|
speed
{
10 | 100 | 1000 | auto
[
10
|
100
|
1000
]
| nonegotiate
}
|
This command is not available on a 10-Gigabit Ethernet interface.
Enters the appropriate speed parameter for the interface:
-
Enter
10
,
100
, or
1000
to set a specific speed for the interface. The
1000
keyword is available only for 10/100/1000 Mb/s ports.
-
Enter
auto
to enable the interface to autonegotiate speed with the connected device. If you use the
10
,
100
, or the
1000
keywords with the
auto
keyword, the port autonegotiates only at the specified speeds.
-
The
nonegotiate
keyword is available only for SFP module ports. SFP module ports operate only at 1000 Mb/s but can be configured to not negotiate if connected to a device that does not support autonegotiation.
For more information about speed settings, see the “Speed and Duplex Configuration Guidelines” section.
|
Step 4
|
duplex
{
auto | full | half
}
|
This command is not available on a 10-Gigabit Ethernet interface.
Enters the duplex parameter for the interface.
Enables half-duplex mode (for interfaces operating only at 10 or 100 Mb/s). You cannot configure half-duplex mode for interfaces operating at 1000 Mb/s.
You can configure the duplex setting when the speed is set to
auto
.
For more information about duplex settings, see the “Speed and Duplex Configuration Guidelines” section.
|
Step 5
|
end
|
Returns to privileged EXEC mode.
|
Step 6
|
show interfaces
interface-id
|
Displays the interface speed and duplex mode configuration.
|
Step 7
|
copy running-config startup-config
|
(Optional) Saves your entries in the configuration file.
|
Use the
no speed
and
no duplex
interface configuration commands to return the interface to the default speed and duplex settings (autonegotiate). To return all interface settings to the defaults, use the
default interface
interface-id
interface configuration command.
This example shows how to set the interface speed to 100 Mb/s and the duplex mode to half on a 10/100/1000 Mb/s port:
Switch# configure terminal Switch(config)# interface gigabitethernet1/0/3 Switch(config-if)# speed 10 Switch(config-if)# duplex half
This example shows how to set the interface speed to 100 Mb/s on a 10/100/1000 Mb/s port:
Switch# configure terminal Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# speed 100
Configuring IEEE 802.3x Flow Control
Flow control enables connected Ethernet ports to control traffic rates during congestion by allowing congested nodes to pause link operation at the other end. If one port experiences congestion and cannot receive any more traffic, it notifies the other port by sending a pause frame to stop sending until the condition clears. Upon receipt of a pause frame, the sending device stops sending any data packets, which prevents any loss of data packets during the congestion period.
Note Catalyst 3750-X or 3560-X ports can receive, but not send, pause frames.
You use the
flowcontrol
interface configuration command to set the interface’s ability to
receive
pause frames to
on
,
off
, or
desired
. The default state is
off
.
When set to
desired
, an interface can operate with an attached device that is required to send flow-control packets or with an attached device that is not required to but can send flow-control packets.
These rules apply to flow control settings on the device:
-
receive on
(or
desired
): The port cannot send pause frames but can operate with an attached device that is required to or can send pause frames; the port can receive pause frames.
-
receive off
: Flow control does not operate in either direction. In case of congestion, no indication is given to the link partner, and no pause frames are sent or received by either device.
Note For details on the command settings and the resulting flow control resolution on local and remote ports, see the flowcontrol interface configuration command in the command reference for this release.
To configure flow control on an interface, follow these steps beginning in privileged EXEC mode:
|
|
|
Step 1
|
configure terminal
|
Enter global configuration mode
|
Step 2
|
interface
interface-id
|
Specify the physical interface to be configured, and enter interface configuration mode.
|
Step 3
|
flowcontrol
{
receive
} {
on
|
off
|
desired
}
|
Configure the flow control mode for the port.
|
Step 4
|
end
|
Return to privileged EXEC mode.
|
Step 5
|
show interfaces
interface-id
|
Verify the interface flow control settings.
|
Step 6
|
copy running-config startup-config
|
(Optional) Save your entries in the configuration file.
|
To disable flow control, use the
flowcontrol
receive off
interface configuration command.
This example shows how to turn on flow control on a port:
Switch# configure terminal Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# flowcontrol receive on
Configuring Auto-MDIX on an Interface
When automatic medium-dependent interface crossover (auto-MDIX) is enabled on an interface, the interface automatically detects the required cable connection type (straight through or crossover) and configures the connection appropriately. When connecting switches without the auto-MDIX feature, you must use straight-through cables to connect to devices such as servers, workstations, or routers and crossover cables to connect to other switches or repeaters. With auto-MDIX enabled, you can use either type of cable to connect to other devices, and the interface automatically corrects for any incorrect cabling. For more information about cabling requirements, see the hardware installation guide.
Auto-MDIX is enabled by default. Auto-MDIX is supported on all 10/100/1000-Mb/s and on 10/100/1000BASE-TX small form-factor pluggable (SFP)-module interfaces. It is not supported on 1000BASE-SX or -LX SFP module interfaces.
Table 1-4
shows the link states that result from auto-MDIX settings and correct and incorrect cabling.
Table 1-4 Link Conditions and Auto-MDIX Settings
|
|
|
|
On
|
On
|
Link up
|
Link up
|
On
|
Off
|
Link up
|
Link up
|
Off
|
On
|
Link up
|
Link up
|
Off
|
Off
|
Link up
|
Link down
|
To configure auto-MDIX on an interface, follow these steps beginning in privileged EXEC mode:
|
|
|
Step 1
|
configure terminal
|
Enters global configuration mode
|
Step 2
|
interface
interface-id
|
Specifies the physical interface to be configured, and enter interface configuration mode.
|
Step 3
|
speed auto
|
Configures the interface to autonegotiate speed with the connected device.
|
Step 4
|
duplex auto
|
Configures the interface to autonegotiate duplex mode with the connected device.
|
Step 5
|
end
|
Returns to privileged EXEC mode.
|
Step 6
|
show controllers ethernet-controller
interface-id
phy
|
Verifies the operational state of the auto-MDIX feature on the interface.
|
Step 7
|
copy running-config startup-config
|
(Optional) Saves your entries in the configuration file.
|
To disable auto-MDIX, use the
no mdix auto
interface configuration command.
This example shows how to enable auto-MDIX on a port:
Switch# configure terminal Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# speed auto Switch(config-if)# duplex auto Switch(config-if)# mdix auto
Configuring a Power Management Mode on a PoE Port
For most situations, the default configuration (auto mode) works well, providing plug-and-play operation. No further configuration is required. However, use the following procedure to give a PoE port higher priority, to make it data only, or to specify a maximum wattage to disallow high-power powered devices on a port.
Catalyst 3750-X switches also support StackPower, which allows switch power supplies to share the load across multiple systems in a stack by connecting up to four switches with power stack cables. See Chapter 1, “Configuring Catalyst 3750-X StackPower” for information on StackPower.
Note When you make PoE configuration changes, the port being configured drops power. Depending on the new configuration, the state of the other PoE ports, and the state of the power budget, the port might not be powered up again. For example, port 1 is in the auto and on state, and you configure it for static mode. The switch removes power from port 1, detects the powered device, and repowers the port. If port 1 is in the auto and on state and you configure it with a maximum wattage of 10 W, the switch removes power from the port and then redetects the powered device. The switch repowers the port only if the powered device is a class 1, class 2, or a Cisco-only powered device.
To configure a power management mode on a PoE-capable port, follow these steps beginning in privileged EXEC mode:
|
|
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
interface
interface-id
|
Specifies the physical port to be configured, and enter interface configuration mode.
|
Step 3
|
power inline
{
auto
[
max
max-wattage
] |
never |
static
[
max
max-wattage
]}
|
Configures the PoE mode on the port. The keywords have these meanings:
-
auto
—Enables powered-device detection. If enough power is available, automatically allocate power to the PoE port after device detection. This is the default setting.
-
(Optional)
max
max-wattage—
L
imits the power allowed on the port. The range is 4000 to 30000 mW. If no value is specified, the maximum is allowed.
-
never
—Disables device detection, and disable power to the port.
Note If a port has a Cisco powered device connected to it, do not use the power inline never command to configure the port. A false linkup can occur, placing the port into the error-disabled state.
-
static
—Enables powered-device detection. Preallocate (reserve) power for a port before the switch discovers the powered device. The switch reserves power for this port even when no device is connected and guarantees that power will be provided upon device detection.
The switch allocates power to a port configured in static mode before it allocates power to a port configured in auto mode.
|
Step 4
|
end
|
Returns to privileged EXEC mode.
|
Step 5
|
show power inline
[i
nterface-id |
module
switch-number
]
|
Displays PoE status for a switch or a switch stack for the specified interface or for a specified stack member.
The
module
switch-number
keywords are supported only on Catalyst 3750-X switches.
|
Step 6
|
copy running-config startup-config
|
(Optional) Saves your entries in the configuration file.
|
For information about the output of the
show power inline
user EXEC command, see the command reference for this release. For more information about PoE-related commands, see the “Troubleshooting Power over Ethernet Switch Ports” section. For information about configuring voice VLAN, see Chapter1, “Configuring Voice VLAN”
Budgeting Power for Devices Connected to a PoE Port
When Cisco powered devices are connected to PoE ports, the switch uses Cisco Discovery Protocol (CDP) to determine the
CDP-specific
power consumption of the devices, and the switch adjusts the power budget accordingly. This does not apply to IEEE third-party powered devices. For these devices, when the switch grants a power request, the switch adjusts the power budget according to the powered-device IEEE classification. If the powered device is a class 0 (class status unknown) or a class 3, the switch budgets 15,400 mW for the device, regardless of the CDP-specific amount of power needed. If the powered device reports a higher class than its CDP-specific consumption or does not support power classification (defaults to class 0), the switch can power fewer devices because it uses the IEEE class information to track the global power budget.
By using the
power inline consumption
wattage
interface configuration command or the
power inline consumption default
wattage
global configuration command, you can override the default power requirement specified by the IEEE classification. The difference between what is mandated by the IEEE classification and what is actually needed by the device is reclaimed into the global power budget for use by additional devices. You can then extend the switch power budget and use it more effectively.
Caution You should carefully plan your switch power budget, enable the power monitoring feature, and make certain not to oversubscribe the power supply.
Note When you manually configure the power budget, you must also consider the power loss over the cable between the switch and the powered device.
When you enter the
power inline consumption default
wattage
or the
no
power inline consumption default
global configuration command or the
power inline consumption
wattage
or the
no
power inline consumption
interface configuration command, this caution message appears:
%CAUTION: Interface Gi1/0/1: Misconfiguring the 'power inline consumption/allocation' command may cause damage to the switch and void your warranty. Take precaution not to oversubscribe the power supply. It is recommended to enable power policing if the switch supports it.
For more information about the IEEE power classifications, see the “Power over Ethernet Ports” section.
To configure the amount of power budgeted to a powered device connected to each PoE port on a switch, follow these steps beginning in privileged EXEC mode:
|
|
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
no cdp run
|
(Optional) Disables CDP.
|
Step 3
|
power inline consumption default
wattage
|
Configures the power consumption of powered devices connected to each the PoE port on the switch. The range for each device is
4000 to 15400 mW. The default is 15400 mW.
Note When you use this command, we recommend you also enable power policing.
|
Step 4
|
end
|
Returns to privileged EXEC mode.
|
Step 5
|
show power inline consumption default
|
Displays the power consumption status.
|
Step 6
|
copy running-config startup-config
|
(Optional) Saves your entries in the configuration file.
|
To return to the default setting, use the
no power inline consumption default
global configuration command.
To configure amount of power budgeted to a powered device connected to a specific PoE port, follow these steps beginning in privileged EXEC mode:
|
|
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
no cdp run
|
(Optional) Disables CDP.
|
Step 3
|
interface
interface-id
|
Specifies the physical port to be configured, and enter interface configuration mode.
|
Step 4
|
power inline consumption
wattage
|
Configures the power consumption of a powered device connected to a PoE port on the switch. The range for each device is
4000 to 15400 mW. The default is 15400 mW.
Note When you use this command, we recommend you also enable power policing.
|
Step 5
|
end
|
Returns to privileged EXEC mode.
|
Step 6
|
show power inline consumption
|
Displays the power consumption data.
|
Step 7
|
copy running-config startup-config
|
(Optional) Saves your entries in the configuration file.
|
To return to the default setting, use the
no power inline consumption
interface configuration command.
For information about the output of the
show power inline consumption
privileged EXEC command, see the command reference for this release.
Configuring Power Policing
By default, the switch monitors the real-time power consumption of connected powered devices. You can configure the switch to police the power usage. By default, policing is disabled.
For more information about the cutoff power value, the power consumption values that the switch uses, and the actual power consumption value of the connected device, see the “Power Monitoring and Power Policing” section in the “Configuring Interface Characteristics” chapter of the software configuration guide for this release.
To enable policing of the real-time power consumption of a powered device connected to a PoE port, follow these steps beginning in privileged EXEC mode:
|
|
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
interface
interface-id
|
Specifies the physical port to be configured, and enter interface configuration mode.
|
Step 3
|
power inline police
[
action log
]
|
If the real-time power consumption exceeds the maximum power allocation on the port, configure the switch to take one of these actions:
-
Shut down the PoE port, turn off power to it, and put it in the error-dsabled state—Enter the
power inline police
command.
Note You can enable error detection for the PoE error-disabled cause by using the errdisable detect cause inline-power global configuration command. You can also enable the timer to recover from the PoE error-disabled state by using the errdisable recovery cause inline-power interval interval global configuration command.
-
Generate a syslog message while still providing power to the port—Enter the
power inline police
action log
command.
If you do not enter the
action log
keywords, the default action shuts down the port and puts the port in the error-disabled state.
|
Step 4
|
exit
|
Returns to global configuration mode.
|
Step 5
|
errdisable detect cause inline-power
and
errdisable recovery cause inline-power
and
errdisable recovery interval
interval
|
(Optional) Enables error recovery from the PoE error-disabled state, and configures the PoE recover mechanism variables.
By default, the recovery interval is 300 seconds.
For
interval
interval
, specify the time in seconds to recover from the error-disabled state. The range is 30 to 86400.
|
Step 6
|
exit
|
Returns to privileged EXEC mode.
|
Step 7
|
show power inline police
show errdisable recovery
|
Displays the power monitoring status, and verify the error recovery settings.
|
Step 8
|
copy running-config startup-config
|
(Optional) Saves your entries in the configuration file.
|
To disable policing of the real-time power consumption, use the
no power inline police
interface configuration command. To disable error recovery for PoE error-disabled cause, use the
no errdisable recovery cause inline-power
global configuration command.
For information about the output from the
show power inline police
privileged EXEC command, see the command reference for this release.
Adding a Description for an Interface
You can add a description about an interface to help you remember its function. The description appears in the output of these privileged EXEC commands:
show configuration
,
show running-config
, and
show interfaces
.
To add a description for an interface, follow these steps beginning in privileged EXEC mode:
|
|
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
interface
interface-id
|
Specifies the interface for which you are adding a description, and enter interface configuration mode.
|
Step 3
|
description
string
|
Adds a description (up to 240 characters) for an interface.
|
Step 4
|
end
|
Returns to privileged EXEC mode.
|
Step 5
|
show interfaces
interface-id
description
or
show running-config
|
Verifies your entry.
|
Step 6
|
copy running-config startup-config
|
(Optional) Saves your entries in the configuration file.
|
Use the
no description
interface configuration command to delete the description.
This example shows how to add a description on a port and how to verify the description:
Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# description Connects to Marketing Switch# show interfaces gigabitethernet1/0/2 description Interface Status Protocol Description Gi1/0/2 admin down down Connects to Marketing
Configuring Layer 3 Interfaces
Note Layer 3 interfaces are not supported on switches running the LAN Base feature set.
The switch supports these types of Layer 3 interfaces:
-
SVIs—Configure SVIs for any VLANs for which you want to route traffic. SVIs are created when you enter a VLAN ID following the
interface vlan
global configuration
command. To delete an SVI, use the
no interface vlan
global configuration command. You cannot delete interface VLAN 1.
Note When you create an SVI, it does not become active until it is associated with a physical port. For information about assigning Layer 2 ports to VLANs, see Chapter1, “Configuring VLANs”
When configuring SVIs, you can also configure SVI autostate exclude on a port in the SVI to exclude that port from being included in determining SVI line-state status. See the “Configuring SVI Autostate Exclude” section.
-
Routed ports—Routed ports are physical ports configured to be in Layer 3 mode by using the
no switchport
interface configuration command.
