- Preface
- Product Overview
- Virtual Switching Systems (VSS)
- IP Unicast Layer 3 Switching
-
- Cisco IOS ACL Support
- Cisco TrustSec (CTS)
- AutoSecure
- MAC Address-Based Traffic Blocking
- Port ACLs (PACLs)
- VLAN ACLs (VACLs)
- Policy-Based Forwarding (PBF)
- Denial of Service (DoS) Protection
- Control Plane Policing (CoPP)
- Dynamic Host Configuration Protocol (DHCP) Snooping
- IP Source Guard
- Dynamic ARP Inspection (DAI)
- Traffic Storm Control
- Unknown Unicast Flood Control
- IEEE 802.1X Port-Based Authentication
- Configuring Web-Based Authentication
- Port Security
- Lawful Intercept
- Online Diagnostic Tests
- Migrating From a 12.2SX QoS Configuration
- Index
- Supervisor Engine 2T-10GE Flash Memory Devices
- Supervisor Engine 2T-10GE Ports
- Supervisor Engine 2T-10GE ConnectivityManagementProcessor(CMP)
- Determining System Hardware Capacity
- Module Status Monitoring
- Enabling Visual Identification of Modules or Ports
- User Interfaces
- Software Features Supported in Hardware by the PFC and DFC
Product Overview
- Supervisor Engine 2T-10GE Flash Memory Devices
- Supervisor Engine 2T-10GE Ports
- Supervisor Engine 2T-10GE Connectivity Management Processor (CMP)
- Determining System Hardware Capacity
- Module Status Monitoring
- Enabling Visual Identification of Modules or Ports
- User Interfaces
- Software Features Supported in Hardware by the PFC and DFC
Note ● For complete syntax and usage information for the commands used in this chapter, see these publications:
http://www.cisco.com/en/US/products/ps11846/prod_command_reference_list.html
- Cisco IOS Release 15.1SY supports only Ethernet interfaces. Cisco IOS Release 15.1SY does not support any WAN features or commands.
- For complete information about the supported chassis, modules, and software features, see the Release Notes for Cisco IOS Release 15.1SY :
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/release_notes.html
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum
Supervisor Engine 2T-10GE Flash Memory Devices
– External CompactFlash Type II slots
– For CompactFlash Type II flash PC cards sold by Cisco Systems, Inc.
Supervisor Engine 2T-10GE Ports
– EIA/TIA-232 (RS-232) port with RJ-45 connector
By default (no media-type rj45 configured on the console 0 interface), either connector can be used and if an active USB connection is detected, the RJ-45 connector is deactivated. With the no media-type rj45 command configured on the console 0 interface, the RJ-45 connector can only be used when there is no active USB connection. With the media-type rj45 command configured on the console 0 interface, only the RJ-45 connector can be used. See this publication for information about USB drivers:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Module_Installation/Sup_Eng_Guide/03instal.html#USB_Console_Port_Driver_Installation
Note With Release 15.1(1)SY, be aware of the console disconnect feature, which is enabled by default.
- Ports 1, 2, and 3: Gigabit Ethernet SFP (fiber or 10/100/1000 Mbps RJ-45)
- Ports 4 and 5—10-Gigabit Ethernet X2
Note ● The 1-Gigabit Ethernet ports and the 10-Gigabit Ethernet ports have the same QoS port architecture (2q4t/1p3q4t) unless you disable the 1-Gigabit Ethernet ports with the platform qos 10g-only global configuration command. With the 1-Gigabit Ethernet ports disabled, the QoS port architecture of the 10-Gigabit Ethernet ports is 8q4t/1p7q4t.
- See the Supervisor Engine 2T-10GE Connectivity Management Processor Configuration Guide for information about the 10/100/1000 Mbps RJ-45 port.
See the “How to Configure Optional Interface Features” section for information about configuring the ports.
Supervisor Engine 2T-10GE Connectivity Management Processor (CMP)
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/cmp_configuration/guide/sup2T_10GEcmp.html
Determining System Hardware Capacity
You can determine the system hardware capacity by entering the show platform hardware capacity command. This command displays the current system utilization of the hardware resources and displays a list of the currently available hardware capacities, including the following:
- Hardware forwarding table utilization
- Switch fabric utilization
- CPU(s) utilization
- Memory device (flash, DRAM, NVRAM) utilization
This example shows how to display CPU capacity and utilization information for the route processor, the switch processor, and a switching module:
This example shows how to display EOBC-related statistics for the route processor, the switch processor, and the DFCs:
This example shows how to display the current and peak switching utilization:
This example shows how to display information about the total capacity, the bytes used, and the percentage that is used for the flash and NVRAM resources present in the system:
This example shows how to display the capacity and utilization of the PFC and DFCs present in the system:
This example shows how to display the interface resources:
This example shows how to display SPAN information:
This example shows how to display the capacity and utilization of resources for Layer 3 multicast functionality:
This example shows how to display information about the system power capacities and utilizations:
This example shows how to display the capacity and utilization of QoS policer resources for each PFC and DFC:
This example shows how to display information about the key system resources:
This example shows how to display VLAN information:
Module Status Monitoring
The supervisor engine polls the installed modules with Switch Communication Protocol (SCP) messages to monitor module status.
