Cisco Catalyst 4000 Installation And Configuration Note Download | Manualshive

Page: 29 / 80

background image

29

Installation and Configuration Note for the Catalyst 4000 Layer 3 Services Module

78-10164-03

Accessing the Layer 3 Services Module for the First Time

Connecting a Terminal

To connect a terminal to the console port using the cable and adapters provided with the
Catalyst 4000 family switch, ensure that the console port mode switch is in the “in”

position (factory

default position). Connect to the port using the RJ-45-to-RJ-45 cable and RJ-45-to-DB-25 DTE adapter
or RJ-45-to-DB-9 DTE adapter (labeled “Terminal”).

Check the documentation that came with your terminal to determine the baud rate. The baud rate of the
terminal must match the default baud rate (9600 baud) of the console port.

Set up the terminal using the following specifications:

•

9600 baud

•

8 data bits

•

No parity

•

1 stop bit

•

No flow control

Connecting a Modem

To connect a modem to the console port, ensure that the console port mode switch is in the “in” position
(factory default position). Connect the modem to the port using the RJ-45-to-RJ-45 cable and the
RJ-45-to-DB-25 DCE adapter (labeled “Modem”).

Configuring the Management Port

You can download an image to the Catalyst 4000 Layer 3 Services module through the 10/100
management interface by assigning it an IP address.

To configure an IP address on the management port and configure it for Telnet access, perform this
procedure:

Purpose

Command

Step 1

Router #

enable

Enter enable mode.

The # prompt indicates enable mode.

Step 2

Router #

configure terminal

Enter global configuration mode. You can also abbreviate
the command to

config terminal

. The Router(config)#

prompt indicates that you are in global configuration mode.

Step 3

Router (config)#

enable

password

password

Set the enable password.

Step 4

Router (config) #

enable

secret

password

Enter an enable secret password. A user must enter the
enable secret password to gain access to global
configuration mode.

Step 5

Router (config-if) #

interface

type

number

Enter interface configuration mode on the Ethernet
interface.

Step 6

Router (config-if) #

ip address

ip-address subnetmask

Enter the IP address and IP subnet mask for the interface
specified in Step 5.

Step 7

Router (config-if) #

no shutdown

Enable the interface.

«
...
27
28
29
30
31
...
»

Summary of Contents for Catalyst 4000

Page 1: ...lete switch hardware configuration and maintenance procedures refer to the Catalyst 4003 and 4006 Switch Installation Guide These documents are available on the Documentation CD ROM or in print Contents This publication contains these sections Software Requirements page 2 Features page 2 Configuring IOS Features page 5 Functional Description page 6 Front Panel Description page 7 Specifications pag...

Page 2: ... The 32 10 100 Ethernet interfaces on the module provide full Layer 2 feature support and are configurable from the Catalyst 4000 family switch supervisor engine Refer to the Software Configuration Guide Catalyst 4000 Family 2980G and 2948G Switches Software Release 6 1 for information on feature support on the Catalyst 4000 family switches For configuration information for the standard IOS featur...

Page 3: ...00 IPX host entries Up to 12 000 IP multicast groups RADIUS4 server support Supported Routing Protocols AppleTalk RIP5 and RIP II IGRP6 EIGRP7 Local Proxy ARP8 BGP9 OSPF10 IPX RIP11 and EIGRP PIM12 sparse and dense mode Secondary addressing Static routes Gigabit EtherChannel Features Bundling of up to two Gigabit Ethernet ports Load sharing for bridge traffic based on MAC address Load sharing base...

Page 4: ...Protocol 6 IGRP Interior Gateway Routing Protocol 7 EIGRP Enhanced Interior Gateway Protocol 8 ARP Address Resolution Protocol 9 BGP Border Gateway Protocol 10 OSPF Open Shortest Path First Protocol 11 IPX Internet Packet Exchange 12 PIM Protocol Independent Multicast 13 GEC Gigabit EtherChannel 14 QoS Quality of Service 15 SDM Switching Database Manager 16 BOOTP Bootstrap Protocol 17 CDP Cisco Di...