-
Layer 3 EtherChannel ports—EtherChannel interfaces made up of routed ports.
EtherChannel port interfaces are described in Chapter1, “Configuring EtherChannels and Link-State Tracking”
A Layer 3 switch can have an IP address assigned to each routed port and SVI.
There is no defined limit to the number of SVIs and routed ports that can be configured in a switch or in a switch stack. However, the interrelationship between the number of SVIs and routed ports and the number of other features being configured might have an impact on CPU usage because of hardware limitations. If the switch is using its maximum hardware resources, attempts to create a routed port or SVI have these results:
-
If you try to create a new routed port, the switch generates a message that there are not enough resources to convert the interface to a routed port, and the interface remains as a switch port.
-
If you try to create an extended-range VLAN, an error message is generated, and the extended-range VLAN is rejected.
-
If the switch is notified by VLAN Trunking Protocol (VTP) of a new VLAN, it sends a message that there are not enough hardware resources available and shuts down the VLAN. The output of the
show vlan
user EXEC command shows the VLAN in a suspended state.
-
If the switch attempts to boot up with a configuration that has more VLANs and routed ports than hardware can support, the VLANs are created, but the routed ports are shut down, and the switch sends a message that this was due to insufficient hardware resources.
All Layer 3 interfaces require an IP address to route traffic. This procedure shows how to configure an interface as a Layer 3 interface and how to assign an IP address to an interface.
Note If the physical port is in Layer 2 mode (the default), you must enter the no switchport interface configuration command to put the interface into Layer 3 mode. Entering a no switchport command disables and then reenables the interface, which might generate messages on the device to which the interface is connected. Furthermore, when you put an interface that is in Layer 2 mode into Layer 3 mode, the previous configuration information related to the affected interface might be lost, and the interface is returned to its default configuration.
To configure a Layer 3 interface, follow these steps beginning in privileged EXEC mode:
|
|
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
interface
{
gigabitethernet
interface-id
} | {
vlan
vlan-id
} | {
port-channel
port-channel-number
}
|
Specifies the interface to be configured as a Layer 3 interface, and enter interface configuration mode.
|
Step 3
|
no switchport
|
For physical ports only, enters Layer 3 mode.
|
Step 4
|
ip address
ip_address subnet_mask
|
Configures the IP address and IP subnet.
|
Step 5
|
no shutdown
|
Enables the interface.
|
Step 6
|
end
|
Returns to privileged EXEC mode.
|
Step 7
|
show interfaces
[
interface-id
]
show ip interface
[
interface-id
]
show running-config interface
[
interface-id
]
|
Verifies the configuration.
|
Step 8
|
copy running-config startup-config
|
(Optional) Saves your entries in the configuration file.
|
To remove an IP address from an interface, use the
no ip address
interface configuration command.
This example shows how to configure a port as a routed port and to assign it an IP address:
Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# no switchport Switch(config-if)# ip address 192.20.135.21 255.255.255.0 Switch(config-if)# no shutdown
Configuring SVI Autostate Exclude
Configuring SVI autostate exclude on an access or trunk port in an SVI excludes that port in the calculation of the status of the SVI line state (up or down) status even if it belongs to the same VLAN. When the excluded port is in the up state, and all other ports in the VLAN are in the down state, the SVI state is changed to down.
At least one port in the VLAN should be up and not excluded to keep the SVI state up. You can use this command to exclude the monitoring port status when determining the status of the SVI.
To exclude a port from SVI state-change calculations, follow these steps beginning in privileged EXEC mode:
|
|
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
interface
interface-id
|
Specifies a Layer 2 interface (physical port or port channel), and enter interface configuration mode.
|
Step 3
|
switchport autostate exclude
|
Excludes the access or trunk port when defining the status of an SVI line state (up or down).
|
Step 4
|
end
|
Returns to privileged EXEC mode.
|
Step 5
|
show running config interface
interface-id
show interface
interface-id
switchport
|
(Optional) Shows the running configuration.
Verifies the configuration.
|
Step 6
|
copy running-config startup-config
|
(Optional) Saves your entries in the configuration file.
|
This example shows how to configure an access or trunk port in an SVI to be excluded from the line-state status calculation:
Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# switchport autostate exclude