The SCP sends a message every two seconds to each module. Module nonresponse after 3 messages (6 seconds) is classified as a failure. CPU_MONITOR system messages are sent every 30 seconds. After 25 sequential failures (150 seconds), the supervisor engine power cycles the module and sends a CPU_MONITOR TIMED_OUT system message and OIR PWRCYCLE system messages.
Enabling Visual Identification of Modules or Ports
To make a module easy to identify visually, you can configure the blue ID LED (also called the blue beacon LED) on these modules to blink:
This is the command to enable blinking on a module:
This is the command to disable blinking on a module:
To make a port easy to identify visually, you can configure the link LED on these modules to blink:
This is the command to enable blinking on a port:
This is the command to disable blinking:
User Interfaces
- CLI—See Chapter2, “Command-Line Interfaces”
- SNMP—See the SNMP Configuration Guide, Cisco IOS Release 15.1SY, at this URL:
http://www.cisco.com/en/US/docs/ios-xml/ios/snmp/configuration/15sy/snmp-15-sy-book.html
- Cisco IOS web browser interface—See the HTTP Services Configuration Guide, Cisco IOS Release 15.1SY, at this URL:
http://www.cisco.com/en/US/docs/ios-xml/ios/https/configuration/15-sy/https-15-sy-book.html
Software Features Supported in Hardware by the PFC and DFC
– Permit and deny actions of input and output standard and extended ACLs
Note Flows that require ACL logging are processed in software on the route processor (RP).
– Except on MPLS interfaces, reflexive ACL flows after the first packet in a session is processed in software on the RP
Note Idle timeout is processed in software on the RP.
For more information about PFC and DFC support for ACLs, see Chapter40, “Cisco IOS ACL Support”
- Bidirectional Protocol Independent Multicast (PIM) in hardware—See “IPv4 Bidirectional PIM” section.
- Dynamic address resolution protocol (ARP) inspection (DAI)—See Chapter51, “Dynamic ARP Inspection (DAI)”
- Multiple-path Unicast Reverse Path Forwarding (RPF) Check—To configure Unicast RPF Check, see the “Unicast Reverse Path Forwarding (uRPF) Check” section.
- Except on MPLS interfaces, Network Address Translation (NAT) for IPv4 unicast and multicast traffic.
Note the following information about hardware-assisted NAT:
– The PFC and any DFCs do not support NAT of multicast traffic. ( CSCtd18777)
– The PFC and any DFCs do not support NAT configured with a route-map that specifies length.
– When you configure NAT and NDE on an interface, the RP processes all traffic in fragmented packets in software.
– To prevent a significant volume of NAT traffic from being sent to the RP, due to either a DoS attack or a misconfiguration, enter the platform rate-limit unicast acl { ingress | egress } command.
- NetFlow—See Chapter23, “NetFlow Hardware Support”
- Policy-based routing (PBR)—See Chapter4, “Policy-Based Routing (PBR)”
Note The PFC and DFC do not provide hardware acceleration for tunnels configured with the tunnel key command.
- IPv4 Multicast over point-to-point generic route encapsulation (GRE) Tunnels.
- GRE Tunneling and IP in IP Tunneling—The PFC and DFC support the following tunnel commands:
Other supported types of tunneling run in software.
The tunnel ttl command (default 255) sets the TTL of encapsulated packets.
The tunnel tos command, if present, sets the ToS byte of a packet when it is encapsulated. If the tunnel tos command is not present and QoS is not enabled, the ToS byte of a packet sets the ToS byte of the packet when it is encapsulated. If the tunnel tos command is not present and QoS is enabled, the ToS byte of a packet as modified by PFC QoS sets the ToS byte of the packet when it is encapsulated.
To configure GRE Tunneling and IP in IP Tunneling, see these publications:
http://www.cisco.com/en/US/docs/ios-xml/ios/interface/configuration/15-sy/ir-impl-tun.html
To configure the tunnel tos and tunnel ttl commands, see this publication for more information:
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_tos.html
Note the following information about tunnels:
– The PFC4 and DFC4 support up to 8 multicast rendevous points (RP).
– Each hardware-assisted tunnel must have a unique source. Hardware-assisted tunnels cannot share a source even if the destinations are different. Use secondary addresses on loopback interfaces or create multiple loopback interfaces. ( CSCdy72539)
– Each tunnel interface uses one internal VLAN.
– Each tunnel interface uses one additional router MAC address entry per router MAC address.
– The PFC and DFC support PFC QoS features on tunnel interfaces.
– Tunnels configured with egress features on the tunnel interface are supported in software. Examples of egress features are output Cisco IOS ACLs, NAT (for inside to outside translation), TCP intercept, and encryption.
- VLAN ACLs (VACLs)—To configure VACLs, see Chapter45, “VLAN ACLs (VACLs)”
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum