Cisco Catalyst 4900 Series Switches Configuration Guide

Americas Headquarters

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

USA

http://www.cisco.com

Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

Catalyst 4500 Series Switch Cisco IOS

Software Configuration Guide

Release 12.2(37)SG

Customer Order Number: DOC-OL12524=

Text Part Number: OL-12524-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL

STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT

WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT

SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE

OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH

ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT

LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF

DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,

WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO

OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

CCVP, the Cisco Logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of

Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo,

Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step,

Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study,

LightStream, Linksys, MeetingPlace, MGX, Networking Academy, Network Registrar, Packet, PIX, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StackWise,

The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other

countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship

between Cisco and any other company. (0704R)

Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide

3

Software Configuration Guide—Release 12.2(37)SG

OL-12524-01

CONTENTS

Preface 29

Audience 29

Organization 29

Related Documents 1

Overview of IP Unnumbered Support 2

IP Unnumbered Interface Support with DHCP Server and Relay Agent 2

DHCP Option 82 2

IP Unnumbered with Connected Host Polling 3

Configuring IP Unnumbered Interface Support with DHCP Server 4

Contents

11

Software Configuration Guide—Release 12.2(37)SG

OL-12524-01

Configuring IP Unnumbered Interface Support on LAN and VLAN Interfaces 4

Configuring IP Unnumbered Interface Support on a Range of Ethernet VLANs 5

Configuring IP Unnumbered Interface Support

with Connected Host Polling 6

Displaying IP Unnumbered Interface Settings 7

Troubleshooting IP Unnumbered 8

CHAPTER

15 Configuring Layer 2 Ethernet Interfaces 1

Overview of Layer 2 Ethernet Switching 1

Understanding Layer 2 Ethernet Switching 1

Understanding VLAN Trunks 3

Layer 2 Interface Modes 4

Default Layer 2 Ethernet Interface Configuration 4

Layer 2 Interface Configuration Guidelines and Restrictions 5

Configuring Ethernet Interfaces for Layer 2 Switching 5

Configuring an Ethernet Interface as a Layer 2 Trunk 6

Configuring an Interface as a Layer 2 Access Port 8

Clearing Layer 2 Configuration 9

CHAPTER

16 Configuring SmartPort Macros 1

Understanding SmartPort Macros 1

Configuring Smart-Port Macros 2

Passing Parameters Through the Macro 2

Default SmartPort Macro Configuration 3

SmartPort Macro Configuration Guidelines 6

Creating Smartports Macros 7

Applying Smartports Macros 8

Displaying SmartPort Macros 13

CHAPTER

17 Configuring STP and MST 1

Overview of STP 1

Understanding the Bridge ID 2

Bridge Protocol Data Units 3

Election of the Root Bridge 4

STP Timers 4

Creating the STP Topology 4

STP Port States 5

MAC Address Allocation 5

Contents

12

Software Configuration Guide—Release 12.2(37)SG

OL-12524-01

STP and IEEE 802.1Q Trunks 6

Per-VLAN Rapid Spanning Tree 6

Default STP Configuration 6

Configuring STP 7

Enabling STP 7

Enabling the Extended System ID 8

Configuring the Root Bridge 9

Configuring a Secondary Root Switch 12

Configuring STP Port Priority 13

Configuring STP Port Cost 15

Configuring the Bridge Priority of a VLAN 16

Configuring the Hello Time 17

Configuring the Maximum Aging Time for a VLAN 18

Configuring the Forward-Delay Time for a VLAN 18

Disabling Spanning Tree Protocol 19

Enabling Per-VLAN Rapid Spanning Tree 20

Overview of MST 21

IEEE 802.1s MST 22

IEEE 802.1w RSTP 23

MST-to-SST Interoperability 24

Common Spanning Tree 25

MST Instances 26

MST Configuration Parameters 26

MST Regions 26

Message Age and Hop Count 28

MST-to-PVST+ Interoperability 28

MST Configuration Restrictions and Guidelines 29

Configuring MST 29

Enabling MST 29

Configuring MST Instance Parameters 32

Configuring MST Instance Port Parameters 33

Restarting Protocol Migration 33

Displaying MST Configurations 34

CHAPTER

18 Configuring Optional STP Features 1

Overview of Root Guard 2

Enabling Root Guard 2

Overview of Loop Guard 3

Enabling Loop Guard 4

Contents

13

Software Configuration Guide—Release 12.2(37)SG

OL-12524-01

Overview of PortFast 5

Enabling PortFast 6

Overview of BPDU Guard 7

Enabling BPDU Guard 7

Overview of PortFast BPDU Filtering 8

Enabling PortFast BPDU Filtering 8

Overview of UplinkFast 10

Enabling UplinkFast 11

Overview of BackboneFast 12

Enabling BackboneFast 15

CHAPTER

19 Configuring EtherChannel 1

EtherChannel Overview 1

Port-Channel Interfaces 2

How EtherChannels Are Configured 2

Load Balancing 4

EtherChannel Configuration Guidelines and Restrictions 5

Configuring EtherChannel 6

Configuring Layer 3 EtherChannels 6

Configuring Layer 2 EtherChannels 9

Configuring the LACP System Priority and System ID 11

Configuring EtherChannel Load Balancing 12

Removing an Interface from an EtherChannel 13

Removing an EtherChannel 14

CHAPTER

20 Configuring IGMP Snooping and Filtering 1

Overview of IGMP Snooping 1

Immediate-Leave Processing 3

IGMP Configurable-Leave Timer 3

Explicit Host Tracking 4

Configuring IGMP Snooping 4

Default IGMP Snooping Configuration 4

Enabling IGMP Snooping Globally 5

Enabling IGMP Snooping on a VLAN 6

Configuring Learning Methods 6

Configuring a Static Connection to a Multicast Router 7

Enabling IGMP Immediate-Leave Processing 8

Configuring the IGMP Leave Timer 8

Contents

14

Software Configuration Guide—Release 12.2(37)SG

OL-12524-01

Configuring Explicit Host Tracking 10

Configuring a Host Statically 10

Suppressing Multicast Flooding 10

Displaying IGMP Snooping Information 13

Displaying Querier Information 13

Displaying IGMP Host Membership Information 14

Displaying Group Information 15

Displaying Multicast Router Interfaces 16

Displaying MAC Address Multicast Entries 16

Displaying IGMP Snooping Information on a VLAN Interface 17

Configuring IGMP Filtering 17

Default IGMP Filtering Configuration 18

Configuring IGMP Profiles 18

Applying IGMP Profiles 19

Setting the Maximum Number of IGMP Groups 20

Displaying IGMP Filtering Configuration 21

CHAPTER

21 Configuring 802.1Q and Layer 2 Protocol Tunneling 1

Understanding 802.1Q Tunneling 1

Configuring 802.1Q Tunneling 4

802.1Q Tunneling Configuration Guidelines 4

802.1Q Tunneling and Other Features 5

Configuring an 802.1Q Tunneling Port 6

Understanding Layer 2 Protocol Tunneling 7

Configuring Layer 2 Protocol Tunneling 9

Default Layer 2 Protocol Tunneling Configuration 9

Layer 2 Protocol Tunneling Configuration Guidelines 10

Configuring Layer 2 Tunneling 11

Monitoring and Maintaining Tunneling Status 12

CHAPTER

22 Configuring CDP 1

Overview of CDP 1

Configuring CDP 2

Enabling CDP Globally 2

Displaying the CDP Global Configuration 2

Enabling CDP on an Interface 3

Displaying the CDP Interface Configuration 3

Monitoring and Maintaining CDP 3

Contents

15

Software Configuration Guide—Release 12.2(37)SG

OL-12524-01

CHAPTER

23 Configuring UDLD 1

Overview of UDLD 1

Default UDLD Configuration 2

Configuring UDLD on the Switch 2

Enabling UDLD Globally 3

Enabling UDLD on Individual Interfaces 3

Disabling UDLD on Non-Fiber-Optic Interfaces 3

Disabling UDLD on Fiber-Optic Interfaces 4

Resetting Disabled Interfaces 4

CHAPTER

24 Configuring Unidirectional Ethernet 1

Overview of Unidirectional Ethernet 1

Configuring Unidirectional Ethernet 1

CHAPTER

25 Configuring Layer 3 Interfaces 1

Overview of Layer 3 Interfaces 1

Logical Layer 3 VLAN Interfaces 2

Physical Layer 3 Interfaces 2

Configuration Guidelines 3

Configuring Logical Layer 3 VLAN Interfaces 3

Configuring VLANs as Layer 3 Interfaces 4

Understanding SVI Autostate Exclude 5

Configuring SVI Autostate Exclude 5

Configuring Physical Layer 3 Interfaces 6

Configuring EIGRP Stub Routing 8

Overview 8

How to Configure EIGRP Stub Routing 9

Monitoring and Maintaining EIGRP 13

EIGRP Configuration Examples 14

CHAPTER

26 Configuring Cisco Express Forwarding 1

Overview of CEF 1

Benefits of CEF 1

Forwarding Information Base 2

Adjacency Tables 2

Catalyst 4500 Series Switch Implementation of CEF 3

Hardware and Software Switching 4

Load Balancing 6

Contents

16

Software Configuration Guide—Release 12.2(37)SG

OL-12524-01

Software Interfaces 6

CEF Configuration Restrictions 6

Configuring CEF 6

Enabling CEF 6

Configuring Load Balancing for CEF 7

Monitoring and Maintaining CEF 8

Displaying IP Statistics 8

CHAPTER

27 Configuring IP Multicast 1

Overview of IP Multicast 1

IP Multicast Protocols 2

IP Multicast on the Catalyst 4500 Series Switch 4

Unsupported Features 12

Configuring IP Multicast Routing 12

Default Configuration in IP MUlticast Routing 13

Enabling IP Multicast Routing 13

Enabling PIM on an Interface 13

Monitoring and Maintaining IP Multicast Routing 15

Displaying System and Network Statistics 15

Displaying the Multicast Routing Table 16

Displaying IP MFIB 18

Displaying IP MFIB Fast Drop 19

Displaying PIM Statistics 20

Clearing Tables and Databases 20

Configuration Examples 21

PIM Dense Mode Example 21

PIM Sparse Mode Example 21

BSR Configuration Example 21

CHAPTER

28 Configuring Policy-Based Routing 1

Overview of Policy-Based Routing 1

Understanding PBR 2

Understanding PBR Flow Switching 2

Using Policy-Based Routing 2

Policy-Based Routing Configuration Task List 3

Enabling PBR 3

Enabling Local PBR 5

Unsupported Commands 5

Contents

17

Software Configuration Guide—Release 12.2(37)SG

OL-12524-01

Policy-Based Routing Configuration Examples 5

Equal Access Example 5

Differing Next Hops Example 6

Deny ACE Example 6

CHAPTER

29 Configuring VRF-lite 1

Understanding VRF-lite 2

Default VRF-lite Configuration 3

VRF-lite Configuration Guidelines 4

Configuring VRFs 5

Configuring a VPN Routing Session 5

Configuring BGP PE to CE Routing Sessions 6

VRF-lite Configuration Example 7

Configuring Switch S8 8

Configuring Switch S20 9

Configuring Switch S11 10

Configuring the PE Switch S3 10

Displaying VRF-lite Status 11

CHAPTER

30 Configuring Quality of Service 1

Overview of QoS 1

Prioritization 2

QoS Terminology 3

Basic QoS Model 5

Classification 6

Policing and Marking 10

Mapping Tables 14

Queueing and Scheduling 14

Packet Modification 16

Per Port Per VLAN QoS 16

QoS and Software Processed Packets 16

Configuring Auto-QoS 17

Generated Auto-QoS Configuration 17

Effects of Auto-QoS on the Configuration 19

Configuration Guidelines 19

Enabling Auto-QoS for VoIP 19

Displaying Auto-QoS Information 20

Auto-QoS Configuration Example 21

Contents

18

Software Configuration Guide—Release 12.2(37)SG

OL-12524-01

Configuring QoS 23

Default QoS Configuration 23

Configuration Guidelines 25

Enabling QoS Globally 25

Configuring a Trusted Boundary to Ensure Port Security 26

Enabling Dynamic Buffer Limiting 27

Creating Named Aggregate Policers 30

Configuring a QoS Policy 32

Configuring CoS Mutation 41

Configuring User Based Rate Limiting 42

Enabling Per-Port Per-VLAN QoS 48

Enabling or Disabling QoS on an Interface 51

Configuring VLAN-Based QoS on Layer 2 Interfaces 52

Configuring the Trust State of Interfaces 53

Configuring the CoS Value for an Interface 53

Configuring DSCP Values for an Interface 54

Configuring Transmit Queues 55

Configuring DSCP Maps 58

CHAPTER

31 Configuring Voice Interfaces 1

Overview of Voice Interfaces 1

Cisco IP Phone Voice Traffic 2

Cisco IP Phone Data Traffic 2

Configuring a Port to Connect to a Cisco 7960 IP Phone 2

Configuring Voice Ports for Voice and Data Traffic 3

Overriding the CoS Priority of Incoming Frames 4

Configuring Power 5

CHAPTER

32 Configuring 802.1X Port-Based Authentication 1

Understanding 802.1X Port-Based Authentication 1

Device Roles 2

802.1X and Network Access Control 3

Authentication Initiation and Message Exchange 3

Ports in Authorized and Unauthorized States 4

802.1X Host Mode 6

Using 802.1X with VLAN Assignment 7

Using 802.1X for Guest VLANs 8

Using 802.1X with MAC Authentication Bypass 9

Using 802.1X with Inaccessible Authentication Bypass 12

Contents

19

Software Configuration Guide—Release 12.2(37)SG

OL-12524-01

Using 802.1X with Unidirectional Controlled Port 12

Using 802.1X with Authentication Failed VLAN Assignment 13

Using 802.1X with Port Security 15

Using 802.1X with RADIUS-Provided Session Timeouts 16

Using 802.1X with RADIUS Accounting 16

Using 802.1X with Voice VLAN Ports 19

Using Multiple Domain Authentication 19

Supported Topologies 21

Configuring 802.1X 21

Default 802.1X Configuration 22

802.1X Configuration Guidelines 23

Enabling 802.1X Authentication 23

Configuring Switch-to-RADIUS-Server Communication 26

Configuring Multiple Domain Authentication 28

Configuring RADIUS-Provided Session Timeouts 31

Enabling 802.1X RADIUS Accounting 32

Configuring 802.1X with Guest VLANs 32

Configuring 802.1X with MAC Authentication Bypass 35

Configuring 802.1X with Inaccessible Authentication Bypass 36

Configuring 802.1X with Unidirectional Controlled Port 38

Configuring 802.1X with Authentication Failed VLAN Assignment 39

Configuring 802.1X with Voice VLAN 41

Enabling Periodic Reauthentication 42

Enabling Multiple Hosts 43

Changing the Quiet Period 44

Changing the Switch-to-Client Retransmission Time 44

Setting the Switch-to-Client Frame-Retransmission Number 45

Manually Reauthenticating a Client Connected to a Port 47

Initializing the 802.1X Authentication State 47

Removing 802.1X Client Information 47

Resetting the 802.1X Configuration to the Default Values 47

Displaying 802.1X Statistics and Status 48

CHAPTER

33 Configuring Port Security 1

Command List 1

Overview of Port Security 3

Secure MAC Addresses 3

Maximum Number of Secure MAC Addresses 4

Aging Secure MAC Addresses 5

Contents

20

Software Configuration Guide—Release 12.2(37)SG

OL-12524-01

Sticky Addresses on a Port 5

Violation Actions 6

Invalid Packet Handling 6

Port Security on Access Ports 6

Configuring Port Security on Access Ports 7

Examples 10

Port Security on a Private VLAN Port 13

Configuring Port Security on an Isolated Private VLAN Host Port 14

Example of Port Security on an Isolated Private VLAN Host Port 15

Configuring Port Security on a Private VLAN Promiscous Port 15

Example of Port Security on a Private VLAN Promiscous Port 16

Port Security on Trunk Ports 16

Configuring Trunk Port Security 16

Examples of Trunk Port Security 18

Trunk Port Security Guidelines and Restrictions 20

Port Security on Voice Ports 21

Configuring Port Security on Voice Ports 22

Examples of Voice Port Security 24

Voice Port Security Guidelines and Restrictions 26

Displaying Port Security Settings 26

Examples 27

Configuring Port Security with Other Features/Environments 29

DHCP and IP Source Guard 30

802.1X Authentication 30

Configuring Port Security in a Wireless Environment 31

Configuring Port Security over Layer 2 EtherChannel 31

Port Security Guidelines and Restrictions 31

CHAPTER

34 Configuring Control Plane Policing 1

Understanding How Control Plane Policing Works 1

Caveats for Control Plane Policing 3

CoPP Default Configuration 3

Configuring CoPP 3

Configure CoPP for Control Plan Traffic 4

Configure CoPP for Data Plane and Management Plan Traffic 5

CoPP Configuration Guidelines and Restrictions 7

Monitoring CoPP 7

Page is loading ...

Cisco Catalyst 4900 Series Switches Configuration Guide

Cisco Catalyst 4900 Series Switches Configuration Guide

Related papers

Other documents