Page 5: ...tures Feature Sources URL HSRP Network Protocols Configuration Guide Part 1 http www cisco com univercd cc td doc product software ios120 12cgcr np1_c 1cprt2 1cip htm xtocid1322018 Using HSRP for Fault Tolerant IP Routing Internetworking Case Studies http www cisco com univercd cc td doc cisintw k ics cs009 htm Network Protocols Command Reference Part 1 http www cisco com univercd cc td doc produc...

Page 6: ...co com univercd cc td doc product software ios120 12cgcr np2_c index htm Network Protocols Command Reference Part 2 http www cisco com univercd cc td doc product software ios120 12cgcr np2_r index htm IP multicast multilayer switching and multicast access lists Network Protocols Configuration Guide Part 1 http www cisco com univercd cc td doc product software ios120 12cgcr np1_c index htm Network ...

Page 7: ...hanneled the internal Gigabit Ethernet channel supports trunking using the IEEE 802 1Q protocol You also can configure each Gigabit Ethernet interface link independently as a separate VLAN trunk or nontrunked routed interface Caution ISL is supported on the external Layer 3 Gigabit Ethernet ports only The internal Layer 3 Gigabit Ethernet ports on the Catalyst 4000 Layer 3 Services module do not s...

Page 8: ...Orange System boot self test diagnostics running or the module is disabled LINK This LED displays the 10 100 management port status Green A signal is detected Off No signal is detected Port Number G1 and G21 1 Each port has an LED labeled with the port number associated with it This is the link LED that indicates port status These LEDs display individual Gigabit Ethernet port status Green A 1000 m...

Page 9: ...erating temperature 40 to 167 F 40 to 75 C Humidity 10 to 90 noncondensing Maximum station to station cabling distance 10BASE T Ethernet Categories 3 5 UTP1 and 100 ohm FTP2 1 UTP unshielded twisted pair 2 FTP foil twisted pair 328 ft 100 m half or full duplex Console Categories 3 5 UTP and 100 ohm FTP 328 ft 100 m 10 100BASE TX Ethernet Category 5 UTP and 100 ohm FTP 328 ft 100 m half or full dup...

Page 10: ... Specification Description Compliance CE Marking Safety UL1 1950 CSA2 C22 2 No 950 EN3 60950 IEC4 950 TS5 001 AS NZS6 3260 1 UL Underwriters Laboratories 2 CSA Canadian Standards Association 3 EN Europäische Norm 4 IEC International Electrotechnical Commission 5 TS Technical Standard 6 AS NZS Australian New Zealand Standard EMI7 7 EMI electromagnetic interference CFR 47 Part 15 class A FCC 8 ICES ...

Page 11: ...ble 7 lists the recommended maximum station to station cabling distances for the supported types of GBICs Note The minimum cabling distance for GBICs is 6 5 feet 2 meters Table 7 GBIC Station to Station Cabling Distances GBIC Wavelength nm Fiber Type Core Size microns Modal Bandwidth MHz km Maximum Cable Distance SX 850 MMF1 1 MMF multimode fiber 62 5 160 722 ft 220 m 62 5 200 902 ft 275 m 50 0 40...

Page 12: ... with IEEE standards The IEEE found that link distances could not be met with certain types of fiber optic cable cores The solution is to launch light from the laser at a precise offset from the center by using the mode conditioning patch cord At the output of the patch cord the LX LH GBIC is compliant with the IEEE 802 3z standard for 1000BASE LX You must insert a 10 dB inline optical attenuator ...

Page 13: ...aaraa Olet tilanteessa joka voi johtaa ruumiinvammaan Ennen kuin työskentelet minkään laitteiston parissa ota selvää sähkökytkentöihin liittyvistä vaaroista ja tavanomaisista onnettomuuksien ehkäisykeinoista Tässä julkaisussa esiintyvien varoitusten käännökset löydät laitteen mukana olevasta Regulatory Compliance and Safety Information kirjasesta määräysten noudattaminen ja tietoa turvallisuudesta...

Page 14: ...lhar com qualquer equipamento familiarize se com os perigos relacionados com circuitos eléctricos e com quaisquer práticas comuns que possam prevenir possíveis acidentes Para ver as traduções dos avisos que constam desta publicação consulte o documento Regulatory Compliance and Safety Information Informação de Segurança e Disposições Reguladoras que acompanha este dispositivo Warning Advertencia E...

Page 15: ... Tämä varoitusmerkki merkitsee vaaraa Olet tilanteessa joka voi johtaa ruumiinvammaan Ennen kuin työskentelet minkään laitteiston parissa ota selvää sähkökytkentöihin liittyvistä vaaroista ja tavanomaisista onnettomuuksien ehkäisykeinoista Tässä julkaisussa esiintyvien varoitusten käännökset löydät tämän asiakirjan Translated Safety Warnings käännetyt turvallisuutta koskevat varoitukset Attention ...

Page 16: ...ns que possam prevenir possíveis acidentes Para ver as traduções dos avisos que constam desta publicação consulte a secção Translated Safety Warnings Traduções dos Avisos de Segurança neste documento Advertencia Este símbolo de aviso significa peligro Existe riesgo para su integridad física Antes de manipular cualquier equipo considerar los riesgos que entraña la corriente eléctrica y familiarizar...

Page 17: ...e è necessario acquisire prima di iniziare qualsiasi intervento sul sistema Advarsel Før du installerer tar i bruk eller utfører vedlikehold på systemet må du lese Veiledning for stedsklargjøring og sikkerhet Denne håndboken inneholder viktig informasjon om sikkerhet som du bør være kjent med før du begynner å arbeide med systemet Aviso Antes de instalar funcionar com ou prestar assistência ao sis...

Page 18: ...ght disrupt other equipment and they direct the flow of cooling air through the chassis Do not operate the system unless all cards and faceplates are in place Waarschuwing Lege vlakplaten vulpanelen vervullen drie belangrijke functies ze voorkomen blootstelling aan gevaarlijke voltages en elektrische stroom binnenin het chassis ze beperken elektromagnetische storing hetgeen andere apparaten kan st...

Page 19: ...på plass Aviso As placas em bruto painéis de enchimento desempenham três funções importantes evitam a exposição a voltagens e correntes perigosas no interior do chassi protegem de interferências electromagnéticas IEM passíveis de afectar outro equipamento e orientam o fluxo do ar de refrigeração através do chassi Não pôr o sistema a funcionar sem que todos os cartões e placas estejam no devido lug...

Page 20: ...être émis par l ouverture du port quand aucun câble n est connecté ne pas regarder dans les ouvertures béantes afin d éviter tout risque d exposition au rayonnement laser Warnung Aus der Öffnung des Ports kann unsichtbare Laserstrahlung austreten wenn kein Kabel angeschlossen ist Kontakt mit Laserstrahlung vermeiden und nicht in offene Öffnungen blicken Avvertenza Poiché quando nessun cavo è colle...

Page 21: ...ake room for the Layer 3 services module To remove a module from a Catalyst 4003 or Catalyst 4006 switch perform these steps Step 1 Disconnect any network interface cables attached to the ports on the module you intend to remove Step 2 Using the Phillips screwdriver loosen the two captive installation screws see Figure 3 Figure 3 Ejector Levers and Captive Installation Screws Step 3 Attach an ESD ...

Page 22: ...zardous voltages and currents inside the chassis they contain electromagnetic interference EMI that might disrupt other equipment and they direct the flow of cooling air through the chassis Do not operate the system unless all cards and faceplates are in place You have now completed the removal of a module from a Catalyst 4003 or Catalyst 4006 switch Installing the Layer 3 Services Module All Cata...

Page 23: ...the switch chassis and slide the module halfway into the chassis Figure 5 Catalyst 4003 Installing the Module in the Chassis Step 4 Pivot the two module ejector levers out and away from the faceplate The ejector levers are shown pivoted out in Figure 5 Step 5 Carefully slide the module the rest of the way into the slot until the notches on both ejector levers engage the chassis sides Step 6 Using ...

Page 24: ...ugged in always keep plugs in the GBIC optical bores The most common source of contaminants in the optical bores is debris picked up on the ferrules of the optical connectors Use an alcohol swab or Kim Wipe to clean the ferrules of the optical connector Installing GBICs GBICs are hot swappable in the Catalyst 4000 Layer 3 Services module GBICs have a lifetime of 100 to 500 removals and insertions ...

Page 25: ...tted from the aperture of the port when no cable is connected avoid exposure to laser radiation and do not stare into open apertures Step 5 When you are ready to attach the fiber optic cable remove the optical bore plug from the GBIC Save the plug for future use Note If you are connecting the 1000BASE LX LH WS G5486 GBICs to an MMF network you must install a mode conditioning patch cord You have n...

Page 26: ...connector into the receptacle on the module Push in the connector until you hear a click the click indicates that the connector is fully inserted and secured in the receptacle Attaching the 10 100 MGT Port Cable The 10 100BASE T port RJ 45 supports remote console interfaces This port is for network management only This port is not a switching port There is no connectivity between this port and the...

Page 27: ...igured at the factory to automatically load a Cisco IOS image router operating system software the first time you insert the module into a Catalyst 4000 family switch The module software configuration register which determines where the Catalyst 4000 Layer 3 Services module loads the image from is set at the factory to load the IOS image from bootflash configuration register setting 0x2102 Table 9...

Page 28: ...ction with an RJ 45 connector For complete console port cabling specifications and pinouts refer to the Catalyst 4003 and 4006 Switch Installation Guide The console port mode switch allows you to connect a terminal to the Catalyst 4000 Layer 3 Services module using the console cable provided with a Catalyst 4000 family switch You can also connect a modem to the console port using the cable and ada...

Page 29: ...ng the RJ 45 to RJ 45 cable and the RJ 45 to DB 25 DCE adapter labeled Modem Configuring the Management Port You can download an image to the Catalyst 4000 Layer 3 Services module through the 10 100 management interface by assigning it an IP address To configure an IP address on the management port and configure it for Telnet access perform this procedure Purpose Command Step 1 Router enable Enter...

Page 30: ... used for network management through the Cisco Stack MIB If you are using CiscoView to manage your Catalyst 4000 switch you can also manage the Catalyst 4000 Layer 3 Services module with this software If the 10 100 management interface is up and an IP address has been configured the Layer 3 Services module selects the IP address assigned to the 10 100 management port If the management port is down...

Page 31: ...m Xmodem and Ymodem downloads are slow You can speed up the transfer by setting the console port speed to 57600 bps Perform Xmodem file transfers from the ROM monitor with the following command xmodem cys c CRC 16 y ymodem batch protocol s speed Set speed of download where speed may be 1200 2400 4800 9600 19200 38400 57600 The computer from which you transfer the supervisor engine software image m...

Page 32: ...to transfer to the Catalyst 4000 Layer 3 Services module Select the Ymodem transfer protocol Step 9 When the transfer is completed a message appears requesting that you reset the link speed to 9600 Do not type y at this point even though it is requested by the message on the screen Step 10 From the HyperTerminal menu select File Properties Configure and change the COM1 speed from 57600 to 9600 Clo...

Page 33: ...sole This section provides information on how to configure both the external and internal Gigabit Ethernet ports You must configure and add Layer 2 ports to your VLANs before the Catalyst 4000 Layer 3 Services module can route traffic from the Layer 2 ports on the Catalyst 4000 family switch Understanding Key Features This section describes the key features supported in Layer 3 switching software ...

Page 34: ...r and packet loss in congested networks The QoS identifier provides specific treatment to traffic in different classes so that each class receives different QoS The class to which the packets belong determines packet scheduling and discarding policies For example the overall service given to packets in the premium class will be better than that given to the standard class the premium class is expe...

Page 35: ... which it can receive Simple Network Management Protocol SNMP messages Cisco Express Forwarding Layer 3 switching software features CEF CEF is advanced Layer 3 IP switching technology CEF optimizes network performance and scalability for networks with large and dynamic traffic patterns such as the Internet on networks characterized by intensive Web based applications or interactive sessions Althou...

Page 36: ...cted router reloads or loses power Devices that are running HSRP detect a failure by sending and receiving multicast User Datagram Protocol UDP hello packets When HSRP detects that the designated active router has failed the selected backup router assumes control of the HSRP group s MAC and IP addresses You can also select a new standby router at that time The chosen MAC address and IP addresses a...

Page 37: ...e LAN VLANs logically segment the network into different broadcast domains so that packets are switched only between ports within the VLAN Typically a VLAN corresponds to a particular subnet although not necessarily For information about InterVLAN routing see the Configuring the Module for InterVLAN Routing section on page 44 IEEE 802 1Q VLAN Encapsulation 802 1Q VLAN encapsulation uses a one leve...

Page 38: ...her or not the packet matches the criteria in your list Packets that do not match any criteria in your list are automatically blocked by the implicit deny all traffic criteria statement at the end of every access list The specific instructions for creating ACLs and applying them to interfaces vary from protocol to protocol Configuration of Layer 3 switching ACLs is identical to the configuration m...

Page 39: ...on and network service access information RADIUS is a fully open protocol distributed in source code format that can be modified to work with any security system currently available on the market Cisco supports RADIUS under its AAA security paradigm RADIUS can be used with other AAA security protocols such as TACACS Kerberos or local username lookup RADIUS is supported on all Cisco platforms Refer...

Page 40: ...ns Configuration Options You have the option to configure the Catalyst 4000 Layer 3 Services module ports as trunks as EtherChannels or as independent links This section provides an overview of these three configuration options For detailed configuration information see the Configuring the Module for InterVLAN Routing section on page 44 Option 1 Interfaces as Trunks Recommended Option You can add ...

Page 41: ...the two Catalyst 4000 Layer 3 Services module Gigabit Ethernet interfaces into one logical port channel interface you create a shared connection for traffic from the Layer 2 ports to the Layer 3 ports You can configure Layer 3 VLAN gateways by creating multiple subinterfaces on the same logical interface Creating subinterfaces on one logical interface is less complicated than manually distributing...

Page 42: ...it Ethernet interface you must use VLAN trunking You can use the 802 1Q VLAN trunking method to create the trunk between the Catalyst 4000 Layer 3 Services module interface and the switch Configuring the Layer 3 Services Module Gigabit Ethernet Interfaces Note You cannot configure the internal Gigabit Ethernet interfaces as administratively down To configure a Catalyst 4000 Layer 3 Services module...

Page 43: ...rs 0 CRC 0 frame 0 overrun 0 ignored 0 abort 0 watchdog 927 multicast 0 input packets with dribble condition detected 943 packets output 319527 bytes 0 underruns 0 0 0 0 output errors 0 collisions 0 interface resets 0 babbles 0 late collision 0 deferred 0 lost carrier 0 no carrier 0 output buffer failures 0 output buffers swapped out Configuring an IP Address on a Gigabit Ethernet Interface To con...

Page 44: ...s sec 945 packets input 320796 bytes 0 no buffer Received 0 broadcasts 0 runts 0 giants 0 throttles 0 input errors 0 CRC 0 frame 0 overrun 0 ignored 0 abort 0 watchdog 927 multicast 0 input packets with dribble condition detected 943 packets output 319527 bytes 0 underruns 0 0 0 0 output errors 0 collisions 0 interface resets 0 babbles 0 late collision 0 deferred 0 lost carrier 0 no carrier 0 outp...

Page 45: ...ed VLAN 1 modified VLAN Mod Ports 100 2 1 2 3 1 12 Console enable set vlan 200 3 13 24 VLAN 200 modified VLAN 1 modified VLAN Mod Ports 200 2 1 2 3 13 24 Console enable Configuration Overview Note The Catalyst 4000 Layer 3 Services module supports VLAN numbering from 1 to 1000 Each internal and external Gigabit Ethernet interface can be configured with a maximum of 250 subinterfaces each represent...

Page 46: ...802 1Q Layer 2 VLAN Trunks page 51 Configuring EtherChannel page 53 Note Both port speed and port duplex mode features default to auto autonegotiation To customize the two features you must set the port speed to 10 or 100 before you set the port duplex mode to half or full duplex You cannot have one feature set to auto and the other feature set to a fixed value Overview of the Layer 2 Interfaces T...

Page 47: ...h as a VTP client perform these tasks in privileged mode This example shows you how to configure the switch as a VTP client and verify the configuration Console enable set vtp domain Lab_Network VTP domain Lab_Network modified Console enable set vtp mode client VTP domain Lab_Network modified Console enable show vtp domain Domain Name Domain Index VTP Version Local Mode Password Lab_Network 1 2 cl...

Page 48: ... enabled Last Updater V2 Mode Pruning PruneEligible on Vlans 172 20 52 70 disabled disabled 2 1000 Console enable Setting the Layer 2 Port Speed You can configure the port speed on 10 100 Ethernet ports Use the auto keyword to have the port autonegotiate speed and duplex mode with the neighboring port Caution Make sure the device on the other end of the link is also configured for autonegotiation ...

Page 49: ...abling autonegotiation on 10 100 Fast Ethernet ports see the section Setting the Layer 2 Port Speed To set the duplex mode of a port perform these tasks in privileged mode This example shows you how to set the duplex mode to half duplex on port 2 4 Console enable set port duplex 2 4 half Port 2 4 set to half duplex Console enable Configuring VLANs After you have configured VTP and specified the La...

Page 50: ...n a management domain remains unused until you assign one or more switch ports to the VLAN If you specify a VLAN that does not exist the VLAN is created and the specified ports are assigned to it To assign one or more switch ports to a VLAN perform this task in privileged mode This example shows you how to assign switch ports to a VLAN and verify the assignment Console enable set vlan 4 2 1 VLAN 4...

Page 51: ... Jul 26 2000 19 44 05 Console enable Configuring 802 1Q Layer 2 VLAN Trunks A trunk is a point to point link between one device such as a router or a switch and another device Trunks carry the traffic of multiple VLANs over a single link and allow you to extend VLANs across an entire network IEEE 802 1Q is an industry standard trunking encapsulation that is available on all Ethernet ports You can ...

Page 52: ...VLANs on a Trunk on Ethernet Ports When you configure a trunk port all VLANs are added to the allowed VLANs list for that trunk However you can remove VLANs from the allowed list to prevent traffic for those VLANs from passing over the trunk You cannot remove VLAN 1 the default VLAN from the allowed list Note When you first configure a port as a trunk entering the set trunk command always adds all...

Page 53: ... the switch In addition on the Catalyst 4000 family switches you can configure an EtherChannel using ports from multiple modules All ports in an EtherChannel must be the same speed Using the Catalyst 4000 Layer 3 Services module you can configure a Gigabit EtherChannel with 2 internal or 2 external Gigabit Ethernet ports To configure a Gigabit EtherChannel connection on the internal ports you must...

Page 54: ...rnal Gigabit Ethernet interfaces from the supervisor engine console enter the session command to access the Catalyst 4000 Layer 3 Services module prompt and configure the internal and external Layer 3 ports on the Catalyst 4000 Layer 3 Services module for interVLAN routing These sections describe how to configure the Gigabit Ethernet interfaces on the Catalyst 4000 Layer 3 Services module Task Com...

Page 55: ...ep 1 Use the set trunk mod_num port_num command to enable trunking and specify the encapsulation type on the interface from the supervisor engine prompt Cat4000 enable set vlan 5 2 1 Vlan 5 modified Cat4000 enable set trunk 2 1 dot1Q 1 5 Port s 2 1 trunk mode set to nonegotiate Port s 2 1 trunk type set to dot1Q Cat4000 enable set vlan 6 2 2 Vlan 6 modified Cat4000 enable set trunk 2 2 dot1Q 6 10 ...

Page 56: ...uter config subif encapsulation dot1Q 5 router config subif ip address ip_address subnet_mask router config subif exit router config interface gigabitethernet4 6 router config subif encapsulation dot1Q 6 native router config subif ip address ip_address subnet_mask router config subif exit router config interface gigabitethernet4 7 router config subif encapsulation dot1Q 7 router config subif ip ad...

Page 57: ...channel in this case 2 1 and 2 2 belong to the same VLAN Cat4000 enable set port channel 2 1 2 mode on Ports 2 1 2 channel mode set to on Cat4000 enable Note The trunk mode in Steps 2 and 3 below must match auto desirable on or off Step 2 Assign the port channel default VLAN to be the same as the 802 1Q native VLAN specified in Step 10 Cat4000 enable set vlan 1 2 1 2 VLAN Mod Ports 1 2 1 4 2 6 48 ...

Page 58: ...itional subinterfaces on the port channel Note Be sure you assign the same native VLAN ID in Step 10 as you assigned in Step 2 Step 10 Configure a subinterface for the native VLAN by specifying the native keyword with the encapsulation command router config interface port channel channel_number vlan_id router config subif encapsulation dot1Q vlan_id native router config subif ip address ip_address...

Page 59: ... VLAN goes down and when the first external port on the VLAN is brought up When the last external port on a VLAN goes down all Catalyst 4000 Layer 3 Services module interfaces or subinterfaces on that VLAN are shut down by the autostate feature unless sc0 is on the VLAN or there is another module in the chassis If the other module in the chassis has an interface or subinterface in the VLAN then th...

Page 60: ...o restrict network use by certain users or devices They are created for each protocol and are applied on the interface for either inbound or outbound traffic They can be configured for all routed network protocols IP or IPX to filter packets for the protocol as they pass through a router Only one ACL filter can be applied per direction per protocol per sub interface When you create ACLs define cri...

Page 61: ...ot find a match before reaching the end With standard ACLs if you omit the mask from an associated IP host address ACL specification 0 0 0 0 is assumed to be the mask After creating an ACL you must apply it to an interface as described in the Applying the ACL to an Interface section on page 64 Named IP ACLs You can identify IP ACLs with an alphanumeric string but it must contain at least one alpha...

Page 62: ...mbered extended IP ACL using a number and defining access conditions perform the following task in global configuration mode To create a numbered extended IP ACL using abbreviations for all sources perform the following task in global configuration mode Task Command Define a standard IP ACL using a source address and wildcard Router config access list access list number deny permit source source w...

Page 63: ...n for a source and source wildcard of source 0 0 0 0 and an abbreviation for a destination and destination wildcard of destination 0 0 0 0 Router config access list access list number deny permit protocol host source host destination Task Command Step 1 Define a standard IP ACL using an alphabetic name Router config ip access list standard name Step 2 In access list configuration mode specify one ...

Page 64: ... succeeds the packet is permitted into the router and the switch router will make a decision to forward the packet to a particular interface If the comparison fails the packet will be dropped Task Command Step 1 Define an extended IP ACL using an alphabetic name Router config ip access list extended name Step 2 In access list configuration mode specify the conditions that are to be allowed or deni...

Page 65: ...u are limited to 100 ACLs per filter type If you use alphanumeric names to identify your ACLs you can have an unlimited number of ACLs Named IPX ACLs allow you to maintain security by using a separate and easily identifiable ACL for each user or interface Also named IPX ACLs restrict traffic based on the source network number You can further restrict traffic by specifying a destination address and...

Page 66: ...mes To create a named standard IPX ACL perform the following tasks in global configuration mode Applying the IPX ACL to an Interface IPX ACLs determine which data packets to receive from or send to an interface based on the packet s source and destination addresses IPX protocol type and source and destination socket numbers To create an IPX ACL create a standard or an extended access list as descr...

Page 67: ...ACL from TCAM group for interface Please see the documentation to see if TCAM space can be increased on this platform to alleviate the problem Note The TCAM error message is displayed in real time It is not logged when the specific ACL is applied to an interface Configuring Layer 3 QoS This section describes the QoS features supported on Gigabit Ethernet interfaces of your Layer 3 Services module ...

Page 68: ...first two most significant bits of the ToS field determine the delay priority The Gigabit Ethernet interfaces on the Catalyst 4000 Layer 3 Services module recognize four queue classes Q 0 to Q 3 which are described in Table 11 The Catalyst 4000 Layer 3 Services module can read the precedence field and switch the packet accordingly but it cannot reclassify traffic The edge router or switch is expec...

Page 69: ...15 and B is 100 the formula would be 4 15 x 100 26 Mbps and the effective bandwidth for the specified queue in this example is 26 Mbps Configuring Precedence to WRR Scheduling This section describes the Cisco IOS commands necessary to configure QoS mapping at the system and interface levels The commands described in this section are unique to Catalyst 4000 Layer 3 Services module software The Cata...

Page 70: ...th Gigabit Ethernet and Fast Ethernet interfaces To set the precedence back to the system level default setting for the Catalyst 4000 Layer 3 Services module use the no version of the qos mapping precedence wrr weight command The destination interface parameter is optional When the destination interface parameter is not specified system level QoS mapping is configured If interface specific QoS map...

Page 71: ...itioning features cannot be enabled on any of the interfaces when IPX routing is enabled IPX routing cannot be enabled when any of the per port traffic conditioning features are enabled on any of the interfaces Transitioning between IPX routing and per port traffic conditioning involves dynamic downloading of new binaries to the network processor We recommend that you perform this dynamic download...

Page 72: ...s to the whole output traffic and does not differentiate between various kinds of traffic Note You cannot configure both per port output side rate limiting and shaping on an interface at the same time To configure per port traffic shaping at the interface level perform the following tasks beginning in interface configuration mode The per port QoS traffic shaping commands are applicable to the Giga...

Page 73: ...l be unable to use IPX routing Note You cannot configure both per port output side rate limiting and shaping on an interface at the same time To configure per port traffic rating at the interface level perform the following tasks beginning in interface configuration mode The per port output rate limiting commands are applicable to both Gigabit Ethernet and Fast Ethernet interfaces To disable per p...

Page 74: ...ket header information to issue exact match or longest match address searches in the switching information stored in TCAM TCAM identifies the location index of the Layer 2 or Layer 3 address and conveys it to the forwarding engine The forwarding engine uses this location index to derive information associated with each Layer 2 and Layer 3 address SDM Regions SDM partitions TCAM space into multiple...

Page 75: ... The combined size of all the application regions should be calculated in terms of 32 bit TCAM entries and should not exceed 32K which is the total TCAM size Note Although the size of the whole protocol region is configured by default you can reconfigure it The reconfigured size of the protocol region is effective only after the next system reboot To configure the SDM size for each protocol region...

Page 76: ...n as a 1280 128 bit entry Router configure terminal Router config sdm size ipx network k entries 1 Router config sdm access list 1280 Router config end After you reload the Catalyst 4000 Layer 3 Services module the show sdm size command will display the SDM size Router show sdm size Switching Database Region Sizes IPX Direct Network 256 32 bit entries IP Adjacency 2048 32 bit entries IPX Node 1024...

Page 77: ... For a list of longest match and exact match regions see Table 14 In the longest match regions SDM groups entries into buckets based on their mask lengths The size of each bucket in the protocol region depends on the number of same mask length entries SDM has learned With autolearn enabled SDM automatically saves the mask length distribution bucket size distribution SDM uses this information to se...

Page 78: ...om users can order documentation through a local account representative by calling Cisco corporate headquarters California USA at 408 526 7208 or elsewhere in North America by calling 800 553 NETS 6387 Documentation Feedback If you are reading Cisco product documentation on Cisco com you can submit technical comments electronically Click Leave Feedback at the bottom of the Cisco Documentation home...

Page 79: ...ccording to the urgency of the issue Priority level 4 P4 You need information or assistance concerning Cisco product capabilities product installation or basic product configuration Priority level 3 P3 Your network performance is degraded Network functionality is noticeably impaired but most business operations continue Priority level 2 P2 Your production network is severely degraded affecting sig...

Page 80: ...nfiguration Guide and the Command Reference publications for your switch AccessPath AtmDirector Browse with Me CCIP CCSI CD PAC CiscoLink the Cisco Powered Network logo Cisco Systems Networking Academy the Cisco Systems Networking Academy logo Cisco Unity Fast Step Follow Me Browsing FormShare FrameShare IGX Internet Quotient IP VC iQ Breakthrough iQ Expertise iQ FastTrack the iQ Logo iQ Net Readi...

Reviews:

No comments

Related manuals for Catalyst 4000

Brand: Haier Pages: 49

Brand: Eaton Pages: 44

Brand: QUO Pages: 5

Brand: NEC Pages: 61

Brand: T-Mobile Pages: 211

Brand: HIKVISION Pages: 2

Brand: OEM Pages: 25

Brand: PCD Pages: 62

Arcata 28 CIP-D Seires

Brand: Teltronics Pages: 2

Brand: Polycom Pages: 9

Brand: Sonim Pages: 89

Brand: Sony Ericsson Pages: 64

Brand: switel Pages: 4

SCH U520 - Cell Phone - ALLTEL Wireless

Brand: Samsung Pages: 196

SCH U540 - Cell Phone - Verizon Wireless

Brand: Samsung Pages: 157

Brand: Xiaomi Pages: 1

Brand: Zte Pages: 79

IP Pathfinder S

Brand: Fujitsu Pages: 28

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands