- Index
- Preface
- Product Overview
- Command-Line Interfaces
- Smart Port Macros
- Virtual Switching Systems (VSS)
- Enhanced Fast Software Upgrade (eFSU)
- Fast Software Upgrades
- Stateful Switchover (SSO)
- Non-Stop Forwarding (NSF)
- RPR Supervisor Engine Redundancy
- Layer 2 LAN Port Configuration
- Flex Links
- EtherChannels
- IEEE 802.1ak MVRP and MRP
- VLAN Trunking Protocol (VTP)
- VLANs
- Private VLANs (PVLANs)
- Private Hosts
- IEEE 802.1Q Tunneling
- Layer 2 Protocol Tunneling
- Spanning Tree Protocols (STP, MST)
- Optional STP Features
- IP Unicast Layer 3 Switching
- Policy Based Routing (PBR)
- Layer 3 Interface Configuration
- Unidirectional Ethernet (UDE) and unidirectional link routing (UDLR)
- Multiprotocol Label Switching (MPLS)
- MPLS VPN Support
- Ethernet over MPLS (EoMPLS)
- IPv4 Multicast Layer 3 Features
- IPv4 Multicast IGMP Snooping
- IPv4 PIM Snooping
- IPv4 Multicast VLAN Registration (MVR)
- IPv4 IGMP Filtering
- IPv4 Router Guard
- IPv4 Multicast VPN Support
- IPv6 Multicast Layer 3 Features
- IPv6 MLD Snooping
- Netflow
- NetFlow Data Export (NDE)
- Call Home
- System Event Archive (SEA)
- Backplane Platform Monitoring
- Local SPAN, RSPAN, and ERSPAN
- SNMP IfIndex Persistence
- Top-N Reports
- Layer 2 Traceroute Utility
- Mini Protocol Analyzer
- PFC QoS
- AutoQoS
- MPLS QoS
- PFC QoS Statistics Data Export
- Cisco IOS ACL Support
- Cisco TrustSec (CTS)
- AutoSecure
- MAC Address-Based Traffic Blocking
- Port ACLs (PACLs)
- VLAN ACLs (VACLs)
- Policy-Based Forwarding (PBF)
- Denial of Service (DoS) Protection
- Control Plane Policing (CoPP)
- Dynamic Host Configuration Protocol (DHCP) Snooping
- IP Source Guard
- Dynamic ARP Inspection (DAI)
- Traffic Storm Control
- Unknown Unicast and Multicast Flood Control
- IEEE 802.1X Port-Based Authentication
- Configuring Web-Based Authentication
- Port Security
- Lawful Intercept
- Online Diagnostic Tests
Product Overview
•Supervisor Engine 720-10GE Flash Memory Devices
•Supervisor Engine 720-10GE Ports
•Supervisor Engine 720 Flash Memory Devices
•Determining System Hardware Capacity
•Software Features Supported in Hardware by the PFC and DFC
Note•For complete syntax and usage information for the commands used in this chapter, see these publications:
http://www.cisco.com/en/US/products/ps11846/prod_command_reference_list.html
•Cisco IOS Release 15.1SY supports only Ethernet interfaces. Cisco IOS Release 15.1SY does not support any WAN features or commands.
•For complete information about the supported chassis, modules, and software features, see the Release Notes for Cisco IOS Release 15.1SY:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/release_notes.html
Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum
Supervisor Engine 720-10GE Flash Memory Devices
The Supervisor Engine 720-10GE has these flash memory devices:
•disk0: (active) and slavedisk0: (standby):
–External CompactFlash Type II slots
–For CompactFlash Type II flash PC cards sold by Cisco Systems, Inc.
•sup-bootdisk: (active) and slavesup-bootdisk: (standby):
–Switch processor (SP) 1-GB internal CompactFlash flash memory
–From SP ROMMON, it is bootdisk:
–Not accessible from route processor (RP) ROMMON
•bootflash: (active) and slave-bootflash: (standby):
–RP 64-MB internal flash memory
–Not accessible from SP ROMMON
Supervisor Engine 720-10GE Ports
The Supervisor Engine 720-10GE has these ports:
•Console port—EIA/TIA-232 (RS-232) port
Note With Release 15.1(1)SY, be aware of the console disconnect feature, which is enabled by default.
•Ports 1 and 2
–Gigabit Ethernet SFP (fiber or 10/100/1000 Mbps RJ-45)
–Fast Ethernet SFP
•Port 3—10/100/1000 Mbps RJ-45
•Ports 4 and 5—10-Gigabit Ethernet X2
Note The 1-Gigabit Ethernet ports and the 10-Gigabit Ethernet ports have the same QoS port architecture (2q4t/1p3q4t) unless you disable the 1-Gigabit Ethernet ports with the mls qos 10g-only global configuration command. With the 1-Gigabit Ethernet ports disabled, the QoS port architecture of the 10-Gigabit Ethernet ports is 8q4t/1p7q4t.
See the "How to Configure Optional Interface Features" section for information about configuring the ports.
Supervisor Engine 720 Flash Memory Devices
The Supervisor Engine 720 has these flash memory devices:
•disk0: and disk1: (active) and slavedisk0: and slavedisk1: (standby):
–External CompactFlash Type II slots
–For CompactFlash Type II flash PC cards sold by Cisco Systems, Inc.
•sup-bootflash: (active) and slavesup-bootflash: (standby):
–Switch processor (SP) 64-MB internal flash memory
–From SP ROMMON, it is bootflash:
–Not accessible from route processor (RP) ROMMON
•With WS-CF-UPG=, sup-bootdisk: (active) and slavesup-bootflash: (standby):
–SP 512-MB internal CompactFlash flash memory
–From SP ROMMON, it is bootdisk:
–Not accessible from RP ROMMON
–See this publication for more information:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_17277.html
•bootflash: (active) and slave-bootflash: (standby):
–RP 64-MB internal flash memory
–Not accessible from SP ROMMON
Supervisor Engine 720 Ports
The Supervisor Engine 720 has these ports:
•Console port—EIA/TIA-232 (RS-232) port
Note With Release 15.1(1)SY, be aware of the console disconnect feature, which is enabled by default.
•Port 1—Small form-factor pluggable (SFP); no unique configuration options.
•Port 2— RJ-45 connector and an SFP connector (default). To use the RJ-45 connector, you must change the configuration.
To configure Supervisor Engine 720 port 2 to use either the RJ-45 connector or the SFP connector, perform this task:
|
|
|
---|---|---|
Step 1 |
Router(config)# interface gigabitethernet slot/2 |
Selects the Ethernet port to be configured. |
Step 2 |
Router(config-if)# media-type {rj45 | sfp} |
Selects the connector to use. |
This example shows how to configure port 2 on a Supervisor Engine 720 in slot 5 to use the RJ-45 connector:
Router(config)# interface gigabitethernet 5/2
Router(config-if)# media-type rj45
See the "How to Configure Optional Interface Features" section for more information about configuring the ports.
Determining System Hardware Capacity
You can determine the system hardware capacity by entering the show platform hardware capacity command. This command displays the current system utilization of the hardware resources and displays a list of the currently available hardware capacities, including the following:
•Hardware forwarding table utilization
•Switch fabric utilization
•CPU(s) utilization
•Memory device (flash, DRAM, NVRAM) utilization
This example shows how to display CPU capacity and utilization information for the route processor, the switch processor, and a switching module:
Router# show platform hardware capacity cpu
CPU Resources
CPU utilization: Module 5 seconds 1 minute 5 minutes
3 0% / 0% 1% 1%
7 RP 2% / 0% 1% 1%
Processor memory: Module Bytes: Total Used %Used
3 1612928756 164136704 10%
7 RP 1569347520 242739196 15%
I/O memory: Module Bytes: Total Used %Used
3 268435456 21163672 8%
7 RP 268435456 110324056 41%
Router#
This example shows how to display EOBC-related statistics for the route processor, the switch processor, and the DFCs:
Router# show platform hardware capacity eobc
EOBC Resources
Module Packets/sec Total packets Dropped packets
3 Rx: 25 57626 0
Tx: 19 45490 0
7 RP Rx: 36456689392 54747 0
Tx: 25 66898 0
This example shows how to display the current and peak switching utilization:
Router# show platform hardware capacity fabric
Bus utilization: current is 100%, peak was 100% at 12:34 12mar45
Fabric utilization: ingress egress
Module channel speed current peak current peak
1 0 20G 100% 100% 12:34 12mar45 100% 100% 12:34 12mar45
1 1 20G 12% 80% 12:34 12mar45 12% 80% 12:34 12mar45
4 0 20G 12% 80% 12:34 12mar45 12% 80% 12:34 12mar45
13 0 8G 12% 80% 12:34 12mar45 12% 80% 12:34 12mar45
This example shows how to display information about the total capacity, the bytes used, and the percentage that is used for the flash and NVRAM resources present in the system:
Router# show platform hardware capacity flash
Flash/NVRAM Resources
Usage: Module Device Bytes: Total Used %Used
3 dfc#3-bootflash: 15990784 0 0%
7 RP nvram: 2552192 40640 2%
7 RP const_nvram: 1048556 676 1%
7 RP bootdisk: 1024196608 99713024 10%
7 RP disk0: 1024655360 77824000 8%
This example shows how to display the capacity and utilization of the PFC and DFCs present in the system:
Router# show platform hardware capacity forwarding
L2 Forwarding Resources
MAC Table usage: Module Collisions Total Used %Used
6 0 65536 11 1%
VPN CAM usage: Total Used %Used
512 0 0%
L3 Forwarding Resources
FIB TCAM usage: Total Used %Used
72 bits (IPv4, MPLS, EoM) 196608 36 1%
144 bits (IP mcast, IPv6) 32768 7 1%
detail: Protocol Used %Used
IPv4 36 1%
MPLS 0 0%
EoM 0 0%
IPv6 4 1%
IPv4 mcast 3 1%
IPv6 mcast 0 0%
Adjacency usage: Total Used %Used
1048576 175 1%
Forwarding engine load:
Module pps peak-pps peak-time
6 8 1972 02:02:17 UTC Thu Apr 21 2005
Netflow Resources
TCAM utilization: Module Created Failed %Used
6 1 0 0%
ICAM utilization: Module Created Failed %Used
6 0 0 0%
Flowmasks: Mask# Type Features
IPv4: 0 reserved none
IPv4: 1 Intf FulNAT_INGRESS NAT_EGRESS FM_GUARDIAN
IPv4: 2 unused none
IPv4: 3 reserved none
IPv6: 0 reserved none
IPv6: 1 unused none
IPv6: 2 unused none
IPv6: 3 reserved none
CPU Rate Limiters Resources
Rate limiters: Total Used Reserved %Used
Layer 3 9 4 1 44%
Layer 2 4 2 2 50%
ACL/QoS TCAM Resources
Key: ACLent - ACL TCAM entries, ACLmsk - ACL TCAM masks, AND - ANDOR,
QoSent - QoS TCAM entries, QOSmsk - QoS TCAM masks, OR - ORAND,
Lbl-in - ingress label, Lbl-eg - egress label, LOUsrc - LOU source,
LOUdst - LOU destination, ADJ - ACL adjacency
Module ACLent ACLmsk QoSent QoSmsk Lbl-in Lbl-eg LOUsrc LOUdst AND OR ADJ
6 1% 1% 1% 1% 1% 1% 0% 0% 0% 0% 1%
Router#
This example shows how to display the interface resources:
Router# show platform hardware capacity interface
Interface drops:
Module Total drops: Tx Rx Highest drop port: Tx Rx
9 0 2 0 48
Interface buffer sizes:
Module Bytes: Tx buffer Rx buffer
1 12345 12345
5 12345 12345
Router#
This example shows how to display SPAN information:
Router# show platform hardware capacity monitor
Source sessions: 2 maximum, 0 used
Type Used
Local 0
RSPAN source 0
ERSPAN source 0
Service module 0
Destination sessions: 64 maximum, 0 used
Type Used
RSPAN destination 0
ERSPAN destination (max 24) 0
Router#
This example shows how to display the capacity and utilization of resources for Layer 3 multicast functionality:
Router# show platform hardware capacity multicast
L3 Multicast Resources
IPv4 replication mode: ingress
IPv6 replication mode: ingress
Bi-directional PIM Designated Forwarder Table usage: 4 total, 0 (0%) used
Replication capability: Module IPv4 IPv6
5 egress egress
9 ingress ingress
MET table Entries: Module Total Used %Used
5 65526 6 0%
Router#
This example shows how to display information about the system power capacities and utilizations:
Router# show platform hardware capacity power
Power Resources
Power supply redundancy mode: administratively redundant
operationally non-redundant (single power supply)
System power: 3795W, 0W (0%) inline, 865W (23%) total allocated
Powered devices: 0 total, 0 Class3, 0 Class2, 0 Class1, 0 Class0, 0 Cisco
Router#
This example shows how to display the capacity and utilization of QoS policer resources for each PFC and DFC:
Router# show platform hardware capacity qos
QoS Policer Resources
Aggregate policers: Module Total Used %Used
6 16384 16 1%
Microflow policer configurations: Module Total Used %Used
6 128 1 1%
Router#
This example shows how to display information about the key system resources:
Router# show platform hardware capacity system
System Resources
PFC operating mode: PFC3BXL
Supervisor redundancy mode: administratively rpr-plus, operationally rpr-plus
Switching Resources: Module Part number Series CEF mode
5 WS-SUP720-BASE supervisor CEF
Router#
This example shows how to display VLAN information:
Router# show platform hardware capacity vlan
VLANs: 4094 total, 10 VTP, 0 extended, 0 internal, 4084 free
Router#
Module Status Monitoring
The supervisor engine polls the installed modules with Switch Communication Protocol (SCP) messages to monitor module status.
The SCP sends a message every two seconds to each module. Module nonresponse after 3 messages (6 seconds) is classified as a failure. CPU_MONITOR system messages are sent every 30 seconds. After 25 sequential failures (150 seconds), the supervisor engine power cycles the module and sends a CPU_MONITOR TIMED_OUT system message and OIR PWRCYCLE system messages.
User Interfaces
•CLI—See Chapter 2 "Command-Line Interfaces."
•SNMP—See the SNMP Configuration Guide, Cisco IOS Release 15.1SY, at this URL:
http://www.cisco.com/en/US/docs/ios-xml/ios/snmp/configuration/15sy/snmp-15-sy-book.html
•Cisco IOS web browser interface—See the HTTP Services Configuration Guide, Cisco IOS Release 15.1SY, at this URL:
http://www.cisco.com/en/US/docs/ios-xml/ios/https/configuration/15-sy/https-15-sy-book.html
Software Features Supported in Hardware by the PFC and DFC
•Access Control Lists (ACLs) for Layer 3 ports and VLAN interfaces:
–Permit and deny actions of input and output standard and extended ACLs
Note Flows that require ACL logging are processed in software on the route processor (RP).
–Except on MPLS interfaces, reflexive ACL flows after the first packet in a session is processed in software on the RP
–Dynamic ACL flows
Note Idle timeout is processed in software on the RP.
For more information about PFC and DFC support for ACLs, see Chapter 62 "Cisco IOS ACL Support."
•Bidirectional Protocol Independent Multicast (PIM) in hardware—See "Information about IPv4 Bidirectional PIM" section.
•Multiple-path Unicast Reverse Path Forwarding (RPF) Check—To configure Unicast RPF Check, see the "Unicast Reverse Path Forwarding (uRPF) Check" section.
•Except on MPLS interfaces, Network Address Translation (NAT) for IPv4 unicast and multicast traffic.
Note the following information about hardware-assisted NAT:
–The PFC and any DFCs do not support NAT of multicast traffic. (CSCtd18777)
–The PFC and any DFCs do not support NAT configured with a route-map that specifies length.
–When you configure NAT and NDE on an interface, the RP processes all traffic in fragmented packets in software.
–To prevent a significant volume of NAT traffic from being sent to the RP, due to either a DoS attack or a misconfiguration, enter the mls rate-limit unicast acl {ingress | egress} command.
•NetFlow— See the following:
–Chapter 48 "NetFlow Data Collection"
–Chapter 49 "Configuring NetFlow Data Export (NDE)"
•Policy-based routing (PBR)—See Chapter 33 "Policy-Based Routing (PBR)."
Note The PFC and DFC do not provide hardware acceleration for tunnels configured with the tunnel key command.
•IPv4 Multicast over point-to-point generic route encapsulation (GRE) Tunnels.
•GRE Tunneling and IP in IP Tunneling—The PFC and DFC support the following tunnel commands:
–tunnel destination
–tunnel mode gre
–tunnel mode ipip
–tunnel source
–tunnel ttl
–tunnel tos
Other supported types of tunneling run in software.
The tunnel ttl command (default 255) sets the TTL of encapsulated packets.
The tunnel tos command, if present, sets the ToS byte of a packet when it is encapsulated. If the tunnel tos command is not present and QoS is not enabled, the ToS byte of a packet sets the ToS byte of the packet when it is encapsulated. If the tunnel tos command is not present and QoS is enabled, the ToS byte of a packet as modified by PFC QoS sets the ToS byte of the packet when it is encapsulated.
To configure GRE Tunneling and IP in IP Tunneling, see these publications:
http://www.cisco.com/en/US/docs/ios-xml/ios/interface/configuration/15-sy/ir-impl-tun.html
To configure the tunnel tos and tunnel ttl commands, see this publication for more information:
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_tos.html
Note the following information about tunnels:
–Each hardware-assisted tunnel must have a unique source. Hardware-assisted tunnels cannot share a source even if the destinations are different. Use secondary addresses on loopback interfaces or create multiple loopback interfaces. (CSCdy72539)
–Each tunnel interface uses one internal VLAN.
–Each tunnel interface uses one additional router MAC address entry per router MAC address.
–The PFC and DFC support PFC QoS features on tunnel interfaces.
–Tunnels configured with egress features on the tunnel interface are supported in software. Examples of egress features are output Cisco IOS ACLs, NAT (for inside to outside translation), TCP intercept, and encryption.
•VLAN ACLs (VACLs)—To configure VACLs, see Chapter 67 "VLAN ACLs (VACLs)."
Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum