Software Guide
Page 28
... to configure Network Time Protocol (NTP). Configuring NTP Describes how to install and configure redundant supervisor engines and MSFCs in the Catalyst 6000 family switches. Configuring MLS Describes how to configure NetFlow Data Export (NDE). Configuring NDE Describes how to configure Multilayer Switching (MLS). Configuring Access Control Describes how to create, download, and upload switch configuration files. Working with Configuration Files Describes how to configure access control lists (ACLs). Catalyst 6000 Family Software Configuration Guide-Releases...
... to configure Network Time Protocol (NTP). Configuring NTP Describes how to install and configure redundant supervisor engines and MSFCs in the Catalyst 6000 family switches. Configuring MLS Describes how to configure NetFlow Data Export (NDE). Configuring NDE Describes how to configure Multilayer Switching (MLS). Configuring Access Control Describes how to create, download, and upload switch configuration files. Working with Configuration Files Describes how to configure access control lists (ACLs). Catalyst 6000 Family Software Configuration Guide-Releases...
Software Guide
Page 29
... Chapter 38 Title Configuring Port Security Configuring SNMP Configuring RMON Configuring SPAN and RSPAN Chapter 39 Using Switch TopN Reports Chapter 40 Configuring Multicast Services Chapter 41 Configuring QoS Chapter 42 Configuring ASLB Chapter 43 Configuring the Switch Fabric Modules Chapter 44 Configuring a VoIP Network Description Describes how to http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 29 Related Documentation The following publications...
... Chapter 38 Title Configuring Port Security Configuring SNMP Configuring RMON Configuring SPAN and RSPAN Chapter 39 Using Switch TopN Reports Chapter 40 Configuring Multicast Services Chapter 41 Configuring QoS Chapter 42 Configuring ASLB Chapter 43 Configuring the Switch Fabric Modules Chapter 44 Configuring a VoIP Network Description Describes how to http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 29 Related Documentation The following publications...
Software Guide
Page 33
...://www.cisco.com/en/US/support/index.html If you have Internet access, we recommend that you open P3 and P4 cases through the Cisco TAC website so that you can describe the situation in your product serial number. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 33 To obtain a directory of business operations. These classifications are a Cisco.com registered user...
...://www.cisco.com/en/US/support/index.html If you have Internet access, we recommend that you open P3 and P4 cases through the Cisco TAC website so that you can describe the situation in your product serial number. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 33 To obtain a directory of business operations. These classifications are a Cisco.com registered user...
Software Guide
Page 55
... Console Port To remove default gateway entries, perform one of the attached host. Console> (enable) set interface sl0 slip_addr dest_addr Verify the SLIP interface configuration. Caution You must use the console port for the console port. If you are connected to restore the console port connection. When the SLIP connection is enabled and SLIP is attached on the console port, perform this task: Step 1 Step 2 Step 3 Step 4 Step 5 Task Command Access the switch from a remote host with Telnet. Use Telnet to access the switch...
... Console Port To remove default gateway entries, perform one of the attached host. Console> (enable) set interface sl0 slip_addr dest_addr Verify the SLIP interface configuration. Caution You must use the console port for the console port. If you are connected to restore the console port connection. When the SLIP connection is enabled and SLIP is attached on the console port, perform this task: Step 1 Step 2 Step 3 Step 4 Step 5 Task Command Access the switch from a remote host with Telnet. Use Telnet to access the switch...
Software Guide
Page 57
... to DNS server table as the show interface interface IP address, subnet mask, and broadcast address are set to '', offset from DHCP Server 172.20.25.254 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 3-9 set correctly. For DHCP, confirm that there is necessary only if using the manual or automatic allocation methods.) Set the sc0 interface IP address to obtain an IP address for the switch, perform this...
... to DNS server table as the show interface interface IP address, subnet mask, and broadcast address are set to '', offset from DHCP Server 172.20.25.254 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 3-9 set correctly. For DHCP, confirm that there is necessary only if using the manual or automatic allocation methods.) Set the sc0 interface IP address to obtain an IP address for the switch, perform this...
Software Guide
Page 90
Example VLAN Trunk Configurations Chapter 5 Configuring Ethernet VLAN Trunks Step 4 Step 5 Switch_1> (enable) show trunk 1 Port Mode Encapsulation 1/1 desirable isl 1/2 desirable isl Status -----------trunking trunking Native vlan ----------1 1 Port -------- 1/1 1/2 Vlans allowed on Switch 2 to negotiate to become trunk links (assuming that the trunk links are in management domain 1,10,20,30,40,50,60 1,10,20,30,40,50,60 5-18 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 Vlan-count Max-vlan-storage Config Revision Notifications...
Example VLAN Trunk Configurations Chapter 5 Configuring Ethernet VLAN Trunks Step 4 Step 5 Switch_1> (enable) show trunk 1 Port Mode Encapsulation 1/1 desirable isl 1/2 desirable isl Status -----------trunking trunking Native vlan ----------1 1 Port -------- 1/1 1/2 Vlans allowed on Switch 2 to negotiate to become trunk links (assuming that the trunk links are in management domain 1,10,20,30,40,50,60 1,10,20,30,40,50,60 5-18 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 Vlan-count Max-vlan-storage Config Revision Notifications...
Software Guide
Page 171
... VTP works: • Understanding the VTP Domain, page 10-2 • Understanding VTP Modes, page 10-2 • Understanding VTP Advertisements, page 10-2 • Understanding VTP Version 2, page 10-3 • Understanding VTP Pruning, page 10-3 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 10-1 You can use VTP to manage VLANs 1 to 1005 in your network. (Note that can make configuration changes...
... VTP works: • Understanding the VTP Domain, page 10-2 • Understanding VTP Modes, page 10-2 • Understanding VTP Advertisements, page 10-2 • Understanding VTP Version 2, page 10-3 • Understanding VTP Pruning, page 10-3 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 10-1 You can use VTP to manage VLANs 1 to 1005 in your network. (Note that can make configuration changes...
Software Guide
Page 197
VLAN membership becomes static. - Set the nontrunk ports or the MSFC ports as isolated to prevent any interserver communication at Layer 2. • Designate the ports to which the default gateway(s), backup server, or LocalDirector are set VTP to transparent mode. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 11-15 For example, you can connect a nontrunk promiscuous port to the "server port" of a LocalDirector to remap a number of isolated or community...
VLAN membership becomes static. - Set the nontrunk ports or the MSFC ports as isolated to prevent any interserver communication at Layer 2. • Designate the ports to which the default gateway(s), backup server, or LocalDirector are set VTP to transparent mode. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 11-15 For example, you can connect a nontrunk promiscuous port to the "server port" of a LocalDirector to remap a number of isolated or community...
Software Guide
Page 412
... checking. The lockout time is enabled. When you can disable local authentication only after enabling one or more other authentication methods fail. 21-2 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 If the user fails to authorize the password, the system delays accesses and captures the user ID and the IP address of three (the default) to the switch: • Login authentication • Local authentication • RADIUS...
... checking. The lockout time is enabled. When you can disable local authentication only after enabling one or more other authentication methods fail. 21-2 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 If the user fails to authorize the password, the system delays accesses and captures the user ID and the IP address of three (the default) to the switch: • Login authentication • Local authentication • RADIUS...
Software Guide
Page 413
... you disable all traffic between a network device and a centralized database to determine the identity of the three services. You can configure a TACACS+ key on the client and server. Chapter 21 Configuring Switch Access Using AAA Understanding How Authentication Works Understanding How TACACS+ Authentication Works TACACS+ controls access to network devices by exchanging Network Access Server (NAS) information between the TACACS+ server and the TACACS+ daemon on a network device. TACACS+ is disabled by default...
... you disable all traffic between a network device and a centralized database to determine the identity of the three services. You can configure a TACACS+ key on the client and server. Chapter 21 Configuring Switch Access Using AAA Understanding How Authentication Works Understanding How TACACS+ Authentication Works TACACS+ controls access to network devices by exchanging Network Access Server (NAS) information between the TACACS+ server and the TACACS+ daemon on a network device. TACACS+ is disabled by default...
Software Guide
Page 414
... RADIUS Authentication Works RADIUS is a client-server authentication and authorization access protocol used by default. The RADIUS clients and servers use Kerberos, passwords are not sent on the client and server. These tickets have a limited life span and can configure the following RADIUS parameters on the RADIUS servers. If the standard user password method is used in clear text. The NAS functions as the one configured on the switch: • Enable or disable RADIUS authentication to control login access...
... RADIUS Authentication Works RADIUS is a client-server authentication and authorization access protocol used by default. The RADIUS clients and servers use Kerberos, passwords are not sent on the client and server. These tickets have a limited life span and can configure the following RADIUS parameters on the RADIUS servers. If the standard user password method is used in clear text. The NAS functions as the one configured on the switch: • Enable or disable RADIUS authentication to control login access...
Software Guide
Page 425
... if the RADIUS or TACACS+ server is configured and operating correctly before disabling local login or enable authentication. You must reset the password after installing software release 5.4 to set the login password on a switch with no password configured), enter your new password, and reenter your new password. Chapter 21 Configuring Switch Access Using AAA Configuring Authentication To set the login password for local authentication, perform this task in privileged mode: Task Command Set the login password for privileged mode. set password This example shows how...
... if the RADIUS or TACACS+ server is configured and operating correctly before disabling local login or enable authentication. You must reset the password after installing software release 5.4 to set the login password on a switch with no password configured), enter your new password, and reenter your new password. Chapter 21 Configuring Switch Access Using AAA Configuring Authentication To set the login password for local authentication, perform this task in privileged mode: Task Command Set the login password for privileged mode. set password This example shows how...
Software Guide
Page 446
... 21 Configuring Switch Access Using AAA This example shows how to delete an SRVTAB entry: kerberos> (enable) clear kerberos srvtab entry host/niners.cisco.com@CISCO.COM 0 kerberos> (enable) Enabling Credentials Forwarding A user authenticated to a Kerberized switch has a TGT and can authenticate only to other services on the network using the default method of security, you do not make Kerberos authentication mandatory and Kerberos authentication fails, the application attempts to authenticate users using Kerberized Telnet. Command set...
... 21 Configuring Switch Access Using AAA This example shows how to delete an SRVTAB entry: kerberos> (enable) clear kerberos srvtab entry host/niners.cisco.com@CISCO.COM 0 kerberos> (enable) Enabling Credentials Forwarding A user authenticated to a Kerberized switch has a TGT and can authenticate only to other services on the network using the default method of security, you do not make Kerberos authentication mandatory and Kerberos authentication fails, the application attempts to authenticate users using Kerberized Telnet. Command set...
Software Guide
Page 650
...the system default part, which maps community strings of previous versions of SNMP to interfacesMibView: Console> (enable) set snmp view interfacesMibView 1.3.6.1.2.1.2 included Snmp view name was set snmp access [-hex] {groupname} {security-model v3} {noauthentication | authentication | privacy} [read -write-all} [community_string] Configure the community table for mappings between different community strings and security models with full permissions. Configuring SNMPv3 Chapter 36 Configuring SNMP Configuring SNMPv3 from the CLI To configure SNMPv3 from the command-line interface (CLI...
...the system default part, which maps community strings of previous versions of SNMP to interfacesMibView: Console> (enable) set snmp view interfacesMibView 1.3.6.1.2.1.2 included Snmp view name was set snmp access [-hex] {groupname} {security-model v3} {noauthentication | authentication | privacy} [read -write-all} [community_string] Configure the community table for mappings between different community strings and security models with full permissions. Configuring SNMPv3 Chapter 36 Configuring SNMP Configuring SNMPv3 from the CLI To configure SNMPv3 from the command-line interface (CLI...
Software Guide
Page 666
... the destination port across multiple switches. • For RSPAN, trunking is required if you can apply an output access control list (ACL) to RSPAN traffic to selectively filter specific flows. Configuring RSPAN Chapter 38 Configuring SPAN and RSPAN Figure 38-2 RSPAN Configuration Switch D D1 Layer 2 trunk C3 Switch C C1 C2 Layer 2 trunk D2 Probe Layer 2 trunk Destination switch (data center) Intermediate switch (distribution) A3 Switch A A1 A2 B4 B1 B2 B3 Switch B Source switch(es) (access) 27389 RSPAN Configuration Guidelines Follow...
... the destination port across multiple switches. • For RSPAN, trunking is required if you can apply an output access control list (ACL) to RSPAN traffic to selectively filter specific flows. Configuring RSPAN Chapter 38 Configuring SPAN and RSPAN Figure 38-2 RSPAN Configuration Switch D D1 Layer 2 trunk C3 Switch C C1 C2 Layer 2 trunk D2 Probe Layer 2 trunk Destination switch (data center) Intermediate switch (distribution) A3 Switch A A1 A2 B4 B1 B2 B3 Switch B Source switch(es) (access) 27389 RSPAN Configuration Guidelines Follow...
Software Guide
Page 681
... Family Software Configuration Guide-Releases 6.3 and 6.4 40-1 40 C H A P T E R Configuring Multicast Services This chapter describes how to the Catalyst 6000 Family Command Reference publication. Note For complete syntax and usage information for the commands used in this chapter, refer to configure Internet Group Management Protocol (IGMP) snooping, GARP Multicast Registration Protocol (GMRP), and Router-Port Group Management Protocol (RGMP) on the Catalyst 6000 family switches: • Multicasting and Multicast Services Overview, page 40-2 • Understanding How IGMP Snooping Works...
... Family Software Configuration Guide-Releases 6.3 and 6.4 40-1 40 C H A P T E R Configuring Multicast Services This chapter describes how to the Catalyst 6000 Family Command Reference publication. Note For complete syntax and usage information for the commands used in this chapter, refer to configure Internet Group Management Protocol (IGMP) snooping, GARP Multicast Registration Protocol (GMRP), and Router-Port Group Management Protocol (RGMP) on the Catalyst 6000 family switches: • Multicasting and Multicast Services Overview, page 40-2 • Understanding How IGMP Snooping Works...
Software Guide
Page 686
... service (QoS) does not support IGMP traffic when IGMP snooping is enabled on their content. Note Quality of the non-RFP flow packets to examine IGMP packets and make forwarding decisions based on the switch by default. To enable installation of directly connected subnets, perform this task: Task Command Enable downloading of the non-RPF packets in the hardware FIB allow both (*,G) flows to remain completely hardware-switched flows, and new, directly connected sources to be dropped in hardware. Router(config...
... service (QoS) does not support IGMP traffic when IGMP snooping is enabled on their content. Note Quality of the non-RFP flow packets to examine IGMP packets and make forwarding decisions based on the switch by default. To enable installation of directly connected subnets, perform this task: Task Command Enable downloading of the non-RPF packets in the hardware FIB allow both (*,G) flows to remain completely hardware-switched flows, and new, directly connected sources to be dropped in hardware. Router(config...
Software Guide
Page 701
... IGMP disabled VLAN ---1 1 1 1 Dest MAC/Route Des 01-00-11-22-33-44* 01-11-22-33-44-55* 01-22-33-44-55-66* 01-33-44-55-66-77* Destination Ports or VCs / [Protocol Type 2/6-12 2/6-12 2/6-12 2/6-12 Total Number of Entries = 4 Console> (enable) Clearing Multicast Router Ports To clear manually configured multicast router ports, perform one or more multicast MAC addresses to CAM table. Command clear multicast router mod/port clear multicast router all manually configured multicast router ports. Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide...
... IGMP disabled VLAN ---1 1 1 1 Dest MAC/Route Des 01-00-11-22-33-44* 01-11-22-33-44-55* 01-22-33-44-55-66* 01-33-44-55-66-77* Destination Ports or VCs / [Protocol Type 2/6-12 2/6-12 2/6-12 2/6-12 Total Number of Entries = 4 Console> (enable) Clearing Multicast Router Ports To clear manually configured multicast router ports, perform one or more multicast MAC addresses to CAM table. Command clear multicast router mod/port clear multicast router all manually configured multicast router ports. Console> (enable) 78-13315-02 Catalyst 6000 Family Software Configuration Guide...
Software Guide
Page 808
... Monitoring the Switch Fabric Module Chapter 43 Configuring the Switch Fabric Modules When you install two Switch Fabric Modules at the same time in slot 8 becomes active. If you can reset the module using the reset module command, disable and enable the module using the set module enable | disable command, and power it down using the set module powerdown module command. 43-2 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 The Switch Fabric Module does not get involved when traffic is forwarded between nonfabric-enabled modules. • Compact mode...
... Monitoring the Switch Fabric Module Chapter 43 Configuring the Switch Fabric Modules When you install two Switch Fabric Modules at the same time in slot 8 becomes active. If you can reset the module using the reset module command, disable and enable the module using the set module enable | disable command, and power it down using the set module powerdown module command. 43-2 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 The Switch Fabric Module does not get involved when traffic is forwarded between nonfabric-enabled modules. • Compact mode...
Software Guide
Page 825
... WS-X6608-T1/E12 WS-X6624-FXS3 X4 X X X X X 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 44-9 Voice-Related CLI Commands Table 44-3 lists the CLI commands described in order to communicate information such as auxiliary VLAN ID, per-port power management details, and quality of service (QoS) configuration information. The switch port configured for connecting a phone would have separate VLANs configured for VoIP operation: • Voice-Related CLI Commands, page 44-9 • Configuring Per-Port Power Management...
... WS-X6608-T1/E12 WS-X6624-FXS3 X4 X X X X X 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 44-9 Voice-Related CLI Commands Table 44-3 lists the CLI commands described in order to communicate information such as auxiliary VLAN ID, per-port power management details, and quality of service (QoS) configuration information. The switch port configured for connecting a phone would have separate VLANs configured for VoIP operation: • Voice-Related CLI Commands, page 44-9 • Configuring Per-Port Power Management...