- Release 15.4SY Supervisor Engine 2T Software Configuration Guide
- Preface
- Product Overview
- Command-Line Interfaces
- Smart Port Macros
- Virtual Switching Systems (VSS)
- Enhanced Fast Software Upgrade (eFSU)
- Fast Software Upgrades
- Stateful Switchover (SSO)
- Non-Stop Forwarding (NSF)
- RPR Supervisor Engine Redundancy
- Interface Configuration
- UniDirectional Link Detection (UDLD)
- Instant Access
- EnergyWise
- Power Management
- Environmental Monitoring
- Online Diagnostics
- Onboard Failure Logging (OBFL)
- Switch Fabric Functionality
- Cisco IP Phone Support
- Power over Ethernet
- Layer 2 LAN Port Configuration
- Flex Links
- EtherChannels
- IEEE 802.1ak MVRP and MRP
- VLAN Trunking Protocol (VTP)
- VLANs
- Private VLANs (PVLANs)
- Private Hosts
- IEEE 802.1Q Tunneling
- Layer 2 Protocol Tunneling
- Spanning Tree Protocols (STP, MST)
- Optional STP Features
- IP Unicast Layer 3 Switching
- Policy Based Routing (PBR)
- Layer 3 Interface Configuration
- Unidirectional Ethernet (UDE) and unidirectional link routing (UDLR)
- Multiprotocol Label Switching (MPLS)
- MPLS VPN Support
- Ethernet over MPLS (EoMPLS)
- L2VPN Advanced VPLS (A-VPLS)
- Ethernet Virtual Connections (EVC)
- Layer 2 over Multipoint GRE (L2omGRE)
- Campus Fabric
- IPv4 Multicast Layer 3 Features
- IPv4 Multicast IGMP Snooping
- IPv4 PIM Snooping
- IPv4 Multicast VLAN Registration (MVR)
- IPv4 IGMP Filtering
- IPv4 Router Guard
- IPv4 Multicast VPN Support
- IPv6 Multicast Layer 3 Features
- IPv6 MLD Snooping
- NetFlow Hardware Support
- Call Home
- System Event Archive (SEA)
- Backplane Platform Monitoring
- Local SPAN, RSPAN, and ERSPAN
- SNMP IfIndex Persistence
- Top-N Reports
- Layer 2 Traceroute Utility
- Mini Protocol Analyzer
- PFC QoS Guidelines and Restrictions
- PFC QoS Overview
- PFC QoS Classification, Marking, and Policing
- PFC QoS Policy Based Queueing
- PFC QoS Global and Interface Options
- AutoQoS
- MPLS QoS
- PFC QoS Statistics Data Export
- Cisco IOS ACL Support
- Cisco TrustSec (CTS)
- AutoSecure
- MAC Address-Based Traffic Blocking
- Port ACLs (PACLs)
- VLAN ACLs (VACLs)
- Policy-Based Forwarding (PBF)
- Denial of Service (DoS) Protection
- Control Plane Policing (CoPP)
- Dynamic Host Configuration Protocol (DHCP) Snooping
- IP Source Guard
- Dynamic ARP Inspection (DAI)
- Traffic Storm Control
- Unknown Unicast Flood Control
- IEEE 802.1X Port-Based Authentication
- Configuring Web-Based Authentication
- Port Security
- Lawful Intercept
- Information About Interface Configuration
- How to Configure a Range of Interfaces
- How to Define and Use Interface-Range Macros
- How to Configure Optional Interface Features
- Information About Online Insertion and Removal
- How to Monitor and Maintain Interfaces
- How to Check Cable Status with the TDR
Interface Configuration
- Information About Interface Configuration
- How to Configure a Range of Interfaces
- How to Define and Use Interface-Range Macros
- How to Configure Optional Interface Features
- Information About Online Insertion and Removal
- How to Monitor and Maintain Interfaces
- How to Check Cable Status with the TDR
Note ● For complete syntax and usage information for the commands used in this chapter, see these publications:
http://www.cisco.com/en/US/products/ps11846/prod_command_reference_list.html
- Cisco IOS Release 15.4SY supports only Ethernet interfaces. Cisco IOS Release 15.4SY does not support any WAN features or commands.
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum
Information About Interface Configuration
Many features in the software are enabled on a per-interface basis. When you enter the interface command, you must specify the following information:
– Fast Ethernet (use the fastethernet keyword)
– Gigabit Ethernet (use the gigabitethernet keyword)
– 10-Gigabit Ethernet (use the tengigabitethernet keyword)
- Slot number—The slot in which the module is installed. On switches supported by Cisco IOS Release 15.4SY, slots are numbered starting with 1 from top to bottom.
- Port number—The physical port number on the module. On switches supported by Cisco IOS Release 15.4SY, the port numbers always begin with 1. When facing the rear of the switch, ports are numbered from the left to the right.
You can identify ports from the physical location. You also can use show commands to display information about a specific port, or all the ports.
See this document for information about the interface command:
http://www.cisco.com/en/US/docs/ios-xml/ios/interface/command/ir-i1.html#GUID-0D6BDFCD-3FBB-4D26-A274-C1221F8592DF
How to Configure a Range of Interfaces
The interface-range configuration mode allows you to configure multiple interfaces with the same configuration parameters. After you enter the interface-range configuration mode, all command parameters you enter are attributed to all interfaces within that range until you exit out of the interface-range configuration mode. See this document for information about the interface range command:
http://www.cisco.com/en/US/docs/ios-xml/ios/interface/command/ir-i1.html#GUID-8EC4EF91-F929-45F8-95CA-E4C9A9724FFF
How to Define and Use Interface-Range Macros
You can define an interface-range macro to automatically select a range of interfaces for configuration. Before you can use the macro keyword in the interface range macro command string, you must define the macro.
To define an interface-range macro, perform this task:
|
|
---|---|
Router(config)# define interface-range macro_name { vlan vlan_ID - vlan_ID } | { type slot/port - port } [, { type slot/port - port }] |
This example shows how to define an interface-range macro named enet_list to select Gigabit Ethernet ports 1/1 through 1/4:
To show the defined interface-range macro configuration, perform this task:
|
|
---|---|
This example shows how to display the defined interface-range macro named enet_list:
To use an interface-range macro in the interface range command, perform this task:
|
|
---|---|
Selects the interface range to be configured using the values saved in a named interface-range macro. |
This example shows how to change to the interface-range configuration mode using the interface-range macro enet_list:
How to Configure Optional Interface Features
- Configuring Ethernet Interface Speed and Duplex Mode
- Configuring Jumbo Frame Support
- Configuring IEEE 802.3x Flow Control
- Configuring the Port Debounce Timer
Configuring Ethernet Interface Speed and Duplex Mode
Speed and Duplex Mode Configuration Guidelines
You usually configure Ethernet port speed and duplex mode parameters to auto and allow ports to negotiate the speed and duplex mode. If you decide to configure the port speed and duplex modes manually, consider the following information:
- You cannot set the Ethernet port speed to auto (the no speed command) if the duplex mode in not set to auto (the no duplex command).
- If you configure an Ethernet port speed to a value other than auto (for example, 10, 100, or 1000 Mbps), configure the connecting port to match. Do not configure the connecting port to negotiate the speed.
- If you manually configure the Ethernet port speed to either 10 Mbps or 100 Mbps, the switch prompts you to also configure the duplex mode on the port.
Note A LAN port cannot automatically negotiate Ethernet port speed and duplex mode if the connecting port is configured to a value other than auto.
Configuring the Ethernet Interface Speed
Note If you configure the Ethernet port speed to auto on a 10/100/1000-Mbps Ethernet port, both speed and duplex are autonegotiated. 10-Gigabit Ethernet ports do not support autonegotiation.
To configure the port speed for a 10/100/1000-Mbps Ethernet port, perform this task:
|
|
|
---|---|---|
Router(config-if)# speed { 10 | 100 | 1000 | { auto [ 10 100 [ 1000 ]]}} |
When configuring the port speed for a 10/100/1000-Mbps Ethernet port, note the following:
- Enter the auto 10 100 keywords to restrict the negotiated speed to 10-Mbps or 100-Mbps.
- The auto 10 100 1000 keywords have the same effect as the auto keyword by itself.
This example shows how to configure the speed to 100 Mbps on the Gigabit Ethernet port 1/4:
Setting the Interface Duplex Mode
Note ● 10-Gigabit Ethernet and Gigabit Ethernet are full duplex only. You cannot change the duplex mode on 10-Gigabit Ethernet or Gigabit Ethernet ports or on a 10/100/1000-Mps port configured for Gigabit Ethernet.
- If you set the port speed to auto on a 10/100/1000-Mbps Ethernet port, both speed and duplex are autonegotiated. You cannot change the duplex mode of autonegotiation ports.
To set the duplex mode of an Ethernet or Gigabit Ethernet port, perform this task:
|
|
|
---|---|---|
This example shows how to set the duplex mode to full on Gigabit Ethernet port 1/4:
Configuring Link Negotiation on Gigabit Ethernet Ports
Note Link negotiation does not negotiate port speed.
On Gigabit Ethernet ports, link negotiation exchanges flow-control parameters, remote fault information, and duplex information. Link negotiation is enabled by default.
The ports on both ends of a link must have the same setting. The link will not come up if the ports at each end of the link are set inconsistently (link negotiation enabled on one port and disabled on the other port).
Table 11-1 shows the four possible link negotiation configurations and the resulting link status for each configuration.
|
|
||
---|---|---|---|
|
|
|
|
To configure link negotiation on a port, perform this task:
|
|
|
---|---|---|
This example shows how to enable link negotiation on Gigabit Ethernet port 1/4:
Displaying the Speed and Duplex Mode Configuration
To display the speed and duplex mode configuration for a port, perform this task:
Configuring Jumbo Frame Support
Information about Jumbo Frame Support
Jumbo Frame Support Overview
A jumbo frame is a frame larger than the default Ethernet size. You enable jumbo frame support by configuring a larger-than-default maximum transmission unit (MTU) size on a port or VLAN interface and configuring the global LAN port MTU size.
Note ● Jumbo frame support fragments routed traffic in software on the route processor (RP).
Bridged and Routed Traffic Size Check at Ingress 10/100, and 100 Mbps Ethernet and 10-Gigabit Ethernet Ports
Jumbo frame support compares ingress traffic size with the global LAN port MTU size at ingress 10/100, and 100 Mbps Ethernet and 10-Gigabit Ethernet LAN ports that have a nondefault MTU size configured. The port drops traffic that is oversized. You can configure the global LAN port MTU size (see the “Configuring the Global Egress LAN Port MTU Size” section).
Bridged and Routed Traffic Size Check at Ingress Gigabit Ethernet Ports
Gigabit Ethernet LAN ports configured with a nondefault MTU size accept frames containing packets of any size larger than 64 bytes. With a nondefault MTU size configured, Gigabit Ethernet LAN ports do not check for oversize ingress frames.
Routed Traffic Size Check on the PFC
For traffic that needs to be routed, Jumbo frame support on the PFC compares traffic sizes to the configured MTU sizes and provides Layer 3 switching for jumbo traffic between interfaces configured with MTU sizes large enough to accommodate the traffic. Between interfaces that are not configured with large enough MTU sizes, if the “do not fragment bit” is not set, the PFC sends the traffic to the RP to be fragmented and routed in software. If the “do not fragment bit” is set, the PFC drops the traffic.
Bridged and Routed Traffic Size Check at Egress 10, 10/100, and 100 Mbps Ethernet Ports
10, 10/100, and 100 Mbps Ethernet LAN ports configured with a nondefault MTU size transmit frames containing packets of any size larger than 64 bytes. With a nondefault MTU size configured, 10, 10/100, and 100 Mbps Ethernet LAN ports do not check for oversize egress frames.
Bridged and Routed Traffic Size Check at Egress Gigabit Ethernet and 10-Gigabit Ethernet Ports
Jumbo frame support compares egress traffic size with the global egress LAN port MTU size at egress Gigabit Ethernet and 10-Gigabit Ethernet LAN ports that have a nondefault MTU size configured. The port drops traffic that is oversized. You can configure the global LAN port MTU size (see the “Configuring the Global Egress LAN Port MTU Size” section).
Nondefault MTU Sizes on Ethernet Ports
Configuring a nondefault MTU size on a 10, 10/100, or 100 Mbps Ethernet port limits ingress packets to the global LAN port MTU size and permits egress traffic of any size larger than 64 bytes.
Configuring a nondefault MTU size on a Gigabit Ethernet port permits ingress packets of any size larger than 64 bytes and limits egress traffic to the global LAN port MTU size.
Configuring a nondefault MTU size on a 10-Gigabit Ethernet port limits ingress and egress packets to the global LAN port MTU size.
You can configure the MTU size on any Ethernet port.
On a Layer 3 port, you can configure an MTU size on each Layer 3 Ethernet port that is different than the global LAN port MTU size.
Note Traffic through a Layer 3 Ethernet LAN port that is configured with a nondefault MTU size is also subject to the global LAN port MTU size (see the “Configuring the Global Egress LAN Port MTU Size” section).
On a Layer 2 port, you can only configure an MTU size that matches the global LAN port MTU size (see the “Configuring the Global Egress LAN Port MTU Size” section).
VLAN Interfaces
You can configure a different MTU size on each Layer 3 VLAN interface. Configuring a nondefault MTU size on a VLAN interface limits traffic to the nondefault MTU size. You can configure the MTU size on VLAN interfaces to support jumbo frames.
Configuring MTU Sizes
Configuring the MTU Size
To configure the MTU size, perform this task:
|
|
|
---|---|---|
Router(config)# interface {{ vlan vlan_ID } | {{ type slot/port } | { port-channel port_channel_number } slot/port }} |
||
When configuring the MTU size, note the following information:
Note For Cisco Catalyst C6840 Series switches the supported MTU values are from 64 to 9154 bytes.
- For Layer 2 Ethernet ports, you can configure only the global egress LAN port MTU size (see the “Configuring the Global Egress LAN Port MTU Size” section).
- MTU size on a Layer 2 interface is always set to maximum. If you reconfigure the MTU size to enable jumbo frame support, MTU size does not get updated in the MTU hardware table for L2 interface at the egress. The interface (L2) MTU size check happens only at the ingress port.
This example shows how to configure the MTU size on Gigabit Ethernet port 1/2:
This example shows how to verify the configuration:
Configuring the Global Egress LAN Port MTU Size
To configure the global egress LAN port MTU size, perform this task:
|
|
|
---|---|---|
Configures the global egress LAN port MTU size. Note Because it would change all the interface MTU sizes to the default (1500), rather than to any configured nondefault interface MTU size, do not use the system jumbomtu command to set the MTU size to 1500. (CSCtq52016) |
||
Configuring IEEE 802.3x Flow Control
Gigabit Ethernet and 10-Gigabit Ethernet ports use flow control to stop the transmission of frames to the port for a specified time; other Ethernet ports use flow control to respond to flow-control requests.
If a Gigabit Ethernet or 10-Gigabit Ethernet port receive buffer becomes full, the port can be configured to transmit an IEEE 802.3x pause frame that requests the remote port to delay sending frames for a specified time. All Ethernet ports can can be configured to respond to IEEE 802.3x pause frames from other devices.
To configure flow control on an Ethernet port, perform this task:
|
|
|
---|---|---|
Router(config-if)# flowcontrol { receive | send } { desired | off | on } |
When configuring flow control, note the following information:
- Because auto negotiation does not work on 10 Gigbit Ethernet fiber optic ports, they respond to pause frames by default. On 10 Gigbit Ethernet fiber optic ports, the flow-control operational mode is always the same as administrative mode.
- When configuring how a port responds to pause frames, note the following information:
– For a Gigabit Ethernet port, when the configuration of a remote port is unknown, you can use the receive desired keywords to configure the Gigabit Ethernet port to respond to received pause frames. (Supported only on Gigabit Ethernet ports.)
– Use the receive on keywords to configure a port to respond to received pause frames.
– Use the receive off keywords to configure a port to ignore received pause frames.
– For a Gigabit Ethernet port, when the configuration of the remote ports is unknown, you can use the send desired keywords to configure the Gigabit Ethernet port to send pause frames. (Supported only on Gigabit Ethernet ports.)
– Use the send on keywords to configure a port to send pause frames.
– Use the send off keywords to configure a port not to send pause frames.
This example shows how to turn on receive flow control and how to verify the flow-control configuration:
Configuring the Port Debounce Timer
The port debounce timer delays notification of a link change, which can decrease traffic loss due to network reconfiguration. You can configure the port debounce timer separately on each LAN port.
To configure the debounce timer on a port, perform this task:
|
|
|
---|---|---|
When configuring the debounce timer on a port, note the following information:
- The time keyword is supported only on fiber 1000 Mpbs or faster Ethernet ports.
- You can increase the port debounce timer value in increments of 100 milliseconds up to 5000 milliseconds on ports operating at 1000 Mpbs over copper media.
- The debounce timer recognizes 10-Gbps copper media and detects media-only changes.
Table 11-2 lists the time delay that occurs before notification of a link change.
Note On all 10-Gigabit Ethernet ports, the Debounce Timer Disabled value is 10 milliseconds and the Debounce Timer Enabled value is 100 milliseconds.
This example shows how to enable the port debounce timer on Gigabit Ethernet port 1/12:
This example shows how to display the port debounce timer settings:
Information About Online Insertion and Removal
The online insertion and removal (OIR) feature allows you to remove and replace modules while the system is online. You can shut down the modules before removal and restart it after insertion without causing other software or interfaces to shut down.
Note Do not remove or install more than one module at a time. After you remove or install a module, check the LEDs before continuing. For module LED descriptions, see the Catalyst 6500 Series Switch Installation Guide.
When a module has been removed or installed, the switch stops processing traffic for the module and scans the system for a configuration change. Each interface type is verified against the system configuration, and then the system runs diagnostics on the new module. There is no disruption to normal operation during module insertion or removal.
The switch can bring only an identical replacement module online. To support OIR of an identical module, the module configuration is not removed from the running-config file when you remove a module.
If the replacement module is different from the removed module, you must configure it before the switch can bring it online.
Layer 2 MAC addresses are stored in an EEPROM, which allows modules to be replaced online without requiring the system to update switching tables and data structures. Regardless of the types of modules installed, the Layer 2 MAC addresses do not change unless you replace the supervisor engine. If you do replace the supervisor engine, the Layer 2 MAC addresses of all ports change to those specified in the address allocator on the new supervisor engine.
How to Monitor and Maintain Interfaces
- Monitoring Interface Status
- Clearing Counters on an Interface
- Resetting an Interface
- Shutting Down and Restarting an Interface
Monitoring Interface Status
The software contains commands that you can enter at the EXEC prompt to display information about the interface including the version of the software and the hardware and statistics about interfaces. The following table lists some of the interface monitoring commands. (You can display the complete list of show commands by using the show ? command at the EXEC prompt.) These commands are described in the Cisco IOS Interface Command Reference publication.
To display information about the interface, perform these tasks:
Clearing Counters on an Interface
To clear the interface counters shown with the show interfaces command, perform this task:
|
|
---|---|
Router# clear counters {{ vlan vlan_ID } | { type slot/port } | { port-channel channel_ID }} |
This example shows how to clear and reset the counters on Gigabit Ethernet port 1/5:
The clear counters command clears all the current counters from the interface unless the optional arguments specify a specific interface.
Note The clear counters command clears counters displayed with the EXEC show interfaces command, not counters retrieved using SNMP.
Resetting an Interface
To reset an interface, perform this task:
|
|
---|---|
This example shows how to reset Gigabit Ethernet port 1/5:
Shutting Down and Restarting an Interface
You can shut down an interface, which disables all functions on the specified interface and shows the interface as unavailable on all monitoring command displays. This information is communicated to other network servers through all dynamic routing protocols. The interface is not included in any routing updates.
To shut down an interface and then restart it, perform this task:
|
|
|
---|---|---|
Router(config)# interface {{ vlan vlan_ID } | { type slot/port } | { port-channel channel_ID }} |
||
This example shows how to shut down Gigabit Ethernet port 1/5:
Note The link state messages (LINK-3-UPDOWN and LINEPROTO-5-UPDOWN) are disabled by default. Enter the logging event link status command on each interface where you want the messages enabled.
This example shows how to reenable Gigabit Ethernet port 1/5:
To check if an interface is disabled, enter the EXEC show interfaces command. An interface that has been shut down is shown as administratively down in the show interfaces command display.
How to Check Cable Status with the TDR
You can check the status of copper cables using the time domain reflectometer (TDR). The TDR detects a cable fault by sending a signal through the cable and reading the signal that is reflected back to it. All or part of the signal can be reflected back by any number of cable defects or by the end of the cable itself.
Use the TDR to determine if the cabling is at fault if you cannot establish a link. This test is especially important when replacing an existing switch, upgrading to Gigabit Ethernet, or installing new cables.
Note ● TDR can test cables up to a maximum length of 115 meters.
- TDR results are not meaningful for a link that is operating successfully.
- The port must be up before running the TDR test. If the port is down, you cannot enter the test cable-diagnostics tdr command successfully, and the following message is displayed:
To start or stop the TDR test, perform this task:
|
|
---|---|
test cable-diagnostics tdr interface { interface interface_number } |
This example shows how to run the TDR-cable diagnostics:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum